Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
dbhavsar
Staff
Staff

Created on ‎07-18-2025 11:03 AM

Article Id 402142

Technical Tip: Configuring Admin Password Expiration on FortiGate for specific accounts

Description This article describes how to set a password expiration for specific admin accounts on FortiGate, while having another admin account that does not have the expiration policy. It also explains how to check the expiry date and provides information on alerting for password expiration.
Scope FortiGate
Solution

To configure admin password expiration on FortiGate, follow these steps:

 

Enable password-policy using the following commands:

 

config system password-policy
    set status enable
    set apply-to admin-password
    set expire-status enable
    set expire-day 90 <----- Set to specific days as per requirements.
end

 

This will automatically apply the password expiry date to all administrator account.


For the accounts that does not needs password-expiry date, execute following commands to unset password expiration:

 

config sys admin
    edit Admin1
        unset password-expire 
    next


To check the expiry date, use the command:


config sys admin

    edit <admin-username>

show

 

Note:
Additionally, it is recommended to have a backup admin account without password expiration to prevent lockout in case the primary admin account password expires.
Labels:
514
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.