This article will explain how to recover a password from Fortigate with out erasing the configuration. A reboot of the Fortigate is required, so if the Fortigate is in production please do this procedure during the night when there is minimum business impact.
NOTE: The Hardware serial no. has been modified for security reasons. Console output is maked in blue.
- Connect a windows PC (or Laptop) to the console port of the Fortigate firewall.
- Use HyperTerminal to view Fortigate firewall’s console (make sure if you are able to see the login screen of the Fortigate)
- Reboot the firewall.
- While the hardware reboots it displays various status messages and Serial no. and halts with the login screen.
- Note down the Serial No. of the hardware.
Eg. FG100A123456789
Fortigate Console output
Ver:04000000
Serial number:FG100A123456789 ß make a note this serial no.
RAM activation
Total RAM: 256MB
Enabling cache…Done.
Scanning PCI bus…Done.
Allocating PCI resources…Done.
Enabling PCI resources…Done.
Zeroing IRQ settings…Done.
Verifying PIRQ tables…Done.
Disabling local APIC…Done.
Boot up, boot device capacity: 61MB.
Press any key to display configuration menu…
……
Reading boot image 1149913 bytes.
Initializing firewall…
System is started.
FORTIGATE100A login:
- In the login screen enter the following user name
- Login: maintainer
- use the following password
- password: bcpb[serial no.]
eg. bcpbFG100A123456789
NOTE: This procedure should be done within 20secs of the Fortigate reboot. Above 20secs you will not be able to login with ‘maintainer’ username. You have to start again you have to reboot the Fortigate.
Fortigate Console output
FORTIGATE100A login: maintainer
Password: ********************
Welcome !
FORTIGATE100A #
- enter the following commands one by one (this will reset the admin password)
· config system admin
· edit admin
· set password [password]
· end
Fortigate Console output
FORTIGATE100A # config system admin
FORTIGATE100A (admin) # edit admin
FORTIGATE100A (admin) # set password passsecure
FORTIGATE100A (admin) # end
FORTIGATE100A #
NOTE: remember to issue the command “end” else the new password will not take effect.