Skip to content

Restrict administrator account

Use these settings to limit access to the Management and Security Server administrator account.

IP address range

Enter a range of IP addresses -- either IPv4 or IPv6 -- for devices that are allowed to log in as administrator. IP addresses outside of this range will be rejected even if the correct password is entered.

Note

If the designated machines have multiple IP addresses, enter all of the possible IP addresses that the client might send.

You can use an asterisk (*) as a wild card in any part of the IP address. Use a single * (the default) to allow anyone with the password to log in as administrator. To restrict access, you must include * or a number in each section of the address.

Use a hyphen (-) to indicate an inclusive range of addresses and a comma (,) to list individual addresses.

Examples for IPv4 and IPv6 address ranges

This IPv4 entry... Allows access from...
* all IP addresses
123.*.*.* all IP addresses that begin with 123
123.123.4.5 - 123.123.4.7 only 123.123.4.5, 123.123.4.6, and 123.123.4.7
123.*.*.*, 246.246.0.1 all IP addresses that begin with 123 and from 246.246.0.1
123.123.4.5 only the given IP address

Note

An IPv6 address is hexadecimal and has eight segments. For example: 2600:1702:1740:1250:1452:5191:d0de:7072

This IPv6 entry... Allows access from...
* all IP addresses
1111:*:*:*:*:*:*:* all IP addresses that begin with 1111
1111:2222:33ab:4444:5555:6cd6:7777:8886 - 1111:2222:33ab:4444:5555:6cd6:7777:8888 only 1111:2222:33ab:4444:5555:6cd6:7777:8886, 1111:2222:33ab:4444:5555:6cd6:7777:8887, and 1111:2222:33ab:4444:5555:6cd6:7777:8888
1111:*:*:*:*:*:*:*, 1234:2345:3456:4567:5678:6789:789a:89ab all IP addresses that begin with 1111 and from 1234:2345:3456:4567:5678:6789:789a:89ab
1111:2222:33ab:4444:5555:6cd6:7777:8888 only the given IP address

Maximum allowed attempts before lockout

After a user has attempted to log into the administrator account the specified number of times without providing the correct password, the user is locked out. This feature helps to guard against brute force attacks.

A zero (0) here or in the following field disables the lockout feature. This is the default.

Lockout duration (seconds)

This field specifies the length of time a user remains locked out after the specified number of failed login attempts. This feature helps to guard against brute force attacks.

A zero (0) here or in the preceding field disables the lockout feature. This is the default.