Created on 09-16-2009 01:32 PM Edited on 06-08-2022 02:15 PM By Anonymous
Description
Since FortiOS 4.0 MR1, there is a new feature that enables FortiGate administrator passwords to adhere to strict requirements. This includes proper aging attributes attached, so that passwords must be changed on a continual basis.
Solution
2) Select Enable for the Password Policy, and edit the options as required.
To enable using CLI:
#config system password-policyFor version V4.0 MR1:
set status enable
end
#FGT (password-policy) # get
status : enable
apply-to : admin-password
minimum-length : 8
must-contain :
change-4-characters : disable
expire : 0
#config system password-policy
set status [enable | disable] # default is disable
set apply-to [admin-password ipsec-preshared-key] # default is admin-password
set minimum-length xxx # default is 8set must-contain [lower-case-letter upper-case-letter non-alphanumeric number] # default is NULLend
set minimum-characters-change 4 #default is 0, when not zero, it requires to change at least N characters for password change
set admin-password-expire xxx # Unit=DAYS before expire. Default is 0, means never expire
#config system admin
edit xxx
set password-expire YYYY-MM-DD HH:MM:SS # default 0, means never expire.
set force-password-change [enable | disable] # initially set to disable, when set to enable, user must change his password next time he logs in
next
end
For version V5.4 and above :#config system password-policy
set status enable # default is disable
set apply-to admin-password [admin-password ipsec-preshared-key] # default is admin-password
set minimum-length 8 # default is 8
set min-lower-case-letter 0
set min-upper-case-letter 0
set min-non-alphanumeric 0
set min-number 0
set change-4-characters disable
set expire-status disable Default is 0, means never expire
set reuse-password enable
end
#config system admin
#edit xxx
#set password-expire YYYY-MM-DD HH:MM:SS # default 0, means never expire.
#set force-password-change [enable | disable] # initially set to disable, when set to enable, user must change his password next time he logs in
#next
# end
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.