Password constraints for admin and VPN users
07/26/2022
18 People found this article helpful
301,648 Views
Description
The internal SonicOS Web-server supports TLS 1.1 and above with strong ciphers (128 bits or greater) when negotiating HTTPS management sessions. SSL implementations are not supported. This heightened level of HTTPS security protects against potential SSLv2 rollback vulnerabilities and ensures compliance with the Payment Card Industry (PCI) and other security and risk-management standards.
TIP: SonicOS uses advanced browser technologies, such as HTML5, which are supported in most recent browsers. SonicWall recommends using the latest Chrome, Firefox, Internet Explorer, or Safari (does not operate on Windows platforms) browsers for administration of SonicOS. Mobile device browsers are not recommended for SonicWall system administration.
Configuring SonicOS password constraint enforcement ensures that administrators and users are using secure passwords. This password constraint enforcement can satisfy the confidentiality requirements as defined by current information security management systems or compliance requirements, such as Common Criteria and the Payment Card Industry (PCI) standard.
Resolution
Resolution for SonicOS 7.X
This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.
To configure password compliance
1. Navigate to Device | Settings > Administration.
2. Click Login / Multiple Administrators. Configure the following settings in the LOGIN SECURITY section.
3. To require users to change their passwords after a designated number of days has elapsed:
Select Password must be changed every (days). The field becomes active. This option is not selected by default.
Enter the elapsed time in the field. The default number of days is 90, the minimum is 1 day, and the maximum is 9999.
When a user attempts to login with an expired password, a Popup window prompts the user to enter a new password. The User Login Status window now includes a Change Password button so users can change their passwords at any time.
![Image](https://sonicwall.rightanswers.com/portal/app/portlets/results/onsitehypermedia/090220726961061.png?linkToken=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJzb25pY3dhbGwiLCJleHAiOjE3NTM0OTkzNDksImlhdCI6MTcyMTk2MzM0OX0.iNaDvQ1DEejuJB7TUQNWrSgmjwA65CGPNJVK9D-ubVc)
4. To specify the minimum length of time, in hours, allowed between password changes:
Select Change password after (hours) . The field becomes active.
Enter the number of hours. The minimum – and default – time is 1 hour; the maximum is 9999 hours.
5. To require users to use unique passwords for the specified number of password changes:
Select Bar repeated passwords for this many changes. The field becomes active.
Enter the number of changes. The default number is 4, the minimum number is 1, and the maximum number is 32.
6. To require users to change at least 8 alphanumeric/symbolic characters of their old password when creating a new one, select Apply password constraints. For how to specify what characters are allowed, see Step 7.
7. Specify the shortest allowed password, and enter the minimum number of characters in the Enforce a minimum password length of the field. The default number is 8, the minimum is 1, and the maximum is 99.
8. Choose how complex a user’s password must be to be accepted from the enforce password complexity drop-down menu:
- None (default)
- Alphanumeric characters— Requires both alphabetic and numeric characters
- Alphanumeric and symbolic characters— Requires alphabetic, numeric, and symbolic characters – for symbolic characters, only !, @, #, $, %, ^, &, *, (, and ) are allowed; all others are denied.
9. When a password complexity option other than None is selected, the options under Complexity Requirement become active. Enter the minimum number of alphanumeric and symbolic characters required in a user’s password. The default number for each is 0, but the total number of characters for all options cannot exceed 99.
- Upper Case Characters
- Lower Case Characters
- Number Characters
- Symbolic Characters
TIP: The Symbolic Characters field becomes active only if Alphanumeric and symbolic characters are selected.
10. Select to which classes of users the password constraints are applied under Apply the above password constraints for. By default, all options are selected:
- Admin – Refers to the default administrator with the username admin.
- Other full admin
- Limited admin
- Guest admin
- Other local users
![Image](https://sonicwall.rightanswers.com/portal/app/portlets/results/onsitehypermedia/090220721578071.png?linkToken=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJzb25pY3dhbGwiLCJleHAiOjE3NTM0OTkzNDksImlhdCI6MTcyMTk2MzM0OX0.iNaDvQ1DEejuJB7TUQNWrSgmjwA65CGPNJVK9D-ubVc)
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
To configure password compliance
1. Navigate to Device | Settings > Administration.
2. Click Login / Multiple Administrators. Configure the following settings in the LOGIN SECURITY section.
3. To require users to change their passwords after a designated number of days has elapsed:
Select Password must be changed every (days). The field becomes active. This option is not selected by default.
Enter the elapsed time in the field. The default number of days is 90, the minimum is 1 day, and the maximum is 9999.
When a user attempts to login with an expired password, a popup window prompts the user to enter a new password. The User Login Status window now includes a Change Password button so users can change their passwords at any time.
![Image](https://sonicwall.rightanswers.com/portal/app/portlets/results/onsitehypermedia/090220726575036.png?linkToken=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJzb25pY3dhbGwiLCJleHAiOjE3NTM0OTkzNDksImlhdCI6MTcyMTk2MzM0OX0.iNaDvQ1DEejuJB7TUQNWrSgmjwA65CGPNJVK9D-ubVc)
4. To specify the minimum length of time, in hours, allowed between password changes:
Select Change password after (hours). The field becomes active.
Enter the number of hours. The minimum – and default – time is 1 hour; the maximum is 9999 hours.
5. To require users to use unique passwords for the specified number of password changes:
Select Bar repeated passwords for this many changes. The field becomes active.
Enter the number of changes. The default number is 4, the minimum number is 1, and the maximum number is 32.
6. To require users to change at least 8 alphanumeric/symbolic characters of their old password when creating a new one, select Apply password constraints. For how to specify what characters are allowed, see Step 7.
7. Specify the shortest allowed password, and enter the minimum number of characters in the Enforce a minimum password length of the field. The default number is 8, the minimum is 1, and the maximum is 99.
8. Choose how complex a user’s password must be to be accepted from the enforce password complexity drop-down menu:
- None (default)
- Alphanumeric characters— Requires both alphabetic and numeric characters
- Alphanumeric and symbolic characters— Requires alphabetic, numeric, and symbolic characters – for symbolic characters, only !, @, #, $, %, ^, &, *, (, and ) are allowed; all others are denied.
9. When a password complexity option other than None is selected, the options under Complexity Requirementbecome active. Enter the minimum number of alphanumeric and symbolic characters required in a user’s password. The default number for each is 0, but the total number of characters for all options cannot exceed 99.
- Upper Case Characters
- Lower Case Characters
- Number Characters
- Symbolic Characters
TIP: The Symbolic Characters field becomes active only if Alphanumeric and symbolic characters are selected.
10. Select to which classes of users the password constraints are applied under Apply the above password constraints for. By default, all options are selected:
- Admin – Refers to the default administrator with the username admin.
- Other full admin
- Limited admin
- Guest admin
- Other local users
![Image](https://sonicwall.rightanswers.com/portal/app/portlets/results/onsitehypermedia/090220721998573.png?linkToken=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJzb25pY3dhbGwiLCJleHAiOjE3NTM0OTkzNDksImlhdCI6MTcyMTk2MzM0OX0.iNaDvQ1DEejuJB7TUQNWrSgmjwA65CGPNJVK9D-ubVc)
Related Articles
Categories