9.3.2.1. set bruteforce-protection

A - Introduction

The `bruteforce-protection` command of the `set` sub-group enables the system to protect against brute force attacks when a user logs in.

User accounts are automatically locked for a set period of time after several unsuccessful attempts.

The default value is 3.

To view the current values for the number of attempts and the account lockout duration, use the show bruteforce-protection command.

---

B - Prerequisites

• User: setup

• Dependencies: N/A

---

C - Command

`set bruteforce-protection {lock-duration|max-tries|restore-default}`

---

D - Command used to set a maximum number of authentication attempts for an account (0 to deactivate)

`set bruteforce-protection lock-duration {0|1-86400}`

---

E - Command used to set an account lockout duration in seconds (0 to deactivate)

`set bruteforce-protection max-tries {0|1-100}`

---

F - Command to restore the default configuration

`set bruteforce-protection restore-default`

---

G - Procedure to change the lockout duration to 360 seconds

The command prompt is displayed.

(gcap-cli)

1. Enter the command

   set bruteforce-protection lock-duration 360
   

2. Validate

   The system indicates the setting has been changed

   Updating bruteforce protection configuration
   Bruteforce protection configuration updated
   

---