Resetting a lost Admin password

来源 https://cookbook.fortinet.com/resetting-a-lost-admin-password/

Posted on October 10, 2018 by Bruce Davis

Periodically a situation arises where the FortiGate needs to be accessed or the admin account’s password needs to be changed but no one with the existing password is available. If you have physical access to the device and a few other tools the password can be reset.

Warning: This procedure will require the reboot of the FortiGate unit.

Update:

Once you have logged into your FortiGate with the maintainer account (as described below), if the FortiGate is running FortiOS 6.0.3 or later, you can enter the execute factoryreset command to return the FortiGate to its default configuration. This can be useful if you have deleted the admin administrator account.

In newer versions of the BIOS, you can expect some changes to the behaviour of the maintainer account. These changes will include:

  • The countdown timer for how log you have to enter the credentials has increased. Starting from when the device powers up, you will have 60 seconds instead of 30.
  • Using the maintainer account and resetting a password cause a log to be created; making these actions traceable for security purposes.
  • The account will be able to reset the password for any super-admin profile user in addition to the default admin user. This takes into account the possibility that the default account has been renamed.
  • The only thing the maintainer account has permissions to do is reset the passwords of super-admin profile accounts.

You will need:

  • Console cable
  • Terminal software such as Putty.exe (Windows) or Terminal (MacOS)
  • Serial number of the FortiGate device

Procedure

Step #1

Connect the computer to the firewall via the Console port on the back of the unit.

In most units this is done either by a Serial cable or a RJ-45 to Serial cable. There are some units that use a USB cable and FortiExplorer to connect to the console port.

Virtual instances will not have any physical port to connect to so you will have to use the supplied VM Hosts’ console connection utility.

Step #2

Start your terminal software.

Step #3

Connect to the firewall using the following:

Setting Value
Speed Baud 9600
Data Bits 8 Bit
Parity None
Stop Bits 1
Flow Control No Hardware Flow Control
Com Port the correct COM port

Step #4

The firewall should then respond with its name or hostname. (If it doesn’t try pressing “enter”.)

Step #5

Reboot the firewall. If there is no power button, disconnect the power adapter and reconnect it after 10 seconds. Plugging in the power too soon after unplugging it can cause corruption in the memory in some units.

Step #6

Wait for the Firewall name and login prompt to appear. The terminal window should display something similar to the following:

FortiGate-60C (18:52-06.18.2010)

Ver:04000010

Serial number: FGT60C3G10016011

CPU(00): 525MHz

Total RAM: 512 MB

NAND init... 128 MB

MAC Init... nplite#0

Press any key to display configuration menu...

......

reading boot image 1163092 bytes.

Initializing firewall...       

System is started.

 login:

Step #7

Type in the username: maintainer

Step #8

The password is bcpb + the serial number of the firewall (letters of the serial number are in UPPERCASE format)

Example: bcpbFGT60C3G10016011

Note:

On some devices, after the device boots, you have only 14 seconds or less to type in the username and password. It might, therefore, be necessary to have the credentials ready in a text editor, and then copy and paste them into the login screen. There is no indicator of when your time runs out so it is possible that it might take more than one attempt to succeed.

Step #9

Now you should be connected to the firewall. To change the admin password you type the following…

In a unit where VDOMs are not enabled:

config system admin

  edit admin

    set password

  end 

In a unit where VDOMs are enabled:

config global

  config system admin

    edit admin

      set password

    end

If the FortiGate is running FortiOS 6.0.3 or later you can also enter the following command to reset the FortiGate to its factory default configuration. This can be useful if you have deleted the admin administrator account.

execute factoryreset

Warning

Good news and bad news. Some might be worried that there is a backdoor into the system. The maintainer feature/account is enabled by default, but the good news is, if you wish, there is an option to disable this feature. The bad news is that if you disable the feature and lose the password without having someone else that can log in as a superadmin profile administrator you will be out of options.

If you attempt to use the maintainer account and see the message on the console, “PASSWORD RECOVERY FUNCTIONALITY IS DISABLED”, this means that the maintainer account has been disabled.

Disabling the maintainer feature/account

Use the following command in the CLI to change the status of the maintainer account

To disable

config system global

  set admin-maintainer disable

end

To enable

config system global

  set admin-maintainer enable

end

====================== End

Resetting a lost Admin password的更多相关文章

  1. 使用Docker Compose 部署Nexus后初次登录账号密码不正确,并且在nexus-data下没有admin,password

    场景 Ubuntu Server 上使用Docker Compose 部署Nexus(图文教程): https://blog.csdn.net/BADAO_LIUMANG_QIZHI/article/ ...

