FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
Article Id 195087


The purpose of this article is to configure a password policy in the FortiManager and install it on a managed FortiGate.


In the case of Password Policy configuration, use the CLI-Only objects section, a section normally used to cover configuration handled only via the CLI in FortiOS.

From Device Manager -> All FortiGates, access the FortiGate dashboard of the FortiGate to be configured.

From the Menu, select CLI Only Objects.

Go to System -> Password-policy and configure the parameters that need to be enforce as follows:

apply-to [admin-password |ipsec-preshared-key] -------Select where the policy applies: administrator passwords or IPSec preshared keys.

change-4-characters {enable | disable}---------------------Enable to require the new password to differ from the old password by at least four characters.

expire <days> ------------------------------------- Set time to expiry in days. Enter 0 for no expiry

minimum-length <chars>------------------------ Set the minimum length of password in characters. Range 8 to 32.

min-lower-case-letter<num_int>--------------- Enter the minimum number of required lower case letters in every password.

min-upper-case-letter<num_int>-------------- Enter the minimum number of required upper case letters in every password.

min-non-alphanumeric <num_int>------------ Enter the minimum number of required nonalphanumeric characters in every password.

min-number<num_int> -------------------------- Enter the minimum number of number characters required in every password.

expire-status{enable | disable}----------------- Enable to have passwords expire.

expire-day <num_int>---------------------------- Enter the number of days before the current password is expired and the user will be required to change their password.  This option is available only when expire-status is set to enable.                                                                              
status {enable | disable}------------------------- Enable password policy.

 Select Apply to save the configuration.

 Select the Install wizard to install the settings to the FortiGate.