Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
pjang
Staff & Editor
Staff & Editor

Created on ‎11-13-2025 10:04 AM

Article Id 418854

Technical Tip: Password length limitations for FortiGate-managed FortiExtenders

Description This article discusses some known password length limitations when setting up FortiExtender units managed by a FortiGate.
Scope FortiGate 7.2, 7.4, and 7.6+; FortiExtender.
Solution

When setting up a Managed FortiExtender on the FortiGate, administrators will typically create new FortiExtender profiles that are assigned to the FortiExtender. This profile typically requires setting a login-password that should be applied to the FortiExtender for administrative access:

 

config extender-controller extender-profile

edit <profile_name>

set login-password-change yes

set login-password <password>

next

end

 

In older FortiOS versions (early 7.2, 7.4, and prior), the password set within this profile was limited to a minimum of 4 characters and a maximum of 8 characters. This was based on limitations of older FortiExtender versions, though by this period of time FortiExtenderOS could support much longer password lengths. Notably, it was possible to set a password of up to 27 characters by modifying the individual FortiExtender entries on the FortiGate under extender-controller extender (as opposed to setting it within the profile):

 

config extender-controller extender

edit <name>

set override-login-password-change enable

set login-password-change yes

set login-password <password>

next

end

 

Later on, FortiOS 7.2.5, 7.4.1, and later updated the CLI for extender-controller extender-profile to support password lengths up to 27 characters long (as of Change #878455), but the accompanying GUI support for longer passwords was not added until FortiOS 7.6.1 and later (as of Change #1068326).

 

To summarize:

  • Prior to FortiOS 7.2.5/7.4.1, FortiExtender profiles on the FortiGate only supported setting password lengths between 4-8 characters in both the CLI and GUI.
  • From 7.2.5 to the latest revision, 7.4.1 to the latest revision, and 7.6.0 specifically, the CLI for FortiExtender profile now supports password lengths between 4-27 characters, but the GUI is still limited to 4-8.
  • From 7.6.1 and beyond, both the GUI and CLI now support setting password lengths between 4-27 characters.

 

Note:

Administrators on FortiOS 7.2 and 7.4 will find that during GUI setup, the FortiGate will limit passwords to a maximum of 8 characters but the FortiExtender may require a minimum of 12 characters long to meet password complexity requirements (as per change #1152517 for FortiExtender).

 

To workaround this, create the FortiExtender profile in the GUI first using a temporary password of 4-8 characters, then modify the extender-profile in the CLI to set a longer-length password.

 

Related documents:

FortiExtender and FortiGate integration

FortiExtender as FortiGate WAN extension

Set up FortiExtender as the WAN-extension of FortiGate using VLAN mode
34
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.