FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 276600
Description This article describes the improvements made to the user password policy feature in FortiOS version 7.4.
Scope FortiGate v7.4.

Brute force password-cracking software surpasses simple dictionary attacks; it possesses the capability to unveil common passwords, including those incorporating character substitutions like replacing letters with numbers.

For instance, such software can expose the vulnerability of weak passwords by cracking a password like 'H4v34gr8Day'.


Given this reality, it is imperative to stress the significance of utilizing strong and secure passwords to reinforce the security measures of the FortiGate system. Strong passwords serve as a crucial defense against unauthorized access attempts and form an integral part of the overall cybersecurity strategy.

Additionally, it is advisable to implement multi-factor authentication (MFA) to further enhance the protection of the FortiGate and other critical systems. MFA adds an extra layer of security by requiring users to provide multiple forms of identification before gaining access.


In FortiOS 7.2 and earlier builds, the local user password policy for non-admin users was a basic feature limited to enforcing password renewal through an expiry timer. This link provides an example of this feature in action:

config user password-policy.


Starting from FortiOS 7.4 and higher, an enhanced local user password policy is introduced.

It offers customization options for the local firewall user password policy, allowing configuring parameters such as minimum password length, character diversity, and the prevention of password reuse.

These configurable settings closely resemble the choices available within the system administrator password policy, providing enhanced security and greater adaptability compared to the previous local user password policy.


To learn more about this new feature and see a usage example, please visit this article:

Enhance complexity options for local user password policy 7.4.1.