Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiSandbox 5.0.0 Administration Guide
    5.0.0
    5.0.0
    4.4.6
    4.4.5
    4.4.4
    4.4.3
    4.4.2
    4.4.1
    4.4.0
    4.2.7
    4.2.6
    4.2.5
    4.2.4
    4.2.3
    4.2.2
    4.2.1
    4.2.0
    4.0.5
    4.0.4
    4.0.3
    4.0.2
    4.0.1
    4.0.0
    3.2.4
    3.2.3
    3.2.2
    3.2.1
    3.2.0
    3.1.5
    3.1.4
    3.1.3
    3.1.2
    3.1.1
    3.1.0
    3.0.7
    3.0.6

    Password Policy

    Password Policy

    Allow admin users to configure a user password policy. The new password policy will affect all local administrators.

    FortiSandbox allows you to create a password policy for local administrators. With this policy, you can enforce regular changes and specific criteria for a password policy including:

    • The minimum character requirements. Such as requirements for numbers, uppercase and special characters.
    • The number of days a password is set to expire for all local administrators.
    • If the new password must be unused.

    If you add a password policy or change the requirements on an existing policy, users that are already logged into FortiSandbox may have their session interrupted to update the password to meet the new policy. Otherwise, the next time an administrator logs into the FortiSandbox via GUI/SSH/Telnet, the local administrator is prompted to update the password to meet the new requirements before proceeding to log in.

    To create a password policy:

    1. Go to System > Password Policy.
    2. Click Enable. The User Password Policy page expands.
    3. Configure the password policy.
      Minimum password lengthEnter the minimum number characters the password must contain. The default is 6.
      Minimum character requirements

      Enable to specify the number required characters.

      Lower caseEnter the required number of lowercase characters. The default is 0.
      Upper caseEnter the required number of uppercase characters. The default is 0.
      Non-alphanumericEnter the required number of Non-alphanumeric characters. The default is 0.
      NumericEnter the required number of numeric characters. The default is 0.
      Enable password expiration (days) Enable to enter the number of days is set to expire. The default is 90 days,
      Allow password reuseAllow the user to reuse an old password. This option is enabled by default.

    4. Click Apply.
    Tooltip
    • The Notifications icon in FortiSandbox will alert administrators the password will expire seven days before the expiration date
    • The password policy is also applied to following related features:
      • Maintainer account login FSA to reset the built-in admin's password. For more information, see the Best Practices Guide > Resetting user’s admin password.
      • Using CLI to create a new administrator.
      • The Json API function 33 Configure system administrator.

    Password Best Practices

    Brute force password software can launch more than just dictionary attacks. It can discover common passwords where a letter is replaced by a number. For example, if p4ssw0rd is used as a password, it can be cracked.

    Using secure passwords is vital to preventing unauthorized access to your FortiSandbox. When changing the password, consider the following to ensure better security:

    • Do not use passwords that are obvious, such as the company name, administrator names, or other obvious words or phrases.
    • Use numbers in place of letters, for example: passw0rd.
    • Administrator passwords can be up to 64 characters.
    • Include a mixture of numbers, symbols, and upper and lower case letters.
    • Use multiple words together, or possibly even a sentence, for example: correcthorsebatterystaple.
    • Use a password generator.
    • Change the password regularly and always make the new password is unique and not a variation of the existing password. For example, do not change from password to password1.
    • Make note of the password and store it in a safe place away from the management computer, in case you forget it; or ensure at least two people know the password in the event one person becomes unavailable. Alternatively, have two different admin logins.
    Previous
    Next

    Password Policy

    Password Policy

    Allow admin users to configure a user password policy. The new password policy will affect all local administrators.

    FortiSandbox allows you to create a password policy for local administrators. With this policy, you can enforce regular changes and specific criteria for a password policy including:

    • The minimum character requirements. Such as requirements for numbers, uppercase and special characters.
    • The number of days a password is set to expire for all local administrators.
    • If the new password must be unused.

    If you add a password policy or change the requirements on an existing policy, users that are already logged into FortiSandbox may have their session interrupted to update the password to meet the new policy. Otherwise, the next time an administrator logs into the FortiSandbox via GUI/SSH/Telnet, the local administrator is prompted to update the password to meet the new requirements before proceeding to log in.

    To create a password policy:

    1. Go to System > Password Policy.
    2. Click Enable. The User Password Policy page expands.
    3. Configure the password policy.
      Minimum password lengthEnter the minimum number characters the password must contain. The default is 6.
      Minimum character requirements

      Enable to specify the number required characters.

      Lower caseEnter the required number of lowercase characters. The default is 0.
      Upper caseEnter the required number of uppercase characters. The default is 0.
      Non-alphanumericEnter the required number of Non-alphanumeric characters. The default is 0.
      NumericEnter the required number of numeric characters. The default is 0.
      Enable password expiration (days) Enable to enter the number of days is set to expire. The default is 90 days,
      Allow password reuseAllow the user to reuse an old password. This option is enabled by default.

    4. Click Apply.
    Tooltip
    • The Notifications icon in FortiSandbox will alert administrators the password will expire seven days before the expiration date
    • The password policy is also applied to following related features:
      • Maintainer account login FSA to reset the built-in admin's password. For more information, see the Best Practices Guide > Resetting user’s admin password.
      • Using CLI to create a new administrator.
      • The Json API function 33 Configure system administrator.

    Password Best Practices

    Brute force password software can launch more than just dictionary attacks. It can discover common passwords where a letter is replaced by a number. For example, if p4ssw0rd is used as a password, it can be cracked.

    Using secure passwords is vital to preventing unauthorized access to your FortiSandbox. When changing the password, consider the following to ensure better security:

    • Do not use passwords that are obvious, such as the company name, administrator names, or other obvious words or phrases.
    • Use numbers in place of letters, for example: passw0rd.
    • Administrator passwords can be up to 64 characters.
    • Include a mixture of numbers, symbols, and upper and lower case letters.
    • Use multiple words together, or possibly even a sentence, for example: correcthorsebatterystaple.
    • Use a password generator.
    • Change the password regularly and always make the new password is unique and not a variation of the existing password. For example, do not change from password to password1.
    • Make note of the password and store it in a safe place away from the management computer, in case you forget it; or ensure at least two people know the password in the event one person becomes unavailable. Alternatively, have two different admin logins.
    Previous
    Next