For Network IPS appliances, the root user can reset and unlock accounts by using the passwd and faillog commands.
The appliance denies access to users for several reasons. Some reasons might include the use of an incorrect user name or password or too many logon attempts with incorrect information. When you are contacted with these issues, use the iss.Csf.log file in /var/log/messages to determine the cause.