Fortinet Document Library

Version:


Table of Contents

CLI Reference

6.0.6
Download PDF
Copy Link

system password-policy

Configure a password policy to be used for administrator accounts and/or IPsec VPN pre-shared keys.

config system password-policy
    set status {enable | disable}   Enable/disable setting a password policy for locally defined administrator passwords and IPsec VPN pre-shared keys.
    set apply-to {admin-password | ipsec-preshared-key}   Apply password policy to administrator passwords or IPsec pre-shared keys or both. Separate entries with a space.
            admin-password       Apply to administrator passwords.
            ipsec-preshared-key  Apply to IPsec pre-shared keys.
    set minimum-length {integer}   Minimum password length (8 - 128, default = 8). range[8-128]
    set min-lower-case-letter {integer}   Minimum number of lowercase characters in password (0 - 128, default = 0). range[0-128]
    set min-upper-case-letter {integer}   Minimum number of uppercase characters in password (0 - 128, default = 0). range[0-128]
    set min-non-alphanumeric {integer}   Minimum number of non-alphanumeric characters in password (0 - 128, default = 0). range[0-128]
    set min-number {integer}   Minimum number of numeric characters in password (0 - 128, default = 0). range[0-128]
    set change-4-characters {enable | disable}   Enable/disable changing at least 4 characters for a new password (This attribute overrides reuse-password if both are enabled).
    set expire-status {enable | disable}   Enable/disable password expiration.
    set expire-day {integer}   Number of days after which passwords expire (1 - 999 days, default = 90). range[1-999]
    set reuse-password {enable | disable}   Enable/disable reusing of password (if both reuse-password and change-4-characters are enabled, change-4-characters overrides).
end

status {enable | disable}

Enable or disable enforcing a password policy. Disabled by default.

apply to {admin-password | ipsec-preshared-key}

Select which passwords must follow the policy. The options are the passwords for administrative accounts, IPsec VPN pre-shared keys, or both. The default is admin-password.

minimum-length <int>

Set the minimum number of characters required for a password. The default is 8.

min-lower-case-letter <int>

Set the minimum number of lower case letters that must be used in a password. The default is 0.

min-upper-case-letter <int>

Set the minimum number of upper case letters that must be used in a password. The default is 0.

min-non-alphanumeric <int>

Set the minimum number of non-alphanumeric characters that must be used in a password. The default is 0.

min-number <int>

Set the minimum number of numbers that must be used in a password. The default is 0.

change-4-characters {enable | disable}

Enable or disable to require a new password to differ from the old password by at least four characters. Disabled by default.

expire-status {enable | disable}

Enable or disable password expiration. Disabled by default.

expire-day <int>

Set the number of days after which a password expires. The default is 90. This option only appears when expire-status is enabled.

reuse-password {enable | disable}

Enable or disable allowing users to re-use a password. Enabled by default.

system password-policy

Configure a password policy to be used for administrator accounts and/or IPsec VPN pre-shared keys.

config system password-policy
    set status {enable | disable}   Enable/disable setting a password policy for locally defined administrator passwords and IPsec VPN pre-shared keys.
    set apply-to {admin-password | ipsec-preshared-key}   Apply password policy to administrator passwords or IPsec pre-shared keys or both. Separate entries with a space.
            admin-password       Apply to administrator passwords.
            ipsec-preshared-key  Apply to IPsec pre-shared keys.
    set minimum-length {integer}   Minimum password length (8 - 128, default = 8). range[8-128]
    set min-lower-case-letter {integer}   Minimum number of lowercase characters in password (0 - 128, default = 0). range[0-128]
    set min-upper-case-letter {integer}   Minimum number of uppercase characters in password (0 - 128, default = 0). range[0-128]
    set min-non-alphanumeric {integer}   Minimum number of non-alphanumeric characters in password (0 - 128, default = 0). range[0-128]
    set min-number {integer}   Minimum number of numeric characters in password (0 - 128, default = 0). range[0-128]
    set change-4-characters {enable | disable}   Enable/disable changing at least 4 characters for a new password (This attribute overrides reuse-password if both are enabled).
    set expire-status {enable | disable}   Enable/disable password expiration.
    set expire-day {integer}   Number of days after which passwords expire (1 - 999 days, default = 90). range[1-999]
    set reuse-password {enable | disable}   Enable/disable reusing of password (if both reuse-password and change-4-characters are enabled, change-4-characters overrides).
end

status {enable | disable}

Enable or disable enforcing a password policy. Disabled by default.

apply to {admin-password | ipsec-preshared-key}

Select which passwords must follow the policy. The options are the passwords for administrative accounts, IPsec VPN pre-shared keys, or both. The default is admin-password.

minimum-length <int>

Set the minimum number of characters required for a password. The default is 8.

min-lower-case-letter <int>

Set the minimum number of lower case letters that must be used in a password. The default is 0.

min-upper-case-letter <int>

Set the minimum number of upper case letters that must be used in a password. The default is 0.

min-non-alphanumeric <int>

Set the minimum number of non-alphanumeric characters that must be used in a password. The default is 0.

min-number <int>

Set the minimum number of numbers that must be used in a password. The default is 0.

change-4-characters {enable | disable}

Enable or disable to require a new password to differ from the old password by at least four characters. Disabled by default.

expire-status {enable | disable}

Enable or disable password expiration. Disabled by default.

expire-day <int>

Set the number of days after which a password expires. The default is 90. This option only appears when expire-status is enabled.

reuse-password {enable | disable}

Enable or disable allowing users to re-use a password. Enabled by default.