5.2.2 Restrict administrator account

Use these settings to limit access to the Management and Security Server administrator account.

IP range

Enter a range of IP addresses -- either IPv4 or IPv6 -- for devices that are allowed to log in as administrator. IP addresses outside this range will be rejected even if the correct password is entered.

Note: If the designated machines have multiple IP addresses, enter all of the possible IP addresses that the client might send.

You can use an asterisk (*) as a wild card in any part of the IP address. Use a single * (the default) to allow anyone with the password to log in as administrator. To restrict access, you must include * or a number in each section of the address.

Use a hyphen (-) to indicate an inclusive range of addresses and a comma (,) to list individual addresses. Examples:

Table 5-1

This entry...

allows access from...

*

all IP addresses

123.*.*.*

all IP addresses that begin with 123

123.123.4.5 - 123.123.4.7

only 123.123.4.5, 123.123.4.6, and 123.123.4.7

123.*.*.*, 246.246.0.1

all IP addresses that begin with 123 and from 246.246.0.1

123.123.4.5

only the given IP address

Maximum allowed attempts before lockout

After a user has attempted to log into the administrator account the specified number of times without providing the correct password, the user is locked out. This feature helps to guard against brute force attacks.

A zero (0) here or in the following field disables the lockout feature. This is the default.

Lockout duration (seconds)

This field specifies the length of time a user remains locked out after the specified number of failed login attempts. This feature helps to guard against brute force attacks.

A zero (0) here or in the preceding field disables the lockout feature. This is the default.

Related topics