Heads up: You have to type the userid and password within a 15 seconds of the login prompt first appearing. If you take too much time you should reboot the firewall again.
- Connect the console cable to the Fortigate and fire up your favorite terminal emulator
- Reboot the firewall unit.
- At the console login prompt, type in "maintainer" as the userid.
- Type in bcpbFGTxxxxxxxxxxxxx as the password. xxxxxxxxxxxxx will be the S/N of the Fortigate. The serial number is case sensitive so for example you should use FGT60B, not FGT60b. If that does NOT work try bcpbxxxxxxxxxxxxx as the password.
- After logging in, change the admin password:
edit admin
set password
next
end
Does this only work on certain versions? Not having much luck, 4.0 MR1 interim release.
ReplyDeleteit was working up to pre 3.0 (2.8 maybe) versions as far as I know.
ReplyDeleteJust done this on the latest release.
ReplyDeleteBut you do have to power cycle the box and enter the userid immediately the login prompt comes up. Haveing the password in the paste buffer also makes for quick entry. But don't use ctrl-v with Hyperterm, it sends the ctrl-v to the host - use Edit, Paste to host.
Worked for me. Check that the format is 13 digits if the serial number is 12 add a dash - in my case bcpbFGT-XXXXXXXXXXXX worked
ReplyDeletedoes anyone knows if this procedure works with fortianalyzer too ?
ReplyDeletethanks
Yes this procedure is vaild for Fortianalyzer as well.
ReplyDeletedoes anyone knows if this procedure works with Fortimanager too?
ReplyDeleteThanks
Yes, works with FortiManager as well.
ReplyDeleteWorks on the latest firmware but immediately after restart.
ReplyDeleteworks on 4.0 mr2 patch 8 for FGC80C
ReplyDeleteYou must do this within 14 seconds of logon prompt
Also you must set the accprofile
so
config system admin
edit admin
set password
set accprofile super_admin
end
I've tried this numerous times on a 110c I have. tried multiple ways with multiple things left out. Any ideas how to get in this one? I can't find anything anywhere for 100 series devices.
ReplyDeleteI used these instructions to recover admin password on a Fortigate FG-30B and FG-60B. They worked exactly as described. Thank you very much for this post.
ReplyDeleteJust tried with a FWF-60C. No dice.
ReplyDeleteVerified this on a FortiAnalyzer 100C and it works. The username is maintainer and the password is bcpbFLxxxxxxxxxxxxxx with the xxx's being the rest of the SN.
ReplyDeleteFortigate 400: When I try your procedure it seems to work, but after nothing happens!
ReplyDeleteNo requests for commands, nothing ... it waits 1 minute and after it log me off and request a login user!
Any idea, please?
I tried this solution for 200B, its works for me. How about Analyzer 100C?
ReplyDeleteConfirmed to work on 30B. The serial number is 16 characters long.
ReplyDeleteIn my case I used bcpbFWFxxxxxxxxxxxxx. "FWF" is the first 3 characters of the serial number as recorded on the back of the device and xxx's as the remainder making a total of 16.
I tried so many time but still this is what I always received.
ReplyDeletemaintainer
Password: ********************
The hashed password length is invalid
Login incorrect
Please kindly help me to reset the password..many thanks
Tried this tip with a Fortianalyzer 100C. Worked like a charm. Thanks for your infos !!
ReplyDeleteHi, I am utterly useless or even a moron perhaps... but why doesn´t this work?
ReplyDeleteFGT50B3G10604933 login: maintainer
Password: ********************
Welcome !
FGT50B3G10604933 # config system admin
4832: Unknown action 3
Command fail. Return code -1
You may have vdom's configured on your fw.
ReplyDeleteyou will need to set context with the 'config global' command. And then follow the password reset instructions from the top of the article.
I have a FortiWifi 60C. I consoled in to try this but it didn't work. What did work, was I cycled the power by pulling the plug and letting it restart. As soon as the login came back up, I pushed the reset button on the back right with a paperclip.
ReplyDeleteIT IS NOT WORKING WITH 80C
ReplyDeleteALSO IS NOT WORKING WITH FORTIWIFI 60 B
ReplyDelete4-25-2013
ReplyDeleteI confirm having just done all of htese units 10 minutes prior to this post.
FGT60D
FGT110C
FW80CM
Few things I see wrong in the reposnces
Wifi is not FWF its FW
Boot your unit up viewing it post with a termnal. I have noticed FGT and FG between A,B,C, and D units.
The number of digits in SN vary. I have saw 12,13, and 16
Most of all you are all wrong because you are not considering how crappy and inconsustant fortinet really is. There Q&A is not good. Most of the units for any exact model have multiple hardware versions under the hood hence al the info in here is wrong and right. Just depends if you have a gen1 a rev2 and such !!
This MUST be done in the first 14 seconds after a reboot. Copy n paste the password
ReplyDeleteYo tengo un FortiWIFI 60A, el numero de serie empieza con FWF60A, no funciona este procedimiento, espero alquien tenga alguna solución
ReplyDeletehallo firewall guru, this article really helped me, and I asked for permission to copy this article into my blog
ReplyDeleteSure thing. As long as you link back to my blog :)
ReplyDeleteMuchas gracias, me funciono a la perfeccion. Tengo un FG 100C.
ReplyDeleteMuy importante tener en cuenta el tiempo para hacerlo, lo mejor es copiar la serie y pegarla en la consola.
Gracias de nuevo.
Possibly a better way to explain it...
