Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
owais-khan
New Contributor

Created on ‎01-25-2023 10:51 PM

Password Enforcement Policy Forticlient VPN Users

Hello Team,

 

I have achieved to Enforced Password Policy for FortiGate Admin users however I am not able to achieve the Password Enforcement Policy for  Forti client VPN Users As any new user came and we create Credentials for Forticleint and type its password so it should restrict me to keep the password as per created policy like 1 number, 1 character 1 should be a string and minimum length should be 12 or 16 so how to enforce, it has been done for Admin users however could not found option for Forti client VPN user creation. Note i am using Free Foriclients not the paid and no EMS as well.

 

Could it be achieve ?

Thanks to the community

Regards

Muhammad Owais Khan

 

Labels:
1264
0 Kudos
2 Solutions
srajeswaran
Staff
Staff

Created on ‎01-25-2023 11:27 PM

Hi Muhammad,

 

Its not possible to apply this password policy for VPN users. For VPN users, we can apply the policy with below conditions only.

 

FGT-1 (root) # config user password-policy

FGT-1 (password-policy) # edit 1

FGT-1 (1) # set
expire-days Time in days before the user's password expires.
warn-days Time in days before a password expiration warning message is displayed to the user upon login.
expired-password-renewal Enable/disable renewal of a password that already is expired.

FGT-1 (1) # set

 

Or you can use LDAP auth and apply the restrictions on LDAP server.

 

Ref: https://docs.fortinet.com/document/fortigate/7.0.2/administration-guide/544195/ssl-vpn-with-local-us...

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

View solution in original post

1249
0 Kudos
owais-khan
New Contributor
In response to srajeswaran

Created on ‎01-26-2023 08:40 AM

Thank you @srajeswaran for sharing the details 

View solution in original post

1233
0 Kudos
2 REPLIES 2
srajeswaran
Staff
Staff

Created on ‎01-25-2023 11:27 PM

Hi Muhammad,

 

Its not possible to apply this password policy for VPN users. For VPN users, we can apply the policy with below conditions only.

 

FGT-1 (root) # config user password-policy

FGT-1 (password-policy) # edit 1

FGT-1 (1) # set
expire-days Time in days before the user's password expires.
warn-days Time in days before a password expiration warning message is displayed to the user upon login.
expired-password-renewal Enable/disable renewal of a password that already is expired.

FGT-1 (1) # set

 

Or you can use LDAP auth and apply the restrictions on LDAP server.

 

Ref: https://docs.fortinet.com/document/fortigate/7.0.2/administration-guide/544195/ssl-vpn-with-local-us...

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
1250
0 Kudos
owais-khan
New Contributor
In response to srajeswaran

Created on ‎01-26-2023 08:40 AM

Thank you @srajeswaran for sharing the details 

1234
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.