Home

Resetting a Lost Admin Password on FortiGate

This article outlines the scenario in which access to the FortiGate is required or the password for the admin account needs to be reset, but no one possessing the current password is present.

When you find yourself in a situation where the admin password for a FortiGate device has been lost and no one with the existing password is available, it is crucial to follow a systematic approach to regain access. Below are detailed steps to reset the admin password, ensuring that you can access your FortiGate firewall securely.

Step 1: Prepare for the Reset Process

Before proceeding with any reset actions, ensure you have physical access to the FortiGate device. You will also need:

  • A console cable (usually serial) to connect your computer to the FortiGate device.
  • Terminal emulation software (like PuTTY, Tera Term, or HyperTerminal) installed on your computer.

Step 2: Connect to the Console

  1. Connect the Console Cable: Plug one end of the console cable into your computer and the other end into the console port of the FortiGate unit.

  2. Open Terminal Emulation Software: Launch your terminal emulation software and configure it with these settings:

    • Baud Rate: 9600
    • Data Bits: 8
    • Parity: None
    • Stop Bits: 1
    • Flow Control: None

  3. Accessing Console: Once connected, press Enter until you see a login prompt.

Step 3: Reboot the FortiGate Device

  1. Reboot Command: If you are logged in as a user with limited privileges or if you are at a prompt without being logged in, type execute reboot and confirm when prompted.

  2. Interrupt Boot Sequence: As soon as the device begins its boot sequence (you may see messages indicating system checks), interrupt this process by pressing Ctrl + C. This action should take you into a special mode known as “maintainer mode.”

Step 4: Enter Maintainer Mode

  1. Maintainer Mode Prompt: After interrupting, you should see a prompt asking for a maintainer password. The default maintainer password is usually set to bcpb or can be found in your documentation if it has been changed.

  2. Login Using Maintainer Password:

    • Type bcpb (or your specific maintainer password) and press Enter.
    • If successful, you’ll gain access to a command line interface.

Step 5: Reset Admin Password

  1. Access Configuration Mode:

    • Type config system admin and press Enter.

  2. Edit Admin User Settings:

    • To modify an existing admin account (usually named “admin”), type edit admin and press Enter.

  3. Change Password:

    • Use the command set password replacing with your desired new password.

  4. Save Changes:

    • Type next followed by end to save changes and exit configuration mode.

Step 6: Reboot Device Again

  1. After resetting the password, type execute reboot again to restart your FortiGate device normally.

  2. Once rebooted, use your new admin credentials to log in through either web-based management or console access.

Final Considerations

  • Ensure that after regaining access, you document any changes made during this process for future reference.
  • It’s advisable to review security policies regarding password management and consider implementing two-factor authentication if not already in place.

By following these steps carefully, you should be able to reset a lost admin password on your FortiGate device successfully.

Authoritative Sources Used

  • Fortinet Documentation
  • Fortinet Knowledge Base
  • Network World Articles on Firewall Management