Resetting the Fortigate
admin account’s password
The default
administrator account, named admin, initially has no password.
Unlike other administrator accounts,
the admin administrator account exists by default and cannot be deleted.
This administrator account always has full permission to view and change all
FortiRecorder configuration options, including viewing and changing all other
administrator accounts. Its name and permissions cannot be changed.
‘maintainer’ account is
enable by default.
The special hidden “maintainer” user login, which is used
for password recovery. When enabled, the “maintainer” account can log in from
the console after a hard reboot (power off, power on) using the password “bcpb” followed by the FortiGate unit
serial number. eg. bcpbFG900A83901645649.
You have limited time (15 to 30 seconds) to complete this login.
After changing admin password it will only take affect the
admin password of the current configuration and the rest of your configuration
file should be the same as before it reboot. FortiGate system configuration is
automatically save the configuration after every change. By default is
automatic save config.
How to reset lost admin password in Fortigate
Requirements:
The following equipment were used to test this scenario.
·
FortiGate Firewall
·
Console cable
·
Putty.exe
NOTE : This process will require the hard reboot (power off & on) of the FortiGate.
You have limited time (15-30 sec) to complete this login as user “maintainer” after the boot process. If you take too much time you have to hard reboot the device again.
While it is rebooting you can get the Serial Number from Putty. Just copy and paste it on the Notepad. Prepare username login (maintainer) and password (bcpd+SerialNumber) (eg. bcpbFG900A83901645649) in the notepad for time saving.
Instead of typing it in just do it quickly copy & paste it from notepad. This will prevent the login from timing out.
admin
Passoword Changing Procedure Steps 1 to 7
1. Power off the FortiGate. Wait for at
least 10 sec and then Power On the FortiGate. (if power off and on very fast, there might be
power trip or corrupt the system)
2. Direct
connect your Laptop to a serial console port using Putty.
3. Wait until
the Firewall name and login prompt to appears.
4. Username login
is
maintainer
Prepare
user name and password in the notepad for time saving.
5. Password is
bcpb+SerialNumber (eg. bcpbFG900A83901645649)
Instead
of typing it in just do it quickly copy & paste it from notepad that you have
prepared. This will prevent the login from timing out.
6. Press Enter
to login. Now you will be connected to firewall.
7. Finally change
the admin password. execute reboot (optional)
In a unit where vdoms
(Virtual domains (VDOMs)) are not enabled:
config system admin
edit admin
set password
<psswrd>
end
In a unit where vdoms
are enabled:
config global
config system admin
edit admin
set password
<psswrd>
end
By default FortiGate
system configuration is automatically
save the configuration after every change.
Enables or disables
the special hidden “maintainer” user login, which is used for password
recovery. Enable by default.
set admin-maintainer
{enable | disable}
To clear the current
admin password: Not for this scenario. Just for info.
(this is only for
clear / no password for admin you need to know the old password)
config system admin
edit admin
unset password <old
password>
end
Thank You.
Cheers! :)
Yan Linn Aung