https://community.cisco.com/t5/network-access-control/max-failed-login-attempts-on-web-portal-and-ad/m-p/3569912#M519185 <HTML><HEAD></HEAD><BODY><P>CSCva98129 might impact customer deployments on ISE 1.4 ~ 2.2. Please ensure on the latest patches.</P></BODY></HTML> Fri, 15 Dec 2017 04:09:28 GMT hslai 2017-12-15T04:09:28Z https://community.cisco.com/t5/network-access-control/max-failed-login-attempts-on-web-portal-and-ad/m-p/3569909#M519181 <HTML><HEAD></HEAD><BODY><P>Hi team,</P><P></P><P>Does the Maximum Failed Login Attempts control work for web portal authentication with Active Directory users? If not would there be another way to prevent AD user account lockout when using the web portal?</P><P></P><P>Thanks</P></BODY></HTML> Tue, 12 Dec 2017 21:13:46 GMT https://community.cisco.com/t5/network-access-control/max-failed-login-attempts-on-web-portal-and-ad/m-p/3569909#M519181 slevesqu 2017-12-12T21:13:46Z https://community.cisco.com/t5/network-access-control/max-failed-login-attempts-on-web-portal-and-ad/m-p/3569910#M519183 <HTML><HEAD></HEAD><BODY><P>It seems you are referring the "Web Portal" to any end-user facing portals, such as MyDevices portal with the login page settings:</P><P><IMG alt="Screen Shot 2017-12-14 at 4.39.31 PM.png" class="image-1 jive-image" height="158" src="/legacyfs/online/fusion/114132_Screen Shot 2017-12-14 at 4.39.31 PM.png" style="height: 158.39999999999998px; width: 352px;" width="352" /></P><P>In that case, I believe it applies to AD as well. Is your plan to set a huge number for the time between login attempts when rate timing? Otherwise, it would not help much if the AD users have the policy to lock the accounts after number of failures.</P></BODY></HTML> Fri, 15 Dec 2017 00:44:58 GMT https://community.cisco.com/t5/network-access-control/max-failed-login-attempts-on-web-portal-and-ad/m-p/3569910#M519183 hslai 2017-12-15T00:44:58Z https://community.cisco.com/t5/network-access-control/max-failed-login-attempts-on-web-portal-and-ad/m-p/3569911#M519184 <HTML><HEAD></HEAD><BODY><P>The use case is the guest portal that is used on an open ssid by both guests and employees for internet access. The customer wants to prevent the employee AD user accounts lockout. </P><P></P><P>Yes the idea would be as you said to rate limit for a very long time after the user has tried 2 times for example assuming that the AD account lockout policy is 3 times.</P></BODY></HTML> Fri, 15 Dec 2017 01:26:18 GMT https://community.cisco.com/t5/network-access-control/max-failed-login-attempts-on-web-portal-and-ad/m-p/3569911#M519184 slevesqu 2017-12-15T01:26:18Z https://community.cisco.com/t5/network-access-control/max-failed-login-attempts-on-web-portal-and-ad/m-p/3569912#M519185 <HTML><HEAD></HEAD><BODY><P>CSCva98129 might impact customer deployments on ISE 1.4 ~ 2.2. Please ensure on the latest patches.</P></BODY></HTML> Fri, 15 Dec 2017 04:09:28 GMT https://community.cisco.com/t5/network-access-control/max-failed-login-attempts-on-web-portal-and-ad/m-p/3569912#M519185 hslai 2017-12-15T04:09:28Z