Modifying the administrator password complexity on the USG2000&5000


The password complexity requirement of the USG2000&5000 cannot be modified.
After the password policy is enabled, only passwords that meet the password complexity requirement can be successfully configured.
Enable or disable the password policy as follows:
- On the web UI, choose System > Admin > Administrators, select or deselect Password Policy, and click Apply.
- An example of enabling or disabling the password policy through the CLI is as follows:
# Enable the password policy.
[sysname-aaa]password-policy mandatory enable

# Disable the password policy.
[sysname-aaa]undo password-policy mandatory enable

By default, the password policy is enabled.
After you disable the function, passwords that do not meet complexity requirements can be configured. However, these passwords bring about security risks and you are advised not to disable this function.

Other related questions:
Setting the administrator password complexity on the USG6000
For security, the USG6000 series does not support modifying the password complexity.

Password complexity for the USG2000&5000 series
Password complexity requires that a password shall meet the following conditions at the same time: - The minimum password length is 8 characters. - The password is a string containing at least three types out of uppercase letters (A to Z), lowercase letters (a to z), digits (0 to 9), and special characters such as the exclamatory mark (!), pound sign (#), dollar sign ($), and percent sign (%). - The password cannot be the same as the user name or its reverse. - A new password cannot be the same as the previous ones.

Administrator user name and password change for the USG2000&5000 series
For firewalls, once an administrator account is created, the user name cannot be changed. You can change the administrator password on the web UI: 1. Choose System > Administrators > Administrators. 2. Click the Edit icon on the line of the administrator and change the password in the displayed dialog box. In addition, you can run the current-user password-modify command to change the password of the current administrator.

Changing the administrator level on the USG2000&5000
Change the administrator level on the USG2000&5000 as follows: system-view Enter system view, return user view with Ctrl+Z. [USG5100]aaa [USG5100-aaa]local-user admin level ? INTEGER<0-15> Value audit Audit level //The level available ranges from 0 to 15. In normal cases, the administrator permission of level 3 is proper. The audit level indicates the permission of auditing the administrator.// [USG5100-aaa]local-user admin level 3 //Indicates setting the permission of the admin account to the level-3 management level.//

Viewing the administrator level on the USG2000&5000
View the administrator level on the USG2000&5000 as follows: display local-user username admin ---------------------------------------------------------------------------- Username : admin User valid-period : - Password : **************** Password valid-days : 90 State : Active Service-type : ppp web ftp telnet terminal ssh 802.1x ACL-number : - Idle-cut : No Access-limit : No Online-number : 1 MAC-address : - User-level : 15 FTP-directory : - L2tp-ip : -

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top