Repeatedly used wrong user name leads to lockout - how to release the IP?
Master Member
We have arranged different SSLVPN users which are connecting via SecuExtender. All works fine.
Yesterday we've created a new SSLVPN user account. But our new colleague has repeatedly typed a wrong user name (e.g. "USER10" instead "USER_10") again and again.
After trying the predefined number of login attempts the USG110 locked the IP address (we guess) because the wrong user doesn't exist and cannot be locked.
After searching for unlocking opportunities within the GUI we learnt that this is possible via CLI command only. OK, no problem. Now we've tried the CLI command
unlock lockout-users <IP>
But without success. We are thinking, because a wrong unregistered user name has been used, the regular SSLVPN user account cannot be locked, but the IP address only.
That's why we don't know whether the command "unlock lockout-users" is the right one for that case.
Is there another CLI command in place to release a locked IP address?
Finally the locked IP address has been released by USG on its own after 10 minutes. But also this lock time span is defined for "user account login attempts" but not for IP addresses and wrong user accounts.
Has anybody an idea how to release a locked IP immediately?
0
Accepted Solution
-
Hi @USG_User,You can use the command to unlock the IP address. Then you can use the correct username to login again.Router(config)# unlock lockout-users <IP address>In the example, use the user "test" to login but "test" doesn't exist in the local database. Enter the command to unlock the user from the IP address.
See how you've made an impact in Zyxel Community this year!
https://bit.ly/Your2024Moments_Community0
Zyxel Employee
All Replies
-
Hi @USG_User,You can use the command to unlock the IP address. Then you can use the correct username to login again.Router(config)# unlock lockout-users <IP address>In the example, use the user "test" to login but "test" doesn't exist in the local database. Enter the command to unlock the user from the IP address.
See how you've made an impact in Zyxel Community this year!
https://bit.ly/Your2024Moments_Community0 -
Thanks Emily,We've exactly tried it, but the remote user was still not able to login.But since there is no other alternative command available, we will give it a re-try next time.0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 151 Nebula Ideas
- 98 Nebula Status and Incidents
- 5.7K Security
- 277 USG FLEX H Series
- 277 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.4K Consumer Product
- 250 Service & License
- 395 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 75 Security Highlight
