|
FortiGate allows creating a password policy for administrators and IPsec pre-shared keys OR it can be configured under IPsec VPN settings.
Check under 'config system password-policy'.
config system password-policy
set status {enable | disable}
set apply-to {admin-password | ipsec-preshared-key}
set minimum-length <8-128>
set min-lower-case-letter <0-128>
set min-upper-case-letter <0-128>
set min-non-alphanumeric <0-128>
set min-number <0-128>
set change-4-characters {enable | disable}
set expire-status {enable | disable}
set expire-day <1-999>
set reuse-password {enable | disable}
end
Example:
FGT # config system password-policy
FGT (password-policy) # set apply-to
admin-password Apply to administrator passwords.
ipsec-preshared-key Apply to IPsec pre-shared keys.
FGT (password-policy) # set minimum-length
minimum-length Enter an integer value from <8> to <128> (default = <8>).
If not having a password policy enabled and configuring the psksecret under the IPsec tunnel interface, then the minimum length support of 6 characters.
Example:
FGT (root) # config vpn ipsec phase1-interface
FGT (root) # edit tunnel_1
FGT (tunnel_1) # set psksecret test1
Minimum psksecret length is 6.
node_check_object fail! for psksecret test1
|
