The Global Security Options feature allows you to compel users to select strong passwords and set password lifetimes. The SBC also incorporates several anti-hacking features that help prevent unauthorized access. The restrictions and limits set by this feature apply to local users only.
Password construction and lifetimes for AD and RADIUS users are controlled by their respective authorization schemes. However, RADIUS and AD users are still subject to lockouts due to failed login attempts.
After the administrator adds a new user, that user is prompted to enter a new password the first time they log into the SBC. Also, if an administrator resets a current user's password, the user's current session is terminated and the user is then prompted to enter a new password (compulsory password change).
New password entry is forced in these situations and the user will not be allowed to proceed with the login process until they have correctly entered a new password.
When a user exceeds the maximum number of failed attempts, they are locked out of the system for the time specified in the configuration, however if the SBC is rebooted, the lockout is terminated.
Unlike the various WebUI access users (Admin, Read-Only, etc.), REST users are not subject to the constraints of password complexity, forced password reset, or password lifetimes.
In the left navigation pane, go to Security > Users > Global Security Options.
Used to enable and disable Global Security Options.
Specifies the minimum number of characters which must appear in a valid password. This field is only available when Enhanced Password Security is enabled.
Specifies the minimum number of upper case alphabetical characters which must appear in a valid password. This field is only available when Enhanced Password Security is enabled.
Specifies the minimum number of lower case alphabetical characters which must appear in a valid password. This field is only available when Enhanced Password Security is enabled.
Specifies the minimum number of numeric characters which must appear in a valid password. This field is only available when Enhanced Password Security is enabled.
Specifies the minimum number of special characters which must appear in a valid password. This field is only available when Enhanced Password Security is enabled.
Specifies the minimum number of characters which must be different from the previous password. This field is only available when Enhanced Password Security is enabled.
Specifies the maximum number of times any character may appear consecutively in a password. This field is only available when Enhanced Password Security is enabled.
Enables and disables password lifetimes.
Specifies the maximum lifetime of a password in days. This field is only available when Set Password Lifetime is enabled.
Specifies the maximum number of failed log in attempts before the SBC locks out the user.
Specifies the period of time, in minutes, the user is locked out of the SBC after reaching the maximum number of failed log in attempts.
Enables/disables the Password Recovery mechanism for Admin passwords. If this field is set to True, you are able to initiate the password recovery mechanism for loss of the Admin password. Default entry: False.
For detailed information, see Recovering Admin Passwords.