1. Home
    2. PAN-OS
    3. PAN-OS® Web Interface Reference Guide
    4. Device
    5. Device > Password Profiles
    Previous
    Next
    Device > Password Profiles Panorama > Password Profiles
    Select Device > Password Profiles or Panorama > Password Profiles to set basic password requirements for individual local accounts. Password profiles override any Minimum Password Complexity settings you defined for all local accounts ( Device > Setup > Management).
    To apply a password profile to an account, select Device > Administrators (for firewalls) or Panorama > Administrators (for Panorama), select an account, and then select the Password Profile.
    		 You cannot assign password profiles to administrative accounts that use local database authentication (see Device > Local User Database > Users).
    To create a password profile, click Add and enter the following information.
    Password Profile Setting Description
    Name Enter a name to identify the password profile (up to 31 characters). The name is case-sensitive and must be unique. Use only letters, numbers, spaces, hyphens, and underscores.
    Required Password Change Period (days) Require that administrators change their password on a regular basis specified a by the number of days set, ranging from 0-365 days. Example, if the value is set to 90, administrators will be prompted to change their password every 90 days. You can also set an expiration warning from 0-30 days and specify a grace period.
    Expiration Warning Period (days) If a required password change period is set, this setting can be used to prompt the user to change their password at each log in as the forced password change date approaches (range is 0–30).
    Post Expiration Admin Login Count Allow the administrator to log in a specified number of times after their account has expired. Example, if the value is set to 3 and their account has expired, they can log in 3 more times before their account is locked out (range is 0–3).
    Post Expiration Grace Period (days) Allow the administrator to log in the specified number of days after their account has expired (range is 0–30).
    Username and Password Requirements
    The following table lists the valid characters that can be used in usernames and passwords for PAN-OS and Panorama accounts.
    Account Type Username and Password Restrictions
    Password Character Set There are no restrictions on any password field character sets.
    Remote Admin, SSL-VPN, or Captive Portal The following characters are not allowed for the username: Backtick (`) Angular brackets (< and >) Ampersand (&) Asterisk (*) At sign (@) Question mark (?) Pipe (|) Single-Quote (‘) Semicolon (;) Double-Quote (") Dollar ($) Parentheses ( '(' and ')' ) Colon (':')
    Local Administrator Accounts The following are the allowed characters for local usernames: Lowercase (a-z) Uppercase (A-Z) Numeric (0-9) Underscore (_) Period (.) Hyphen (-) Login names cannot start with a hyphen (-).
    Previous
    Next

    Related Documentation

    Configure Panorama Password Profiles and Complexity

    Configure Panorama Password Profiles and Complexity To secure the local administrator account, you can define password complexity requirements that are enforced when administrators change or ...

    Device > Setup > Management

    Device > Setup > Management Device > Setup > Management Panorama > Setup > Management On a firewall, select Device > Setup > Management to ...

    Configure an Administrative Account

    Configure an Administrative Account Administrative accounts specify roles and authentication methods for the administrators of Palo Alto Networks firewalls. Configure an Administrative Account ( Optional ...

    Device > Local User Database > Users

    Device > Local User Database > Users You can set up a local database on the firewall to store authentication information for firewall administrators , ...

    Customizable Password Expiry Notification Message

    Customizable Password Expiry Notification Message When using LDAP as the authentication method, you can now configure an optional custom password expiry notification message in the ...

    Panorama > Administrators

    Panorama > Administrators Panorama administrative accounts define administrator role and authentication parameters . To unlock a locked account, click the lock in the Locked User ...

    Set Up External Authentication

    Set Up External Authentication The following workflow describes how to set up the GlobalProtect portal and gateways to use an external authentication service. The supported ...

    Device > Administrators

    Device > Administrators Administrator accounts control access to firewalls and Panorama. A firewall administrator can have full or read-only access to a single firewall or ...

    Configure the Report Expiration Period

    Configure the Report Expiration Period When you set the Report Expiration Period , it applies to all Report Types . The firewall automatically deletes reports ...

    Network > GlobalProtect > Portals

    Network > GlobalProtect > Portals Select Network > GlobalProtect > Portals to set up and manage a GlobalProtect™ portal. The portal provides the management functions ...

    © 2019 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo