| Description | This article describes how to configure a user password policy. |
| Scope | FortiGate. |
| Solution |
Configure password expiry and warning for the local users, with users being prompted to change passwords upon expiry.
The below KB article will help to create a local user: Technical Tip: Local user authentication - Fortinet Community
Create a password policy through the CLI:
Default expiry days are 180, and the range available to configure is from 0 to 999 days. Similarly, default warn days are 15, and the range available is from 0 to 30 days.
Post configuring the password policy, map it to the local user as below.
Add the user to the firewall policy for the authentication.
The result can be seen below:
The password can be changed from the captive portal.
Additional Note: If, after upgrading to branch v7.4, the password policy is not effective even though the configuration is still there, the following option must be enabled via CLI:
config user password-policy edit 1 set expire-status enable next end
Related document: |
