For managed TPS devices and IPS devices running TOS v.3.3 and later, the SMS supports
user authentication for individual devices.
 |
NoteIn order for TPS devices to use the SMS as an authentication source, SMS port 443
must
be open and accessible by the device.
|
From the Device Configuration screen for a managed device, you can set the following
user authentication preferences:
- Security Level — None (level 0), Low (level 1), Medium (level 2), or High (level 3).
- Maximum Login Attempts — Login attempts from 1 to 10.
- Failed Login Action — Disable account and/or lockout IP address, lockout account and/or IP address account (default setting), or audit event.
- Lockout Time — Lockout time from 1 to 1440 minutes.
Local Authentication Only
The SMS stores a hashed password for the user account and authenticates against a
user database stored locally on the TPS device.
|
NoteThis option only appears on TPS devices.
|
The following password expiration options apply to accounts that are configured for
local authentication only:
- Password Expiration — The minimum expiration period is 10 days, and the maximum expiration period is one year.
- Password Expiration Action — Force user to change password; notify user of expiration; or deny login, SuperUser must reset password.
|
Note You cannot disable the password expiration for a Threat Protection System (TPS) device;
therefore,
Disabled is not available as an option.
|