Can i Trust a IP for SSL VPN ( we keep haing to unlock user)

Emerald
Emerald Posts: 36  Freshman Member
First Comment Fifth Anniversary
Afternoon

We have 30 users in 1 x office all SSL VPN into a USG 310.
We have to regularly keep connecting to the router and perform "unlock lockout-users x.x.x.x"
The WAN IP of this office is static and never changes

Can we do something so this IP address is never locked out on a bad password?

Or maybe can we extent the lockout attenpts to a higher value?

All Replies

  • lalaland
    lalaland Posts: 91  Ally Member
    First Answer First Comment Friend Collector Sixth Anniversary
    edited February 2022
    There is no IP white list for this.
    But you can change lockout maximum retry by CLI Router(config)# users retry-count xx
    BTW,  assume branch office most users need to access HQ site resource, I strongly  recommend install firewall on 2nd office to establish site to site VPN. With site to site VPN, users in branch no need to connect to HQ site individually.

Security Highlight