Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/support/surf/en-us/index.html?contextId=sf-critical-block-signin

Block sign-in after 5 unsuccessful attempts from the same IP address within 60 Seconds

Critical

Explanation

Configure to block signing in to the Webadmin console and CLI after the maximum number of failed sign-in attempts and the duration within which the attempts can be made from a single IP address.

Rationale

An unattended computer with open administrative session to the device could allow unauthorized user access to the firewall’s management interface.

Prevent brute force attempts against sign-in sessions to block multiple sign-in failures.

Resolution

  1. Go to Administration > Admin and user settings > Login security.
  2. Select Block login.
  3. Configure the settings with values that are appropriate to your organization. It is recommended to block 5 unsuccessful attempts from the same IP address within 60 seconds and to block signing in for 5 minutes.
  4. Click Apply.

Related information