Resetting a lost Admin password
Resetting a lost Admin password
来源 https://cookbook.fortinet.com/resetting-a-lost-admin-password/
Posted on October 10, 2018 by Bruce Davis
Periodically a situation arises where the FortiGate needs to be accessed or the admin account’s password needs to be changed but no one with the existing password is available. If you have physical access to the device and a few other tools the password can be reset.
Warning: This procedure will require the reboot of the FortiGate unit.
Update:
Once you have logged into your FortiGate with the maintainer account (as described below), if the FortiGate is running FortiOS 6.0.3 or later, you can enter the execute factoryreset
command to return the FortiGate to its default configuration. This can be useful if you have deleted the admin administrator account.
In newer versions of the BIOS, you can expect some changes to the behaviour of the maintainer
account. These changes will include:
- The countdown timer for how log you have to enter the credentials has increased. Starting from when the device powers up, you will have 60 seconds instead of 30.
- Using the
maintainer
account and resetting a password cause a log to be created; making these actions traceable for security purposes. - The account will be able to reset the password for any super-admin profile user in addition to the default
admin
user. This takes into account the possibility that the default account has been renamed. - The only thing the
maintainer
account has permissions to do is reset the passwords of super-admin profile accounts.
You will need:
- Console cable
- Terminal software such as Putty.exe (Windows) or Terminal (MacOS)
- Serial number of the FortiGate device
Procedure
Step #1
Connect the computer to the firewall via the Console port on the back of the unit.
In most units this is done either by a Serial cable or a RJ-45 to Serial cable. There are some units that use a USB cable and FortiExplorer to connect to the console port.
Virtual instances will not have any physical port to connect to so you will have to use the supplied VM Hosts’ console connection utility.
Step #2
Start your terminal software.
Step #3
Connect to the firewall using the following:
Setting | Value |
Speed | Baud 9600 |
Data Bits | 8 Bit |
Parity | None |
Stop Bits | 1 |
Flow Control | No Hardware Flow Control |
Com Port | the correct COM port |
Step #4
The firewall should then respond with its name or hostname. (If it doesn’t try pressing “enter”.)
Step #5
Reboot the firewall. If there is no power button, disconnect the power adapter and reconnect it after 10 seconds. Plugging in the power too soon after unplugging it can cause corruption in the memory in some units.
Step #6
Wait for the Firewall name and login prompt to appear. The terminal window should display something similar to the following:
FortiGate-60C (18:52-06.18.2010)
Ver:04000010
Serial number: FGT60C3G10016011
CPU(00): 525MHz
Total RAM: 512 MB
NAND init... 128 MB
MAC Init... nplite#0
Press any key to display configuration menu...
......
reading boot image 1163092 bytes.
Initializing firewall...
System is started.
login:
Step #7
Type in the username: maintainer
Step #8
The password is bcpb + the serial number of the firewall (letters of the serial number are in UPPERCASE format)
Example: bcpbFGT60C3G10016011
Note:
On some devices, after the device boots, you have only 14 seconds or less to type in the username and password. It might, therefore, be necessary to have the credentials ready in a text editor, and then copy and paste them into the login screen. There is no indicator of when your time runs out so it is possible that it might take more than one attempt to succeed.
Step #9
Now you should be connected to the firewall. To change the admin password you type the following…
In a unit where VDOMs are not enabled:
config system admin
edit admin
set password
end
In a unit where VDOMs are enabled:
config global
config system admin
edit admin
set password
end
If the FortiGate is running FortiOS 6.0.3 or later you can also enter the following command to reset the FortiGate to its factory default configuration. This can be useful if you have deleted the admin administrator account.
execute factoryreset
Warning
Good news and bad news. Some might be worried that there is a backdoor into the system. The maintainer feature/account is enabled by default, but the good news is, if you wish, there is an option to disable this feature. The bad news is that if you disable the feature and lose the password without having someone else that can log in as a superadmin profile administrator you will be out of options.
If you attempt to use the maintainer account and see the message on the console, “PASSWORD RECOVERY FUNCTIONALITY IS DISABLED”
, this means that the maintainer account has been disabled.
