Fortinet black logo

CLI Reference

user password-policy

user password-policy

Use this command to create password policies that warn users that their password will expire. When a configurable number of days has been reached, the user will have the opportunity to renew their password before the expiration day is reached. Once the policies have been created, you must then apply them to the user with the passwd-policy entry under the user local command. Password policies can be applied to any user (not just local users), however password policies cannot be applied to a user group.

config user password-policy
    edit {name}
    # Configure user password policy.
        set name {string}   Password policy name. size[35]
        set expire-days {integer}   Time in days before the user's password expires. range[0-999]
        set warn-days {integer}   Time in days before a password expiration warning message is displayed to the user upon login. range[0-30]
    next
end

Additional information

The following section is for those options that require additional explanation.

expire-days <days>

Period of time in days before the user's password expires. Set the value between 0-999. Default is set to 180.

warn-days <days>

Period of time in days before the user is provided a password expiration warning message upon login. Set the value between 0-30. Default is set to 15.

user password-policy

Use this command to create password policies that warn users that their password will expire. When a configurable number of days has been reached, the user will have the opportunity to renew their password before the expiration day is reached. Once the policies have been created, you must then apply them to the user with the passwd-policy entry under the user local command. Password policies can be applied to any user (not just local users), however password policies cannot be applied to a user group.

config user password-policy
    edit {name}
    # Configure user password policy.
        set name {string}   Password policy name. size[35]
        set expire-days {integer}   Time in days before the user's password expires. range[0-999]
        set warn-days {integer}   Time in days before a password expiration warning message is displayed to the user upon login. range[0-30]
    next
end

Additional information

The following section is for those options that require additional explanation.

expire-days <days>

Period of time in days before the user's password expires. Set the value between 0-999. Default is set to 180.

warn-days <days>

Period of time in days before the user is provided a password expiration warning message upon login. Set the value between 0-30. Default is set to 15.