Configure Panorama Password Profiles and Complexity

To secure the local administrator account, you can define password complexity requirements that are enforced when administrators change or create new passwords. Unlike password profiles, which can be applied to individual accounts, the password complexity rules are firewall-wide and apply to all passwords.
To enforce periodic password updates, create a password profile that defines a validity period for passwords.
  1. Configure minimum password complexity settings.
    1. Select
      Panorama
      Setup
      Management
      and edit the Minimum Password Complexity section.
    2. Select
      Enabled
      .
    3. Define the
      Password Format Requirements
      . You can enforce the requirements for uppercase, lowercase, numeric, and special characters that a password must contain.
    4. To prevent the account username (or reversed version of the name) from being used in the password, select
      Block Username Inclusion (including reversed)
      .
    5. Define the password
      Functionality Requirements
      .
      If you have configured a password profile for an administrator, the values defined in the password profile will override the values that you have defined in this section.
  2. Create password profiles.
    You can create multiple password profiles and apply them to administrator accounts as required to enforce security.
    1. Select
      Panorama
      Password Profiles
      and click
      Add
      .
    2. Enter a
      Name
      for the password profile and define the following:
      1. Required Password Change Period
        —Frequency, in days, at which the passwords must be changed.
      2. Expiration Warning Period
        —Number of days before expiration that the administrator will receive a password reminder.
      3. Post Expiration Grace Period
        —Number of days that the administrator can still log in to the system after the password expires.
      4. Post Expiration Admin Login Count
        —Number of times that the administrator can log in to the system after the password has expired.

Related Documentation