Technical Tip: Strong Password 'Password Policy' feature

Description
  Since FortiOS 4.0 MR1, there is a new feature that enables FortiGate administrator passwords to adhere to strict requirements. This includes proper aging attributes attached, so that passwords must be changed on a continual basis.

Solution

2) Select Enable for the Password Policy, and edit the options as required.

To enable using CLI:

#config system password-policy
           set status enable
        end

For version V4.0 MR1:

#FGT (password-policy) # get

status : enable
apply-to : admin-password
minimum-length : 8
must-contain :
change-4-characters : disable
expire : 0

#config system password-policy
  set status [enable | disable] # default is disable
  set apply-to [admin-password ipsec-preshared-key] # default is admin-password
  set minimum-length xxx # default is 8

  set must-contain [lower-case-letter upper-case-letter non-alphanumeric number] # default is NULL
  set minimum-characters-change 4 #default is 0, when not zero, it requires to change at least N characters for password change
  set admin-password-expire xxx # Unit=DAYS before expire. Default is 0, means never expire

end

 For version V5.4 and above :

#config system password-policy
    set status enable  # default is disable
    set apply-to admin-password [admin-password ipsec-preshared-key] # default is admin-password
    set minimum-length 8 # default is 8
    set min-lower-case-letter 0
    set min-upper-case-letter 0
    set min-non-alphanumeric 0
    set min-number 0
    set change-4-characters disable
    set expire-status disable Default is 0, means never expire
    set reuse-password enable
end

#config system admin
#edit xxx
#set password-expire YYYY-MM-DD HH:MM:SS # default 0, means never expire.
#set force-password-change [enable | disable] # initially set to disable, when set to enable, user must change his password next     time he logs in
#next
# end