FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description This article explains how in some scenarios, a password policy may have been configured for local users and applied for SSL VPN. Once the password expires, the user can not set up a VPN and force the password to be renewed in order to set up a VPN. Once the user has renewed the password, the user will be able to log in to VPN. It is not possible to limit the local user to changing the password at the moment of expiry.
Solution Workaround:
Use LDAP users instead of local users. In LDAP Configuration, it is possible to get an option to restrict password renewal by using following commands.
#config user ldap #edit "ldap_server_name" #set set password-renewal disable #end
(By default,Its disabled).
However, this will apply to all LDAP users mapped to SSL VPN. It can not be applied to individual LDAP users. To limit it to an individual user, limit it directly to the LDAP server under user settings.
