Fortigate Reset Admin Password
Periodically a situation arises where the FortiGate needs to be accessed or the
admin account’s password needs to be changed but no one with the existing
password is available. If you have physical access to the device and a few other
tools the password can be reset.
Warning:
This procedure will require the reboot of the FortiGate unit.
You will need:
• Console cable
• Terminal software such as Putty.exe (Windows) or Terminal (MacOS)
• Serial number of the FortiGate device
Step 1. Connect the computer to the firewall via the Console port on the
back of the unit.
In most units this is done either by a Serial cable or a RJ-45 to
Serial cable. There are some units that use a USB cable and
FortiExplorer to connect to the console port.
Virtual instances will not have any physical port to connect to so
you will have to use the supplied VM Hosts’ console connection
utility.
Step 2. Start your terminal software.
Step 3. Connect to the firewall using the following:
Setting Value
Speed Baud 9600
Data Bits 8Bit
Parity None
Stop Bits 1
Flow Control No Hardware Flow Control
Com Port The correct com-port
Step 4. The firewall should then respond with its name or hostname. (If it
doesn’t try pressing “enter”)
Step 5. Reboot the firewall. If there is no power button, disconnect the
power adapter and reconnect it after 10 seconds. Plugging in the
power too soon after unplugging it can cause corruption in the
memory in some units.
Step 6. Wait for the Firewall name and login prompt to appear. The
terminal window should display something similar to the following:
FortiGate-60C (18:52-06.18.2010)
Ver:04000010
Serial number: FGT60C3G10016011
CPU(00): 525MHz
Total RAM: 512 MB
NAND init… 128 MB
MAC Init… nplite#0
Press any key to display configuration menu…
……
reading boot image 1163092 bytes.
Initializing firewall…
System is started.
<name of Fortinet Device> login:
Step 7. Type in the username: maintainer
Step 8. The password is bcpb + the serial number of the firewall (letters of
the serial number are in UPPERCASE format)
Example: bcpbFGT60C3G10016011
Note: On some devices, after the device boots, you have
only 14 seconds or less to type in the username and
password. It might, therefore, be necessary to have the
credentials ready in a text editor, and then copy and paste
them into the login screen. There is no indicator of when
your time runs out so it is possible that it might take more
than one attempt to succeed.
Step 9. Now you should be connected to the firewall. To change the admin
password you type the following…
In a unit where vdoms are not enabled:
config system admin
edit admin
set password <psswrd>
end
In a unit where vdoms are enabled:
config global
config system admin
edit admin
set password <psswrd>
end
HOW TO PING OR TRACEROUTE AN ADRESS FROM A FORTIGATE UNIT:
- type “execute ping” or “execute traceroute” followed by an address you want to ping e.g.“execute ping 10.10.10.10″
HOW TO SHUTDOWN OR REBOOT A FORTIGATE UNIT FROM A CLI:
- type “execute shutdown” or “execute reboot”
HOW TO CHANGE AN ADMIN USER PASSWORD:
- type “config system admin”
- type “edit” followed by a user you want to reset the password for, e.g. “edit Joe”
- type “set password” followed by a new password, e.g. “set password NewPass1“
- type “end” to finish the procedure
HOW TO RESET A LOST PASSWORD ON A FORTIGATE UNIT:
- start some terminal emulator and connect to the device using a a console cable. Depending on which device you use it will be a RJ-45 to Serial or Serial to Serial cable
- Reboot the device and immediately it starts up login with user “maintainer” and password “bcpb%deviceserialnumber%” e.g. “bcpbFGT60C1A01102345″ (This should be done inside 14 seconds i think, i took me a few tries before i managed to do it, also the serial number is case sensitive)
- change the user password as described above
config system admin
edit %user%
set password %password%
end
HOW TO RESET FORTIGATE TO FACTORY DEFAULTS:
- type “execute factoryreset”
HOW TO SHOW INTERFACE SETTINGS:
- type “show system interface”
- type “show system interface port1”