  2. Recover lost Confluence password

    confluence重置admin密码 复方法: 1. 运行此sql 找到你的管理员帐户: select u.id, u.user_name, u.active from cwd_user u joi ...

  3. how to reset mac root password

    Reset 10.5 Leopard & 10.6 Snow Leopard password Power on or restart your Mac. At the chime (or g ...

  4. Spring Boot Admin 的使用 2

    http://blog.csdn.net/kinginblue/article/details/52132113 ******************************************* ...

  5. Magento: How to reset admin pssword

    Magento: How to reset admin pssword If you forget your admin password for Magento and you can’t reme ...

  6. VSS Admin 清除密码

    [参阅链接]http://www.cnblogs.com/Zealot/archive/2004/09/18/44309.html the secret is to hack the um.dat f ...

  7. Spring Boot Admin Reference Guide

    1. What is Spring Boot Admin? Spring Boot Admin is a simple application to manage and monitor your S ...

  8. spring boot admin + spring boot actuator + erueka 微服务监控

    关于spring boot actuator简单使用,请看 简单的spring boot actuator 使用,点击这里 spring boot admin 最新的正式版本是1.5.3 与 spri ...

  9. Django通过pycharm创建后,如何登录admin后台?

    问题背景: 使用pycharm创建完成django项目(项目名称为:mydjangopro,app名称为my_blog) , 本想登录后台直接输入地址:http://127.0.0.1:8000/ad ...

随机推荐

  1. Qt-网易云音乐界面实现-6 迷你个人中心实现

    这个界面除了麻烦耗时,没有啥技术含量.暂时我也就把它称为迷你个人中心,因为后面还有一个个人中心了. 先看下完成品 左侧是我的,右侧是原生 个人感觉还可以吧,哈哈哈.给我自己奖励一个鸡腿. 看下头文件 ...

  2. Jmeter接口测试(五)变量及参数化

    在请求过程中,有时我们需要在请求中设置一些变量来测试不同的场景. 提示:在调试请求过程中,无关的请求可以暂时禁用掉,选择某个暂时不用的请求,右键--禁用 Jmeter 支持以下类型变量:所有类型的变量 ...

  3. Keycloak服务器安装和配置

    安装地址:https://www.keycloak.org/archive/downloads-4.4.0.html 参考文档:https://www.keycloak.org/docs/latest ...

  4. SICP读书笔记 3.4

    SICP CONCLUSION 让我们举起杯,祝福那些将他们的思想镶嵌在重重括号之间的Lisp程序员 ! 祝我能够突破层层代码,找到住在里计算机的神灵! 目录 1. 构造过程抽象 2. 构造数据抽象 ...

  5. 路由器终端常用linux命令汇总(持续更新)

    ls:显示文件名与相关属性 ls -al;ls -l;ls -a 第一列: d:表示目录,dir. -:表示文件. l:表示链接文件,linkfile. 接下来的字符三个为一组,且均为rwx这3个字母 ...

  6. 第14讲:嵌入式SQL语言(基本技巧)

    一.交互式SQL的局限 & 嵌入式SQL的必要性 专业人员(如DBA)可以熟练地运用交互式SQL语言,但普通用户却不是那么容易上手,所以需要通过数据库应用程序来使用数据库.编写一个可以与数据库 ...

  7. Ambiguous mapping. Cannot map 'labelInfoController' method

    使用springboot项目中,启动时出现Ambiguous mapping. Cannot map 'labelInfoController' method , 原因是,@RequestMappin ...

  8. TeamWork#3,Week5,Scrum Meeting 11.16

    到目前为止各方面工作已经基本完成,爬虫程序也调整完毕,正在等待全部整合. 成员 已完成 待完成 彭林江 完成爬虫结构调整 新爬虫与服务器连接 郝倩 完成爬虫结构调整 新爬虫与服务器连接 高雅智 重定位 ...

  9. TeamWork#3,Week5,Scrum Meeting 11.4

    今天我们进行了第一次Scrum Meeting,总结了最近一段时间的工作成果和经验教训,并分配了每个成员下一步的工作.网络爬虫对我们来说是一个难点,因为之前接触比较少,所以需要从头学起.我们参考了大量 ...

  10. 2018-2019-20172321 《Java软件结构与数据结构》第九周学习总结

    2018-2019-20172321 <Java软件结构与数据结构>第九周学习总结 教材学习内容总结 第15章 图 无向图 图由顶点和边组成. 顶点由名字或标号来表示,如:A.B.C.D: ...