Fortinet white logo
Fortinet white logo

CLI Reference

system password-policy

Configure password policy for locally defined administrator passwords and IPsec VPN pre-shared keys.

  config system password-policy
      Description: Configure password policy for locally defined administrator passwords and IPsec VPN pre-shared keys.
      set status [enable|disable]
      set apply-to {option1}, {option2}, ...
      set minimum-length {integer}
      set min-lower-case-letter {integer}
      set min-upper-case-letter {integer}
      set min-non-alphanumeric {integer}
      set min-number {integer}
      set change-4-characters [enable|disable]
      set expire-status [enable|disable]
      set expire-day {integer}
      set reuse-password [enable|disable]
  end

config system password-policy

Parameter Name Description Type Size
status Enable/disable setting a password policy for locally defined administrator passwords and IPsec VPN pre-shared keys.
enable: Enable password policy.
disable: Disable password policy.
option -
apply-to Apply password policy to administrator passwords or IPsec pre-shared keys or both. Separate entries with a space.
admin-password: Apply to administrator passwords.
ipsec-preshared-key: Apply to IPsec pre-shared keys.
option -
minimum-length Minimum password length (8 - 128, default = 8). integer Minimum value: 8 Maximum value: 128
min-lower-case-letter Minimum number of lowercase characters in password (0 - 128, default = 0). integer Minimum value: 0 Maximum value: 128
min-upper-case-letter Minimum number of uppercase characters in password (0 - 128, default = 0). integer Minimum value: 0 Maximum value: 128
min-non-alphanumeric Minimum number of non-alphanumeric characters in password (0 - 128, default = 0). integer Minimum value: 0 Maximum value: 128
min-number Minimum number of numeric characters in password (0 - 128, default = 0). integer Minimum value: 0 Maximum value: 128
change-4-characters Enable/disable changing at least 4 characters for a new password (This attribute overrides reuse-password if both are enabled).
enable: Enable requiring that at least 4 characters must be changed in a new password.
disable: No requirements for the number of characters to change in a new password. A new password can be the same as the old password.
option -
expire-status Enable/disable password expiration.
enable: Passwords expire after expire-day days.
disable: Passwords do not expire.
option -
expire-day Number of days after which passwords expire (1 - 999 days, default = 90). integer Minimum value: 1 Maximum value: 999
reuse-password Enable/disable reusing of password (if both reuse-password and change-4-characters are enabled, change-4-characters overrides).
enable: Administrators are allowed to reuse the same password.
disable: Administrators must create a new password.
option -

system password-policy

Configure password policy for locally defined administrator passwords and IPsec VPN pre-shared keys.

  config system password-policy
      Description: Configure password policy for locally defined administrator passwords and IPsec VPN pre-shared keys.
      set status [enable|disable]
      set apply-to {option1}, {option2}, ...
      set minimum-length {integer}
      set min-lower-case-letter {integer}
      set min-upper-case-letter {integer}
      set min-non-alphanumeric {integer}
      set min-number {integer}
      set change-4-characters [enable|disable]
      set expire-status [enable|disable]
      set expire-day {integer}
      set reuse-password [enable|disable]
  end

config system password-policy

Parameter Name Description Type Size
status Enable/disable setting a password policy for locally defined administrator passwords and IPsec VPN pre-shared keys.
enable: Enable password policy.
disable: Disable password policy.
option -
apply-to Apply password policy to administrator passwords or IPsec pre-shared keys or both. Separate entries with a space.
admin-password: Apply to administrator passwords.
ipsec-preshared-key: Apply to IPsec pre-shared keys.
option -
minimum-length Minimum password length (8 - 128, default = 8). integer Minimum value: 8 Maximum value: 128
min-lower-case-letter Minimum number of lowercase characters in password (0 - 128, default = 0). integer Minimum value: 0 Maximum value: 128
min-upper-case-letter Minimum number of uppercase characters in password (0 - 128, default = 0). integer Minimum value: 0 Maximum value: 128
min-non-alphanumeric Minimum number of non-alphanumeric characters in password (0 - 128, default = 0). integer Minimum value: 0 Maximum value: 128
min-number Minimum number of numeric characters in password (0 - 128, default = 0). integer Minimum value: 0 Maximum value: 128
change-4-characters Enable/disable changing at least 4 characters for a new password (This attribute overrides reuse-password if both are enabled).
enable: Enable requiring that at least 4 characters must be changed in a new password.
disable: No requirements for the number of characters to change in a new password. A new password can be the same as the old password.
option -
expire-status Enable/disable password expiration.
enable: Passwords expire after expire-day days.
disable: Passwords do not expire.
option -
expire-day Number of days after which passwords expire (1 - 999 days, default = 90). integer Minimum value: 1 Maximum value: 999
reuse-password Enable/disable reusing of password (if both reuse-password and change-4-characters are enabled, change-4-characters overrides).
enable: Administrators are allowed to reuse the same password.
disable: Administrators must create a new password.
option -