Athena NGFW (Next-Generation Firewall)

Athena NGFW (previously known as Network Secure) provides comprehensive protection for every network perimeter, ensuring the safety of your valuable assets, data, and users from emerging threats.
{{ $t('productDocDetail.guideClickSwitch') }}
{{ $t('productDocDetail.know') }}
{{ $t('productDocDetail.dontRemind') }}
8.0.85
Athena NGFW (Next-Generation Firewall) {{ breadTitle }} User Manual Objects Security Policy Template Web App Firewall Password Protection
{{sendMatomoQuery("Athena NGFW (Next-Generation Firewall)","Password Protection")}}

Password Protection

{{ $t('productDocDetail.updateTime') }}: 2026-01-06

Password protection: This function applies to HTTP protocols. It mainly filters some oversimple usernames and passwords. Check Password Protection and click Advanced to display the page as follows.

A screenshot of a computer Description automatically generated

Web-based login weak password detection: Enable it to protect the weak passwords in Web login. Click Settings to increase the complexity and add a custom password library, as shown below.

A screenshot of a computer screen Description automatically generated

Select the predefined weak password rule or fill in the weak password list. Click Save to validate the settings. When such weak passwords are detected, the firewall will generate a log to remind the administrator.

Web-based cleartext detection: Enable it to detect plaintext transmission during Web login.

Web-based brute-force attack protection: It protects against Web password blasts. Click Settings to enter the setting page, as shown below.

A screenshot of a computer Description automatically generated

Fast brute-force attack protection: It utilizes the built-in WAF password attack protection rule to detect password blast behaviors in real-time.

Slow brute-force attack protection: The IP addresses of attacking sources with a low brute frequency that is hard to detect previously can now be detected by algorithmic analysis of offline logs within the specified time.

High Detection: Last for 15 minutes with 2 logins per minute; low threshold setting, easy to trigger brute-force attack, applicable to scenarios with the high-security requirement.

Balanced: Last for 21 minutes with 4 logins per minute; moderate threshold setting, applicable to brute-force attack detection in most scenarios, recommended setting.

High Accuracy: Last for 45 minutes with 8 logins per minute; high threshold setting, hard to trigger brute-force attack, applicable to scenarios with high business continuity requirements.

Distributed brute-force attack protection: When multiple devices attack a server, the IP address of the brute-force attack source that is hard to detect previously can now be detected by algorithmic analysis of offline logs within the specified time.

Web-Based Login Password Parameters: The custom password protection rules added on this page will be automatically synchronized to the Objects > Threat Signature Database > Custom Database. Click Add to create a custom Web password protection rule, as shown below.

A screenshot of a computer Description automatically generated