Global Admin – Password Policy – FortiAnalyzer – FortiOS 6.2.3

Password policy

You can enable and configure password policy for the FortiAnalyzer.

To configure the password policy:

  1. Go to System Settings > Admin > Admin Settings.
  2. Click to enable Password Policy.
  3. Configure the following settings, then click Apply to apply to password policy.
Minimum Length Specify the minimum number of characters that a password must be, from 8 to 32. Default: 8.
Must Contain Specify the types of characters a password must contain: uppercase and lowercase letters, numbers, and/or special characters.
Admin Password

Expires after

Specify the number of days a password is valid for. When the time expires, an administrator will be prompted to enter a new password.

Password lockout and retry attempts

By default, the number password retry attempts is set to three, allowing the administrator a maximum of three attempts at logging in to their account before they are locked out for a set amount of time (by default, 60 seconds).

The number of attempts and the default wait time before the administrator can try to enter a password again can be customized. Both settings can be configured using the CLI.

To configure the lockout duration:

  1. Enter the following CLI commands:

config system global set admin-lockout-duration <seconds>

end

To configure the number of retry attempts:

  1. Enter the following CLI commands:

config system global set admin-lockout-threshold <failed_attempts>

end

Example

To set the lockout threshold to one attempt and set a five minute duration before the administrator can try to log in again, enter the following CLI commands:

config system global set admin-lockout-duration 300 set admin-lockout-threshold 1

end

This entry was posted in Administration Guides, FortiAnalyzer, FortiOS 6.2 on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.