Fortinet white logo
Fortinet white logo

CLI Reference

system password-policy

system password-policy

Use this command to configure a password policy for administrator accounts that set rules for password characteristics.

Syntax

config system password-policy

set status {enable | disable}

set min-length-option {enable | disable}

set mini-length <mini-length_int>

set single-admin-mode {enable | disable}

set character-requirements {enable | disable}

set min-upper-case-letter <min-upper-case-letter_int>

set min-lower-case-letter <min-lower-case-letter_int>

set mini-number <mini_number_int>

set min-non-alphanumeric <min-non-alphanumeric_int>

set forbid-password-reuse {enable | disable}

set history-password-number <history-password-number_int>

set expire-status {enable | disable}

set expire-day <expire-day_int>

end

Variable Description Default

status {enable | disable}

Enable to enforce password rules for administrator accounts. When you configure rules for the password policy, administrator accounts that don't adhere to the password policy will be prompted to update their password upon logging in.
For some cloud platforms such as AWS, Azure, and GCP, etc., it is enabled by default.

disable

min-length-option {enable | disable}

Enable/disable to set the minimum length for the password. disable

mini-length <mini-length_int>

Enter the minimum password length. The valid range is 8–128.

8

single-admin-mode {enable | disable}

Enable/disable to activate single admin user login. disable

character-requirements {enable | disable}

Enable/disable to set characters, upper/lower case, numbers (0–9), and special. 0

min-upper-case-letter <min-upper-case-letter_int>

Enter the number of upper case characters. The valid range is 0–128. 0

min-lower-case-letter <min-lower-case-letter_int>

Enter the number of lower case characters. The valid range is 0–128. 0

mini-number <mini_number_int>

Enter the number of number characters. The valid range is 0–128. Only numbers 0–9 are supported. 0

min-non-alphanumeric <min-non-alphanumeric_int>

Enter the number of special characters. The valid range is 0–128. 0

forbid-password-reuse {enable | disable}

Enable forbidding password re-use. disable

history-password-number <history-password-number_int>

Enter the number of history passwords that can not be re-used. The valid range is 1–10. 3

expire-status {enable | disable}

Enable password expiration. disable

expire-day <expire-day_int>

Enter the valid period for the password. The valid range 1–999 days 90

Example

This example enables configuration of the password policy.

config system password-policy

set status enable

set system password-policy

set min-length 8

set single-admin-mode enable

set character-requirements enable

set min-upper-case-letter 2

set min-lower-case-letter 2

set min-number 2

set min-non-alphanumeric 3

set forbid-password-reuse enable

set history-password-number 2

set expire-status enable

set expire-day 100

end

system password-policy

system password-policy

Use this command to configure a password policy for administrator accounts that set rules for password characteristics.

Syntax

config system password-policy

set status {enable | disable}

set min-length-option {enable | disable}

set mini-length <mini-length_int>

set single-admin-mode {enable | disable}

set character-requirements {enable | disable}

set min-upper-case-letter <min-upper-case-letter_int>

set min-lower-case-letter <min-lower-case-letter_int>

set mini-number <mini_number_int>

set min-non-alphanumeric <min-non-alphanumeric_int>

set forbid-password-reuse {enable | disable}

set history-password-number <history-password-number_int>

set expire-status {enable | disable}

set expire-day <expire-day_int>

end

Variable Description Default

status {enable | disable}

Enable to enforce password rules for administrator accounts. When you configure rules for the password policy, administrator accounts that don't adhere to the password policy will be prompted to update their password upon logging in.
For some cloud platforms such as AWS, Azure, and GCP, etc., it is enabled by default.

disable

min-length-option {enable | disable}

Enable/disable to set the minimum length for the password. disable

mini-length <mini-length_int>

Enter the minimum password length. The valid range is 8–128.

8

single-admin-mode {enable | disable}

Enable/disable to activate single admin user login. disable

character-requirements {enable | disable}

Enable/disable to set characters, upper/lower case, numbers (0–9), and special. 0

min-upper-case-letter <min-upper-case-letter_int>

Enter the number of upper case characters. The valid range is 0–128. 0

min-lower-case-letter <min-lower-case-letter_int>

Enter the number of lower case characters. The valid range is 0–128. 0

mini-number <mini_number_int>

Enter the number of number characters. The valid range is 0–128. Only numbers 0–9 are supported. 0

min-non-alphanumeric <min-non-alphanumeric_int>

Enter the number of special characters. The valid range is 0–128. 0

forbid-password-reuse {enable | disable}

Enable forbidding password re-use. disable

history-password-number <history-password-number_int>

Enter the number of history passwords that can not be re-used. The valid range is 1–10. 3

expire-status {enable | disable}

Enable password expiration. disable

expire-day <expire-day_int>

Enter the valid period for the password. The valid range 1–999 days 90

Example

This example enables configuration of the password policy.

config system password-policy

set status enable

set system password-policy

set min-length 8

set single-admin-mode enable

set character-requirements enable

set min-upper-case-letter 2

set min-lower-case-letter 2

set min-number 2

set min-non-alphanumeric 3

set forbid-password-reuse enable

set history-password-number 2

set expire-status enable

set expire-day 100

end