System > Administration
75
SonicOS Enhanced 4.0 Administrator Guide
The Password must be changed every (days) setting requires users to change their
passwords after the designated number of days has elapsed. When a user attempts to login
with an expired password, a pop-up window will prompt the user to enter a new password. The
User Login Status window now includes a Change Password button so that users can change
their passwords at any time.
The Bar repeated passwords for this many changes setting requires users to use unique
passwords for the specified number of password changes.
The Enforce a minimum password length of setting sets the shortest allowed password.
The Enforce password complexity pulldown menu provides the following options:
• Require both alphabetic and numeric characters
• Require alphabetic, numeric, and symbolic characters
The Apply these password constraints for checkboxes specify which classes of users the
password constraints are applied to. The administrator checkbox refers to the default
administrator with the username admin.
The Log out the Administrator Inactivity Timeout after inactivity of (minutes) setting
allows you to set the length of inactivity time that elapses before you are automatically logged
out of the Management Interface. By default, the SonicWALL security appliance logs out the
administrator after 5 minutes of inactivity. The inactivity timeout can range from 1 to 99 minutes.
Click Apply, and a message confirming the update is displayed at the bottom of the browser
window.
Tip If the Administrator Inactivity Timeout is extended beyond 5 minutes, you should end every
management session by clicking Logout to prevent unauthorized access to the SonicWALL
security appliance’s Management Interface.
You can configure the SonicWALL security appliance to lockout an administrator or a user if the
login credentials are incorrect. Select the Enable Administrator/User Lockout on login
failure checkbox to prevent users from attempting to log into the SonicWALL security appliance
without proper authentication credentials. Type the number of failed attempts before the user
is locked out in the Failed login attempts per minute before lockout field. Type the length of
time that must elapse before the user attempts to log into the SonicWALL again in the Lockout
Period (minutes) field.
Caution If the administrator and a user are logging into the SonicWALL using the same source IP
address, the administrator is also locked out of the SonicWALL. The lockout is based on the
source IP address of the user or administrator.