: Configure Panorama Password Profiles and Complexity
Focus
Focus

Configure Panorama Password Profiles and Complexity

Table of Contents
End-of-Life (EoL)

Configure Panorama Password Profiles and Complexity

To secure the local administrator account, you can define password complexity requirements that are enforced when administrators change or create new passwords. Unlike password profiles, which can be applied to individual accounts, the password complexity rules are firewall-wide and apply to all passwords.
To enforce periodic password updates, create a password profile that defines a validity period for passwords.
  1. Configure minimum password complexity settings.
    1. Select PanoramaSetupManagement and edit the Minimum Password Complexity section.
    2. Select Enabled.
    3. Define the Password Format Requirements. You can enforce the requirements for uppercase, lowercase, numeric, and special characters that a password must contain.
    4. To prevent the account username (or reversed version of the name) from being used in the password, select Block Username Inclusion (including reversed).
    5. Define the password Functionality Requirements.
      If you have configured a password profile for an administrator, the values defined in the password profile will override the values that you have defined in this section.
  2. Create password profiles.
    You can create multiple password profiles and apply them to administrator accounts as required to enforce security.
    1. Select PanoramaPassword Profiles and click Add.
    2. Enter a Name for the password profile and define the following:
      1. Required Password Change Period—Frequency, in days, at which the passwords must be changed.
      2. Expiration Warning Period—Number of days before expiration that the administrator will receive a password reminder.
      3. Post Expiration Grace Period—Number of days that the administrator can still log in to the system after the password expires.
      4. Post Expiration Admin Login Count—Number of times that the administrator can log in to the system after the password has expired.