Global Admin – Password Policy – FortiAnalyzer – FortiOS 6.2.3

Password policy

You can enable and configure password policy for the FortiAnalyzer.

To configure the password policy:

  1. Go to System Settings > Admin > Admin Settings.
  2. Click to enable Password Policy.
  3. Configure the following settings, then click Apply to apply to password policy.
Minimum Length Specify the minimum number of characters that a password must be, from 8 to 32. Default: 8.
Must Contain Specify the types of characters a password must contain: uppercase and lowercase letters, numbers, and/or special characters.
Admin Password

Expires after

Specify the number of days a password is valid for. When the time expires, an administrator will be prompted to enter a new password.

Password lockout and retry attempts

By default, the number password retry attempts is set to three, allowing the administrator a maximum of three attempts at logging in to their account before they are locked out for a set amount of time (by default, 60 seconds).

The number of attempts and the default wait time before the administrator can try to enter a password again can be customized. Both settings can be configured using the CLI.

To configure the lockout duration:

  1. Enter the following CLI commands:

config system global set admin-lockout-duration <seconds>

end

To configure the number of retry attempts:

  1. Enter the following CLI commands:

config system global set admin-lockout-threshold <failed_attempts>

end

Example

To set the lockout threshold to one attempt and set a five minute duration before the administrator can try to log in again, enter the following CLI commands:

config system global set admin-lockout-duration 300 set admin-lockout-threshold 1

end


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

This entry was posted in Administration Guides, FortiAnalyzer, FortiOS 6.2 on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.