Disabling the maintainer feature/account
Use the following command in the CLI to change the status of the maintainer account
To disable
config system global
set admin-maintainer disable
end
To enable
config system global
set admin-maintainer enable
end
====================== End
Resetting a lost Admin password的更多相关文章
- 使用Docker Compose 部署Nexus后初次登录账号密码不正确,并且在nexus-data下没有admin,password
场景 Ubuntu Server 上使用Docker Compose 部署Nexus(图文教程): https://blog.csdn.net/BADAO_LIUMANG_QIZHI/article/ ...
- Recover lost Confluence password
confluence重置admin密码 复方法: 1. 运行此sql 找到你的管理员帐户: select u.id, u.user_name, u.active from cwd_user u joi ...
- how to reset mac root password
Reset 10.5 Leopard & 10.6 Snow Leopard password Power on or restart your Mac. At the chime (or g ...
- Spring Boot Admin 的使用 2
http://blog.csdn.net/kinginblue/article/details/52132113 ******************************************* ...
- Magento: How to reset admin pssword
Magento: How to reset admin pssword If you forget your admin password for Magento and you can’t reme ...
- VSS Admin 清除密码
[参阅链接]http://www.cnblogs.com/Zealot/archive/2004/09/18/44309.html the secret is to hack the um.dat f ...
- Spring Boot Admin Reference Guide
1. What is Spring Boot Admin? Spring Boot Admin is a simple application to manage and monitor your S ...
- spring boot admin + spring boot actuator + erueka 微服务监控
关于spring boot actuator简单使用,请看 简单的spring boot actuator 使用,点击这里 spring boot admin 最新的正式版本是1.5.3 与 spri ...
- Django通过pycharm创建后,如何登录admin后台?
问题背景: 使用pycharm创建完成django项目(项目名称为:mydjangopro,app名称为my_blog) , 本想登录后台直接输入地址:http://127.0.0.1:8000/ad ...
随机推荐
- Java+Netty实现的RESTful框架--netty-rest-server
在工作中用Netty做了几个服务,感觉Netty做出来的程序性能好,资源占用少,但是实现Http服务比较麻烦,于是就参考Spring MVC的注解基于Netty实现了一个轻量级的RESTful框架. ...
- Siki_Unity_7-4_高自由度沙盘游戏地图生成_MineCraft_Uniblocks插件(可拓展)
Unity 7-4 高自由度沙盘游戏地图生成 MineCraft (插件Uniblocks) 任务1&2&3&4 素材 && 课程演示 && 课 ...
- Java字符串分割
java中字符串的分割函数,split("你想要分割的字符", 你想要最多分割为多少段,正整数) 注意事项: 1.分割特殊字符考虑转义字符的使用.如: . \ | 2.第二个参数: ...
- Hyperledger Fabric服务器配置及修改Docker容器卷宗存储根目录/位置
Hyperledger Fabric节点服务器对存储空间的消耗还是比较大的,在我实际生产体验的过程中,每一条请求数据大概仅2K左右,但实际占用空间远不止这点,每个节点都会对Block及链进行保存维护, ...
- 【Docker】第五篇 Docker 数据管理
一.基本介绍 数据管理的原因:Docker中的容器一旦删除,容器本身的rootfs文件系统就会被删除,容器中的所有数据就会被删除.为了对一些需要持久化的数据,不随容器删除而删除,所以我们可以通过多个容 ...
- 笔试题——C++开发简单记录错误模块
题目:链接:https://www.nowcoder.com/questionTerminal/67df1d7889cf4c529576383c2e647c48 来源:牛客网 解析及代码来源:http ...
- Homebrew1.5之后安装PHP和扩展
Homebrew 1.5 宣布放弃 homebrew/php, 转而使用homebrew/core维护, 详见https://brew.sh/2018/01/19/homebrew-1.5.0/ 于是 ...
- js备忘录5
函数的全解析 原文链接: http://mp.weixin.qq.com/s?src=11×tamp=1509672643&ver=491&signature=9fD ...
- 搭建gitpage博客
http://blog.csdn.net/jzooo/article/details/46781805
- jQuery源码分析之整体框架
之前只是知道jQuery怎么使用,但是我觉得有必要认真的阅读一下这个库,在分析jQuery源码之前,很有必要对整个jQuery有个整体的框架概念,才能方便后面对jQuery源码的分析和学习,以下是我总 ...