Fortinet white logo
Fortinet white logo

CLI Reference

config system password-policy

config system password-policy

Configure password policy for locally defined administrator passwords and IPsec VPN pre-shared keys.

config system password-policy
    Description: Configure password policy for locally defined administrator passwords and IPsec VPN pre-shared keys.
    set apply-to {option1}, {option2}, ...
    set expire-day {integer}
    set expire-status [enable|disable]
    set login-lockout-upon-downgrade [enable|disable]
    set min-change-characters {integer}
    set min-lower-case-letter {integer}
    set min-non-alphanumeric {integer}
    set min-number {integer}
    set min-upper-case-letter {integer}
    set minimum-length {integer}
    set reuse-password [enable|disable]
    set reuse-password-limit {integer}
    set status [enable|disable]
end

config system password-policy

Parameter

Description

Type

Size

Default

apply-to

Apply password policy to administrator passwords or IPsec pre-shared keys or both. Separate entries with a space.

option

-

admin-password

Option

Description

admin-password

Apply to administrator passwords.

ipsec-preshared-key

Apply to IPsec pre-shared keys.

expire-day

Number of days after which passwords expire.

integer

Minimum value: 1 Maximum value: 999

90

expire-status

Enable/disable password expiration.

option

-

disable

Option

Description

enable

Passwords expire after expire-day days.

disable

Passwords do not expire.

login-lockout-upon-downgrade

Enable/disable administrative user login lockout upon downgrade (defaut = disable). If enabled, downgrading the FortiOS firmware to a lower version where safer passwords are unsupported will lock out administrative users.

option

-

disable

Option

Description

enable

Enable administrative user login lockout upon downgrade.

disable

Disable administrative user login lockout upon downgrade.

min-change-characters

Minimum number of unique characters in new password which do not exist in old password.

integer

Minimum value: 0 Maximum value: 128

0

min-lower-case-letter

Minimum number of lowercase characters in password.

integer

Minimum value: 0 Maximum value: 128

0

min-non-alphanumeric

Minimum number of non-alphanumeric characters in password.

integer

Minimum value: 0 Maximum value: 128

0

min-number

Minimum number of numeric characters in password.

integer

Minimum value: 0 Maximum value: 128

0

min-upper-case-letter

Minimum number of uppercase characters in password.

integer

Minimum value: 0 Maximum value: 128

0

minimum-length

Minimum password length.

integer

Minimum value: 8 Maximum value: 128

8

reuse-password

Enable/disable reuse of password. If both reuse-password and min-change-characters are enabled, min-change-characters overrides.

option

-

enable

Option

Description

enable

Administrators are allowed to reuse the same password up to a limit.

disable

Administrators must create a new password.

reuse-password-limit

Number of times passwords can be reused.

integer

Minimum value: 0 Maximum value: 20

0

status

Enable/disable setting a password policy for locally defined administrator passwords and IPsec VPN pre-shared keys.

option

-

disable

Option

Description

enable

Enable password policy.

disable

Disable password policy.

config system password-policy

config system password-policy

Configure password policy for locally defined administrator passwords and IPsec VPN pre-shared keys.

config system password-policy
    Description: Configure password policy for locally defined administrator passwords and IPsec VPN pre-shared keys.
    set apply-to {option1}, {option2}, ...
    set expire-day {integer}
    set expire-status [enable|disable]
    set login-lockout-upon-downgrade [enable|disable]
    set min-change-characters {integer}
    set min-lower-case-letter {integer}
    set min-non-alphanumeric {integer}
    set min-number {integer}
    set min-upper-case-letter {integer}
    set minimum-length {integer}
    set reuse-password [enable|disable]
    set reuse-password-limit {integer}
    set status [enable|disable]
end

config system password-policy

Parameter

Description

Type

Size

Default

apply-to

Apply password policy to administrator passwords or IPsec pre-shared keys or both. Separate entries with a space.

option

-

admin-password

Option

Description

admin-password

Apply to administrator passwords.

ipsec-preshared-key

Apply to IPsec pre-shared keys.

expire-day

Number of days after which passwords expire.

integer

Minimum value: 1 Maximum value: 999

90

expire-status

Enable/disable password expiration.

option

-

disable

Option

Description

enable

Passwords expire after expire-day days.

disable

Passwords do not expire.

login-lockout-upon-downgrade

Enable/disable administrative user login lockout upon downgrade (defaut = disable). If enabled, downgrading the FortiOS firmware to a lower version where safer passwords are unsupported will lock out administrative users.

option

-

disable

Option

Description

enable

Enable administrative user login lockout upon downgrade.

disable

Disable administrative user login lockout upon downgrade.

min-change-characters

Minimum number of unique characters in new password which do not exist in old password.

integer

Minimum value: 0 Maximum value: 128

0

min-lower-case-letter

Minimum number of lowercase characters in password.

integer

Minimum value: 0 Maximum value: 128

0

min-non-alphanumeric

Minimum number of non-alphanumeric characters in password.

integer

Minimum value: 0 Maximum value: 128

0

min-number

Minimum number of numeric characters in password.

integer

Minimum value: 0 Maximum value: 128

0

min-upper-case-letter

Minimum number of uppercase characters in password.

integer

Minimum value: 0 Maximum value: 128

0

minimum-length

Minimum password length.

integer

Minimum value: 8 Maximum value: 128

8

reuse-password

Enable/disable reuse of password. If both reuse-password and min-change-characters are enabled, min-change-characters overrides.

option

-

enable

Option

Description

enable

Administrators are allowed to reuse the same password up to a limit.

disable

Administrators must create a new password.

reuse-password-limit

Number of times passwords can be reused.

integer

Minimum value: 0 Maximum value: 20

0

status

Enable/disable setting a password policy for locally defined administrator passwords and IPsec VPN pre-shared keys.

option

-

disable

Option

Description

enable

Enable password policy.

disable

Disable password policy.