CLI Guide - WatchGuard Technologies
CLI Guide - WatchGuard Technologies
CLI Guide - WatchGuard Technologies
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
CHAPTER 2: Administration Mode Commands<br />
account command<br />
WG#admin<br />
WG(admin)#account<br />
-login_limit<br />
-login_limit <br />
-status<br />
-unlock |all<br />
-all<br />
Effect<br />
Allows you to view, set, and clear failed login attempt limits.<br />
Login limits provide a further level of security, and<br />
eliminate susceptibility to a “brute force” password hacks.<br />
The account management feature is available in all three<br />
operation modes (normal, FIPS, and CC).<br />
The <strong>CLI</strong> allows only the root superadmin “admin” to log<br />
in, while rejecting all other accounts, including userdefined<br />
superamin accounts. If you set the login_limit<br />
feature on the root superadmin user, it is possible for the<br />
superadmin to be locked out of the system.<br />
To work around this possible problem:<br />
1 Create another superadmin account in addition to the<br />
root superadmin “admin” account, using Vcontroller,<br />
before you set the login_limit for the root<br />
superadmin account.<br />
If the root superadmin “admin” is locked out because of<br />
exceeded login failures, you can use this separate, non-root-level<br />
superadmin account to login to Vcontroller with full<br />
administration privileges.<br />
2 In a text editor, create and save an ASCII text file with<br />
the following two lines:<br />
admin<br />
account -unlock admin<br />
3 In Vcontroller, click Diagnostics/<strong>CLI</strong> and select the <strong>CLI</strong><br />
tab.<br />
This feature allows you to select a text file that contains <strong>CLI</strong><br />
commands.<br />
28 <strong>WatchGuard</strong> Vclass 5.1