Skip to main content
kwcheng__FTNT
Staff
kwcheng__FTNT
Staff
August 28, 2019

Technical Tip: How to reset the FortiADC admin password

  • August 28, 2019
  • 0 replies
  • 4522 views

Description


This article describes the methods available to recover or reset the administrator password on a FortiADC appliance when the existing admin credentials are unavailable.

 

Scope


FortiADC.

Solution


Unlike FortiOS, which supports password recovery through the maintenance account, FortiADC does not support administrator password reset through the console in affected versions. If the admin password is lost, a workaround using the FortiADC configuration file is required to regain administrative access.

Before proceeding, ensure that a valid FortiADC configuration backup is available. If no backup configuration file exists, redeployment of the FortiADC appliance will be required.

Below are the steps to reset the FortiADC password:

  1. Extract the configuration file.

Open the FortiADC backup configuration file. Copy the 'XXXX.conf' file out and open it with WordPad or NotePad++.


kb_15964_1.png

 

  1. Edit the configuration file.

Search for the word 'system admin' and remove the row with 'set password xxxxxxxxx'. Afterwards, save the file.

kb_15964_2.png

 

  • CLI example before editing the password:

config system admin
    edit admin
        set password ENC $1$d7bab8d1$4cynaptOFjxPlJUPZjSjH0
        next
end


  • CLI example after editing the password:

 config system admin
    edit admin
    next
end


  1. Update the backup ZIP file.

Browse to the ZIP file again, and replace the edited 'OLDXXXX.conf' with 'EDITEDXXXX.conf'.

kb_15964_3.png

 

  1. Perform a clean firmware installation.

Access the Fortinet account, download the same firmware according to the FortiADC backup configuration file, and perform a re-imaging on the FortiADC.
For more information, refer to the Admin Guide: Restoring firmware.

kb_15964_4.png

  

Important note:
The firmware image used for re-imaging must match the version of the backup configuration file. A mismatch may cause issues during configuration restoration. The build number can be verified and cross-checked between the firmware image and the configuration file before proceeding.


  1. Initial Login.

Once the re-imaging is complete, log in to the FortiADC via the GUI. The default login account will be the username 'admin' with a blank password.

adcloginpage.png

 

  1. Restore the edited configuration.

Restore the configuration file by browsing the ZIP file that had been previously edited. The restore feature is located under System -> Settings -> Backup & Restore -> Restore.

 

uploadconfig.png

 

HA Considerations.

  • In an HA cluster, the administrator password is part of the synchronized configuration shared across all cluster members.

  • If the admin password is lost, recovery depends on having a valid configuration backup (typically taken from the primary unit).

  • The recovery procedure using the configuration file applies to the cluster configuration, not to individual nodes.

  • A valid HA cluster configuration backup is required to proceed with the recovery.

  • If no backup is available, HA does not provide an alternative recovery method, and redeployment of both units is required.

  • In certain scenarios, it may be necessary to break the HA cluster or operate on the primary unit independently to complete the recovery, depending on the cluster state.


Important notes and Best Practices:

  • This procedure causes service downtime (re-image + reboot).

  • Once the restoration is done, it will be possible to log in to the FortiADC with a blank password.

  • Maintain at least two super-admin accounts and store credentials securely.

  • Regularly back up the configuration and test the restore process.


Related documents:

Restoring firmware

How to reset admin password

Backing up and restoring the configuration

Terms & ConditionsAccessibility statement