ReplyDeleteThe unit will provide serial number on startup via Console.
Eg;
Serial number:FG300B39XXXXXXXX
Using username "maintainer", simply prepend "bcpb" to the string provided as the serial number. This let me in straight away.
Gracias,
ReplyDeleteme ayudo mucho en FTG 100A
Tried resetting on a Fortigate 60 & it works like a charm!
ReplyDeleteQuestion though i still have an F 60 on production i want to recover the password. would it anyway affect running config? i dont have a backup config. im scared it would mess everything.
any help would be appreciated.
cheers!
You should be able to reset the password without losing your config.
ReplyDeleteThanks !!!
ReplyDeleteIt worked for me rebooting the unit on a 50B with user mainatiner and with no dash ver:04000010
We got same problem in Fotigate 60C. Main tip is
ReplyDelete1)Kindly check your serial no is 13digit.If not kindly include dash(-) inbetween FGT and serial no
2)we need to enter username(maintainer) and password within 14 seconds once login ask.
Please follow it.
it works for me in a fortigate 50b,
ReplyDeleteIt works on 100A (MR2 patch9). only thing is we need type username & password with 15 sec of the first appear the login prompt
ReplyDeleteHi there!
ReplyDeleteGreat blog, great help, thanks!
My case: FortiGate 100.
Worked ok with the original plan, 13 digits, + good posted tips here like to have the SN already copied to Clipboard (I Scanned the bar code to NotePad in order to be sure it’s the right SN).
Please forgive me my nearly offtopic question: I needed to change the pwd because form one moment to another the previous pwd was not longer accepted (and nobody has changed it). Does anybody know about this kind of bug in these FWs?
Thanks again.
Hi Guys,
ReplyDeleteIs it possible to reset password from remote location? I have physical hardware in our remote office. I have Serial Number but for now I'm unable to plug directly on Management Console (RJ45 to DB9)
Appreciate if anyone help me with this.
Many Thanks,
According to Fortinet support you cannot reset the admin password remotely. A console connection is required.
ReplyDeleteThank you, this worked for my FWF80CM running 4.0 MR2 Patch 2.
ReplyDeleteE.
Funciono para mi de la siguiente forma en Fortigate 110C:
ReplyDelete1.- Conectar en modo consola
2.- Apagar y reiniciar la unidad Fortigate dejandola conectada
3.- Cuando Reinicie tenemos solo 14 segundos para ingresar:
Usuario: maintainer
password: bcpbFG100C5G09108315
Es recomendable tener todo el password ya copiado en un archivo de texto para pegarlo de inmediato en la consola de la hyperterminal.
Eso es todo.
Màs informaciòn aquì: http://docs-legacy.fortinet.com/fgt/sysadmin/Resetting_a_lost_admin_password.pdf
ReplyDeleteWorked like a charm for the FortiGate 620B I have here, many thanks!
ReplyDeleteplz help me out i cant able to reset the password, i tryed 13digits serial number too username: maintainer password:bcpb...... not working other then dis any other solution to reset password.
ReplyDeleteThanks.
On FortiVM in evaluation period the password is bcpbFGVMEV0000000000 (At least on Hyper-V edition at this date ;-))
ReplyDeleteI am able to login with maintainer as username
ReplyDeleteno object in the end
Command fail. Return code 1
I am getting above error when running below command
config system admin
command parse error before 'global'
Command fail. Return code 1
also i am getting above error while executing below command
config global
Please help me
I need your help people. I have a Fortigate-60 and I want to reset it because I can not loggin to the web interface so I need a new user id and password. I follow the instructions to do it, but after the: ''Firewall initalizing...'' and ''System is started'', appears Arizona login, so I type ''maintainer'' and type the bcpb N/S, and then it says ''login incorrect''. What I have to do? Help please.
ReplyDeleteThanks a lot. For the 100D it should be bcpbFG100DXXXXXXXXXX.
ReplyDeleteWorked like a charm.
Dear Sirs,
ReplyDeleteI have a Fortinet 50B . unfortunately MAINTAINER account is disabled.
please help.
confirmed this worked with my fortiwifi 60c - but needed to follow these intructions also: (https://forum.fortinet.com/tm.aspx?m=124931)
ReplyDeleteConfig system admin
edit admin
set accprofile "super_admin"
set vdom "root"
set password
end
Dear Firewall Gurus,
ReplyDeleteI have a fortiweb decive FV400DXXX, unfortumately lost the admin password. I am trying to reset it however this method doesnt seem to work after login i just get the prompt
FortiWeb login: maintainer
Password: ********************
Login incorrect
i have tried waiting 15- 35 secs , i have tried waiting for 14 secs, i have tried immediately but same result
FortiWeb login: maintainer
Password: ********************
Login incorrect
the password format is bcpbFV400DXXXXXXXXX
PLEASE HELP!!!
Hi please help i have a fortinet 100d i have logged in as maintainer however i see that the config that was loaded have no accounts at all configured how can i config an admin? the exec command isnt working for me.
ReplyDeletePlease Help me, I have fortigate 60. Manufacture Date 2007 month 06. I used the username as maintainer and password bcpb+ serial. But Login incorrect msg displayed.
ReplyDeletePl help me to reset the admin password
I also have a 60D, i use it at home to learn
ReplyDeleteI’m new in the world of FG, but when i try to login it tell me: ”Login incorrect”
I do know my admin password, I’m just testing it.
I did the config enable maintainer but it still tells me: ”Login incorrect”