Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    Home FortiWeb 6.4.2 CLI Reference
    6.4.2
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.3.23
    6.3.19
    6.3.18
    6.3.17
    6.3.16
    6.3.15
    6.3.14
    6.3.13
    6.3.11
    6.3.10
    6.3.9
    6.3.7
    6.3.6
    6.3.5
    6.3.4
    6.3.3
    6.3.2
    6.3.1
    6.3.0
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.2
    6.1.1
    5.7.0
    5.6.1
    5.6.0

    system password-policy

    system password-policy

    Use this command to configure a password policy for administrator accounts that set rules for password characteristics.

    Syntax

    config system password-policy

    set status {enable | disable}

    set min-length-option {enable | disable}

    set mini-length <mini-length_int>

    set single-admin-mode {enable | disable}

    set character-requirements {enable | disable}

    set min-upper-case-letter <min-upper-case-letter_int>

    set min-lower-case-letter <min-lower-case-letter_int>

    set mini-number <mini_number_int>

    set min-non-alphanumeric <min-non-alphanumeric_int>

    set forbid-password-reuse {enable | disable}

    set history-password-number <history-password-number_int>

    set expire-status {enable | disable}

    set expire-day <expire-day_int>

    end

    Variable Description Default

    status {enable | disable}

    		 Enable to enforce password rules for administrator accounts. When you configure rules for the password policy, administrator accounts that don't adhere to the password policy will be prompted to update their password upon logging in.
    For some cloud platforms such as AWS, Azure, and GCP, etc., it is enabled by default.

    disable

    min-length-option {enable | disable}

    		 Enable/disable to set the minimum length for the password. disable

    mini-length <mini-length_int>

    		 Enter the minimum password length. The valid range is 8–128.

    8

    single-admin-mode {enable | disable}

    		 Enable/disable to activate single admin user login. disable

    character-requirements {enable | disable}

    		 Enable/disable to set characters, upper/lower case, numbers (0–9), and special. 0

    min-upper-case-letter <min-upper-case-letter_int>

    		 Enter the number of upper case characters. The valid range is 0–128. 0

    min-lower-case-letter <min-lower-case-letter_int>

    		 Enter the number of lower case characters. The valid range is 0–128. 0

    mini-number <mini_number_int>

    		 Enter the number of number characters. The valid range is 0–128. Only numbers 0–9 are supported. 0

    min-non-alphanumeric <min-non-alphanumeric_int>

    		 Enter the number of special characters. The valid range is 0–128. 0

    forbid-password-reuse {enable | disable}

    		 Enable forbidding password re-use. disable

    history-password-number <history-password-number_int>

    		 Enter the number of history passwords that can not be re-used. The valid range is 1–10. 3

    expire-status {enable | disable}

    		 Enable password expiration. disable

    expire-day <expire-day_int>

    		 Enter the valid period for the password. The valid range 1–999 days 90

    Example

    This example enables configuration of the password policy.

    config system password-policy

    set status enable

    set system password-policy

    set min-length 8

    set single-admin-mode enable

    set character-requirements enable

    set min-upper-case-letter 2

    set min-lower-case-letter 2

    set min-number 2

    set min-non-alphanumeric 3

    set forbid-password-reuse enable

    set history-password-number 2

    set expire-status enable

    set expire-day 100

    end

    Previous
    Next

    system password-policy

    system password-policy

    Use this command to configure a password policy for administrator accounts that set rules for password characteristics.

    Syntax

    config system password-policy

    set status {enable | disable}

    set min-length-option {enable | disable}

    set mini-length <mini-length_int>

    set single-admin-mode {enable | disable}

    set character-requirements {enable | disable}

    set min-upper-case-letter <min-upper-case-letter_int>

    set min-lower-case-letter <min-lower-case-letter_int>

    set mini-number <mini_number_int>

    set min-non-alphanumeric <min-non-alphanumeric_int>

    set forbid-password-reuse {enable | disable}

    set history-password-number <history-password-number_int>

    set expire-status {enable | disable}

    set expire-day <expire-day_int>

    end

    Variable Description Default

    status {enable | disable}

    		 Enable to enforce password rules for administrator accounts. When you configure rules for the password policy, administrator accounts that don't adhere to the password policy will be prompted to update their password upon logging in.
    For some cloud platforms such as AWS, Azure, and GCP, etc., it is enabled by default.

    disable

    min-length-option {enable | disable}

    		 Enable/disable to set the minimum length for the password. disable

    mini-length <mini-length_int>

    		 Enter the minimum password length. The valid range is 8–128.

    8

    single-admin-mode {enable | disable}

    		 Enable/disable to activate single admin user login. disable

    character-requirements {enable | disable}

    		 Enable/disable to set characters, upper/lower case, numbers (0–9), and special. 0

    min-upper-case-letter <min-upper-case-letter_int>

    		 Enter the number of upper case characters. The valid range is 0–128. 0

    min-lower-case-letter <min-lower-case-letter_int>

    		 Enter the number of lower case characters. The valid range is 0–128. 0

    mini-number <mini_number_int>

    		 Enter the number of number characters. The valid range is 0–128. Only numbers 0–9 are supported. 0

    min-non-alphanumeric <min-non-alphanumeric_int>

    		 Enter the number of special characters. The valid range is 0–128. 0

    forbid-password-reuse {enable | disable}

    		 Enable forbidding password re-use. disable

    history-password-number <history-password-number_int>

    		 Enter the number of history passwords that can not be re-used. The valid range is 1–10. 3

    expire-status {enable | disable}

    		 Enable password expiration. disable

    expire-day <expire-day_int>

    		 Enter the valid period for the password. The valid range 1–999 days 90

    Example

    This example enables configuration of the password policy.

    config system password-policy

    set status enable

    set system password-policy

    set min-length 8

    set single-admin-mode enable

    set character-requirements enable

    set min-upper-case-letter 2

    set min-lower-case-letter 2

    set min-number 2

    set min-non-alphanumeric 3

    set forbid-password-reuse enable

    set history-password-number 2

    set expire-status enable

    set expire-day 100

    end

    Previous
    Next