Restrict administrator account
Use these settings to limit access to the Management and Security Server administrator account.
IP address range
Enter a range of IP addresses -- either IPv4 or IPv6 -- for devices that are allowed to log in as administrator. IP addresses outside of this range will be rejected even if the correct password is entered.
Note
If the designated machines have multiple IP addresses, enter all of the possible IP addresses that the client might send.
You can use an asterisk (*
) as a wild card in any part of the IP address. Use a single *
(the default) to allow anyone with the password to log in as administrator. To restrict access, you must include *
or a number in each section of the address.
Use a hyphen (-
) to indicate an inclusive range of addresses and a comma (,
) to list individual addresses.
Examples for IPv4 and IPv6 address ranges
This IPv4 entry... | Allows access from... |
---|---|
* |
all IP addresses |
123.* .* .* |
all IP addresses that begin with 123 |
123.123.4.5 - 123.123.4.7 | only 123.123.4.5, 123.123.4.6, and 123.123.4.7 |
123.* .* .* , 246.246.0.1 |
all IP addresses that begin with 123 and from 246.246.0.1 |
123.123.4.5 | only the given IP address |
Note
An IPv6 address is hexadecimal and has eight segments. For example:
2600:1702:1740:1250:1452:5191:d0de:7072
This IPv6 entry... | Allows access from... |
---|---|
* |
all IP addresses |
1111:* :* :* :* :* :* :* |
all IP addresses that begin with 1111 |
1111:2222:33ab:4444:5555:6cd6:7777:8886 - 1111:2222:33ab:4444:5555:6cd6:7777:8888 | only 1111:2222:33ab:4444:5555:6cd6:7777:8886, 1111:2222:33ab:4444:5555:6cd6:7777:8887, and 1111:2222:33ab:4444:5555:6cd6:7777:8888 |
1111:* :* :* :* :* :* :* , 1234:2345:3456:4567:5678:6789:789a:89ab |
all IP addresses that begin with 1111 and from 1234:2345:3456:4567:5678:6789:789a:89ab |
1111:2222:33ab:4444:5555:6cd6:7777:8888 | only the given IP address |
Maximum allowed attempts before lockout
After a user has attempted to log into the administrator account the specified number of times without providing the correct password, the user is locked out. This feature helps to guard against brute force attacks.
A zero (0) here or in the following field disables the lockout feature. This is the default.
Lockout duration (seconds)
This field specifies the length of time a user remains locked out after the specified number of failed login attempts. This feature helps to guard against brute force attacks.
A zero (0) here or in the preceding field disables the lockout feature. This is the default.