Help
FortiPAM
FortiPAM allows you to protect, isolate and secure privileged account credentials, manage and control privileged user access, and monitor and record privileged account activity.
idumancic
Staff
Staff

Created on ‎05-12-2025 12:15 AM Edited on ‎06-24-2025 06:26 AM By Staff & Editor

Article Id 391144

Technical Tip: Explanation of password-change timers settings in FortiPAM

Description This article explains two timers for password settings in FortiPAM.
Scope FortiPAM, FortiSRA v1.5.
Solution

In the FortiPAM system, there are two default timers for password change, visible through the full configuration settings in the CLI:

 

config system global

 

fpam.PNG

 

Here is the explanation:

 

Password-change-drain Enter an integer value from <30> to <2000> (default = <50>) <----- Password-change-drain (default 50ms) option is to read from SSH server side, since the FortiPAM cannot determine if the server side sends all the response, FortiPAM has to use one timer to do that, i.e.. FortiPAM tries to read 50ms or 2000ms, if no data is coming in, the system could assume the server side has finished sending. Any data from the server will reset this timer.

 

Password-change-network-delay Enter an integer value from <30> to <120> (default = <60>)<----- 
Password-change-network-delay (default 60ms) stands for, FortiPAM sends out one command line to the SSH server, how long will FortiPAM expect it to response, For example, if a user makes authentication and first expects the prompt, such kind procedure needs network delay to control the waiting time.
Labels:
347
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.