Password Policy

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Password Policy

Not applicable

Hello,

does somebody know how to setup Password Policy for management users in PAN OS 4? I am talking about minimum password length, special characters etc.

2 REPLIES 2

L3 Networker

Hello,


This option is available by enabling FIPS mode (FIPS 140-2) on the FW, though the following options will also apply:

Federal Information Processing Standards Support:

• To log into the firewall, the browser must be TLS 1.0 compatible.

• All passwords on the firewall must be at least six characters.

• Accounts are locked after the number of failed attempts that is configured on theDevice > Setup > Management page. If the firewall is not in FIPS mode, it can be configured so that it never locks out; however in FIPS mode, and lockout time is required.

• The firewall automatically determines the appropriate level of self-testing and enforces the appropriate level of strength in encryption algorithms and cipher suites.

• Non-FIPS approved algorithms are not decrypted and are thus ignored during decryption.

• When configuring IPSec, a subset of the normally available cipher suites is available.

• Self-generated and imported certificates must contain public keys that are 2048 bits (or more).

• The serial port is disabled.

• Telnet, TFTP, and HTTP management connections are unavailable.

• Surf control is not supported.

• High availability (HA) encryption is required.

• PAP authentication is disabled..


Below is a Knowledgepoint Article regarding FIPS Mode:


https://live.paloaltonetworks.com/docs/DOC-1536


FIPS mode (enabling/details) can be referenced as well via your Admin Guide.


Regards,


Bryan

I'm trying to gather more info on the impacts of managing the devices in FIPS mode (beyond the admin guide)...I can't access the link about due to permissions errors.  Is the doc-1536 still applicable?

  • 2803 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!