FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
cpagare
Staff
Staff
Description
The article describes how to configure the password policy for locally defined administrator passwords and IPsec VPN pre-shared keys.


Solution
Configuration from GUI.

To create a system password policy from the GUI:
1) Go to System -> Settings.
2) In the Password Policy section, change the Password scope to Admin, IPsec, or Both.
3) Configure the password policy options.
4)Select 'Apply'.





From the CLI.

To create a system password policy the CLI:
# config system password-policy
    set status {enable | disable}
    set apply-to {admin-password | ipsec-preshared-key}
    set minimum-length <8-128>
    set min-lower-case-letter <0-128>
    set min-upper-case-letter <0-128>
    set min-non-alphanumeric <0-128>
    set min-number <0-128>
    set change-4-characters {enable | disable}
    set expire-status {enable | disable}
    set expire-day <1-999>
    set reuse-password {enable | disable}
end








Verification of Configuration and troubleshooting.

1) If Password Scope is Admin:
FGT1 # show system password-policy
# config system password-policy

    set status enable
end
2) If Password Scope is IPsec:
FGT1 # show system password-policy
# config system password-policy

    set status enable
    set apply-to ipsec-preshared-key
end
3) If Password Scope is Both Admin and IPsec:
FGT1 # show system password-policy
# config system password-policy

    set status enable
    set apply-to admin-password ipsec-preshared-key
end

Related Articles

Technical Tip: Strong Password 'Password Policy' feature

Contributors