Fortigate - Require that passwords expire

Information

Require that passwords expire. Enforcing strong password policies reduces the chance that a password will be compromised.

Solution

Use this command to configure higher security requirements for administrator passwords and
IPsec VPN pre-shared keys.

config system password-policy
set status {enable | disable}
set apply-to [admin-password ipsec-preshared-key]
set change-4-characters {enable | disable}
set expire <days>
set minimum-length <chars>
set min-lower-case-letter <num_int>
set min-upper-case-letter <num_int>
set min-non-alphanumeric <num_int>
set min-number <num_int>
set expire-status {enable | disable}
set expire-day <num_int>
end

See Also

https://docs.fortinet.com/document/fortigate/6.4.0/hardening-your-fortigate/612504/hardening-your-fortigate

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1)(d)

Plugin: FortiGate

Control ID: 2f387cdc0f1af141671fd744b6e27c5a35b04ed5429804f255cc150707d67272