Fortinet white logo
Fortinet white logo

CLI Reference

password-policy

password-policy

Use this command to configure access password policies.

Syntax

config system password-policy

set status {enable | disable}

set minimum-length <integer>

set must-contain {lower-case-letter non-alphanumeric number upper-case-letter}

set change-4-characters {enable | disable}

set expire <integer>

set password-history <integer>

end

Variable

Description

status {enable | disable}

Enable/disable the password policy (default = disable).

minimum-length <integer>

Set the password’s minimum length (8 - 256, default = 8).

must-contain {lower-case-letter non-alphanumeric number upper-case-letter}

Characters that a password must contain.

  • lower-case-letter: the password must contain at least one lower case letter.
  • non-alphanumeric: the password must contain at least one non-alphanumeric character.
  • number: the password must contain at least one number.
  • upper-case-letter: the password must contain at least one upper case letter.

change-4-characters {enable | disable}

Enable/disable changing at least 4 characters for a new password (default = disable).

expire <integer>

Set the number of days after which admin users' passwords will expire (0 - 3650, 0 = never, default = 0).

password-history <integer>

Set the number of unique new passwords that must be used before old password can be reused (0 - 20, default = 0).

password-policy

password-policy

Use this command to configure access password policies.

Syntax

config system password-policy

set status {enable | disable}

set minimum-length <integer>

set must-contain {lower-case-letter non-alphanumeric number upper-case-letter}

set change-4-characters {enable | disable}

set expire <integer>

set password-history <integer>

end

Variable

Description

status {enable | disable}

Enable/disable the password policy (default = disable).

minimum-length <integer>

Set the password’s minimum length (8 - 256, default = 8).

must-contain {lower-case-letter non-alphanumeric number upper-case-letter}

Characters that a password must contain.

  • lower-case-letter: the password must contain at least one lower case letter.
  • non-alphanumeric: the password must contain at least one non-alphanumeric character.
  • number: the password must contain at least one number.
  • upper-case-letter: the password must contain at least one upper case letter.

change-4-characters {enable | disable}

Enable/disable changing at least 4 characters for a new password (default = disable).

expire <integer>

Set the number of days after which admin users' passwords will expire (0 - 3650, 0 = never, default = 0).

password-history <integer>

Set the number of unique new passwords that must be used before old password can be reused (0 - 20, default = 0).