Fortinet black logo

CLI Reference

config system password-policy

config system password-policy

Configure password policy for locally defined administrator passwords and IPsec VPN pre-shared keys.

config system password-policy

Description: Configure password policy for locally defined administrator passwords and IPsec VPN pre-shared keys.

set status [enable|disable]

set apply-to {option1}, {option2}, ...

set minimum-length {integer}

set min-lower-case-letter {integer}

set min-upper-case-letter {integer}

set min-non-alphanumeric {integer}

set min-number {integer}

set change-4-characters [enable|disable]

set expire-status [enable|disable]

set expire-day {integer}

set reuse-password [enable|disable]

end

config system password-policy

Parameter name

Description

Type

Size

status

Enable/disable setting a password policy for locally defined administrator passwords and IPsec VPN pre-shared keys.

option

-

Option

Description

enable

Enable password policy.

disable

Disable password policy.

apply-to

Apply password policy to administrator passwords or IPsec pre-shared keys or both. Separate entries with a space.

option

-

Option

Description

admin-password

Apply to administrator passwords.

ipsec-preshared-key

Apply to IPsec pre-shared keys.

minimum-length

Minimum password length (8 - 128, default = 8).

integer

Minimum value: 8 Maximum value: 128

min-lower-case-letter

Minimum number of lowercase characters in password (0 - 128, default = 0).

integer

Minimum value: 0 Maximum value: 128

min-upper-case-letter

Minimum number of uppercase characters in password (0 - 128, default = 0).

integer

Minimum value: 0 Maximum value: 128

min-non-alphanumeric

Minimum number of non-alphanumeric characters in password (0 - 128, default = 0).

integer

Minimum value: 0 Maximum value: 128

min-number

Minimum number of numeric characters in password (0 - 128, default = 0).

integer

Minimum value: 0 Maximum value: 128

change-4-characters

Enable/disable changing at least 4 characters for a new password (This attribute overrides reuse-password if both are enabled).

option

-

Option

Description

enable

Enable requiring that at least 4 characters must be changed in a new password.

disable

No requirements for the number of characters to change in a new password. A new password can be the same as the old password.

expire-status

Enable/disable password expiration.

option

-

Option

Description

enable

Passwords expire after expire-day days.

disable

Passwords do not expire.

expire-day

Number of days after which passwords expire (1 - 999 days, default = 90).

integer

Minimum value: 1 Maximum value: 999

reuse-password

Enable/disable reusing of password (if both reuse-password and change-4-characters are enabled, change-4-characters overrides).

option

-

Option

Description

enable

Administrators are allowed to reuse the same password.

disable

Administrators must create a new password.

config system password-policy

Configure password policy for locally defined administrator passwords and IPsec VPN pre-shared keys.

config system password-policy

Description: Configure password policy for locally defined administrator passwords and IPsec VPN pre-shared keys.

set status [enable|disable]

set apply-to {option1}, {option2}, ...

set minimum-length {integer}

set min-lower-case-letter {integer}

set min-upper-case-letter {integer}

set min-non-alphanumeric {integer}

set min-number {integer}

set change-4-characters [enable|disable]

set expire-status [enable|disable]

set expire-day {integer}

set reuse-password [enable|disable]

end

config system password-policy

Parameter name

Description

Type

Size

status

Enable/disable setting a password policy for locally defined administrator passwords and IPsec VPN pre-shared keys.

option

-

Option

Description

enable

Enable password policy.

disable

Disable password policy.

apply-to

Apply password policy to administrator passwords or IPsec pre-shared keys or both. Separate entries with a space.

option

-

Option

Description

admin-password

Apply to administrator passwords.

ipsec-preshared-key

Apply to IPsec pre-shared keys.

minimum-length

Minimum password length (8 - 128, default = 8).

integer

Minimum value: 8 Maximum value: 128

min-lower-case-letter

Minimum number of lowercase characters in password (0 - 128, default = 0).

integer

Minimum value: 0 Maximum value: 128

min-upper-case-letter

Minimum number of uppercase characters in password (0 - 128, default = 0).

integer

Minimum value: 0 Maximum value: 128

min-non-alphanumeric

Minimum number of non-alphanumeric characters in password (0 - 128, default = 0).

integer

Minimum value: 0 Maximum value: 128

min-number

Minimum number of numeric characters in password (0 - 128, default = 0).

integer

Minimum value: 0 Maximum value: 128

change-4-characters

Enable/disable changing at least 4 characters for a new password (This attribute overrides reuse-password if both are enabled).

option

-

Option

Description

enable

Enable requiring that at least 4 characters must be changed in a new password.

disable

No requirements for the number of characters to change in a new password. A new password can be the same as the old password.

expire-status

Enable/disable password expiration.

option

-

Option

Description

enable

Passwords expire after expire-day days.

disable

Passwords do not expire.

expire-day

Number of days after which passwords expire (1 - 999 days, default = 90).

integer

Minimum value: 1 Maximum value: 999

reuse-password

Enable/disable reusing of password (if both reuse-password and change-4-characters are enabled, change-4-characters overrides).

option

-

Option

Description

enable

Administrators are allowed to reuse the same password.

disable

Administrators must create a new password.