This article describes how to configure admin account password expiration on FortiWeb and explains what the expected behavior is after setting it.

Using the GUI:

1. Navigate to System -> Admin -> Settings.
2. Edit the Password policy and set the Password Expiration to the required value before pressing Apply:

Using CLI:

config system password-polic

    set status enable

    set expire-status enable

    set expire-day 1

end

status {enable | disable} (DEFAULT disable)

• Enable to enforcement of password rules for administrator accounts. When rules are configured for the password policy, administrator accounts that do not adhere to the password policy will be prompted to update their password upon logging in. For some cloud platforms such as AWS, Azure, and GCP, etc., it is enabled by default.

expire-status {enable | disable} (DEFAULT disable)

• Enable password expiration:

expire-day <expire-day_int> (DEFAULT 90)

• Enter the valid period for the password. The valid range 1–999 days

Behavior

• Once the configured number is already hit of days is hit, it is necessary to change the password on the next logon in FortiWeb. See FortiWeb Administration Guide for more information on editing the Password Policy.