Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
pmeet
Staff
Staff

Created on ‎03-25-2024 06:40 AM

Article Id 306436

Technical Tip: How to Force password change for FortiGate admin account on next login

Description This article describes how to enable the force-admin password change feature for FortiGate admin accounts.
Scope FortiGate.
Solution

To enable this feature it is mandatory to first enable the password-policy status on the FortiGate:

config system password-policy

    set status enable ----------> Default is disabled.

end

 

Once it is enabled, a force-admin password change feature becomes available on GUI and CLI as well.

 

Via GUI:

 

ADMIN34.PNG

 

Via CLI:

 

config system admin

sh full 
    edit "admin"
        set remote-auth disable
        set accprofile "super_admin"
        set comments ''
        set vdom "root"
        unset ssh-public-key1
        unset ssh-public-key2
        unset ssh-public-key3
        set ssh-certificate ''
        set schedule ''
        set force-password-change disable ---> enable
        set two-factor disable
        set email-to ''
        set sms-server fortiguard
        set sms-phone ''
        set guest-auth disable
        set password ENC 
        set allow-remove-admin-session enable
    next
end
188
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.