FGFW-ND-000045 - The FortiGate device must enforce the limit of three consecutive invalid logon attempts, after which time it must lock out the user account from accessing the device for 15 minutes. - admin-lockout-duration

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced.

Solution

Log in to the FortiGate GUI with Super-Admin privilege.

1. Open a CLI console, via SSH or available from the GUI.
2. Run the following commands:
# config system global
# set admin-lockout-duration 900
# set admin-lockout-threshold 3
# end

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_FN_FortiGate_Firewall_STIG.zip

Item Details

References: CAT|II, CCI|CCI-000044, Rule-ID|SV-234168r628777_rule, STIG-ID|FGFW-ND-000045, Vuln-ID|V-234168

Plugin: FortiGate

Control ID: 5c3825fc39b33eebb9b4b6ac1bbf464e55cba552fc6eeb19d106aa0f21c206a4