This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Password Policy

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Password Policy

volksbank
Not applicable

‎07-04-2011 01:53 AM

Hello,

does somebody know how to setup Password Policy for management users in PAN OS 4? I am talking about minimum password length, special characters etc.

0 Likes Likes
2 REPLIES 2

bryan
L3 Networker

‎07-04-2011 12:32 PM

Hello,


This option is available by enabling FIPS mode (FIPS 140-2) on the FW, though the following options will also apply:

Federal Information Processing Standards Support:

• To log into the firewall, the browser must be TLS 1.0 compatible.

• All passwords on the firewall must be at least six characters.

• Accounts are locked after the number of failed attempts that is configured on theDevice > Setup > Management page. If the firewall is not in FIPS mode, it can be configured so that it never locks out; however in FIPS mode, and lockout time is required.

• The firewall automatically determines the appropriate level of self-testing and enforces the appropriate level of strength in encryption algorithms and cipher suites.

• Non-FIPS approved algorithms are not decrypted and are thus ignored during decryption.

• When configuring IPSec, a subset of the normally available cipher suites is available.

• Self-generated and imported certificates must contain public keys that are 2048 bits (or more).

• The serial port is disabled.

• Telnet, TFTP, and HTTP management connections are unavailable.

• Surf control is not supported.

• High availability (HA) encryption is required.

• PAP authentication is disabled..


Below is a Knowledgepoint Article regarding FIPS Mode:


https://live.paloaltonetworks.com/docs/DOC-1536


FIPS mode (enabling/details) can be referenced as well via your Admin Guide.


Regards,


Bryan

0 Likes Likes

chrisp
L3 Networker
In response to bryan

‎06-26-2012 12:23 PM

I'm trying to gather more info on the impacts of managing the devices in FIPS mode (beyond the admin guide)...I can't access the link about due to permissions errors.  Is the doc-1536 still applicable?

0 Likes Likes
  • 2781 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks