Firewall - Login denied: Login attempt on a lockout address [lockout users]

This information can help you if you mis-type your password to often and get blocked by the USG and USG FLEX. Can't lockout user from IP address issue is also address.


Step by step procedure

You can use the following CLI command to unlock the source IP address via console or SSH.


Router# show lockout-users

Router# configure terminal

Router(config)# unlock lockout-users W.X.Y.Z


Then the IP address W.X.Y.Z will be unlocked in the list.

You can try the password to authenticate with the device again.



After unlocking the address, you will be able to log in to the device again.


"Can't unlock user from" issue


If you use the show lockout-users command, you will not only see the locked out users, but all failed login attempts. Please look at your 


Please take a look at your User IP Lockout Settings to see if the user has reached the maximum login attempts or not. In this case, the failed login attempt was just 1 (from the example above) and therefore, it's not locked out.


Articles in this section

Was this article helpful?
10 out of 60 found this helpful



Please sign in to leave a comment.