Skip to main content
chall_FTNT
Staff
chall_FTNT
Staff
April 17, 2017

Troubleshooting Tip: Restoring FortiManager or FortiAnalyzer configuration when admin password is lost

  • April 17, 2017
  • 0 replies
  • 26297 views

Description

 

This article describes what to do when access to the admin password for a FortiManager or FortiAnalyzer unit is lost.

 

Scope

 

FortiManager, FortiAnalyzer.


Solution

 

FortiManager or FortiAnalyzer products since version 5.4.0 do not have a password recovery mechanism (maintainer account) as there is in FortiOS.

There are two approaches for dealing with this scenario.
Icon-Light-Bulb.png Special precautions must be taken if workflow mode is in use (see below).

 

  1. BIOS Configuration Menu (Does NOT require a configuration backup file).


For FortiManager and FortiAnalyzer appliances, formatting flash and reloading the image (from the BIOS configuration menu) will erase the system settings, including the administrative accounts. 

 
Icon-Light-Bulb.png System settings include IP and routes. Access to the serial console to reconfigure IP and routing is required to restore remote connectivity.

 

The factory-default administrative account can then be used. Information about managed devices (e.g., policy packages on FortiManager and logs and reports on FortiAnalyzer) is unaffected by these changes and is still preserved on the disk.
Icon-Light-Bulb.png For FortiManager and FortiAnalyzer VMs, the above step is not an option.

Workflow sessions are lost when using this approach.
 
The above steps are only for appliances. For VMWare, it is possible to replace the storage disk and so accomplish the same purpose (see 'Related Articles').
 
  1. Migrate Command (Requires a configuration backup file).

Starting in v5.4.1, the CLI command:

execute migrate all-settings <ftp/scp/sftp> <server ip:port> <path_filename> <username> <password>

It was introduced, allowing a backup of the configuration file to be loaded onto a new FortiManager/FortiAnalyzer VM. 

See also related KB Article 'Using 'exec migrate' to migrate to a new FortiAnalyzer/FortiManager model'.

This approach is the main one for virtual machines (VMs) because approach #1 applies only to hardware appliances and not to VMs.
Here are the steps:
  1. Create a new VM.

 

Icon-Light-Bulb.png Prior to running exec migrate:

If workflow mode was in use on the original unit, workflow mode should be enabled on the new unit PRIOR to running
execute migrate.
If this order is followed, workflow sessions are preserved.

Also, if multiple ADOMs were previously in use, enable ADOMs first.

  1. Run the execute migrate command.
  2. The factory default admin account and password can be used (system settings are not restored).
For FortiManager and FortiAnalyzer VMs before v5.4.1, contact Fortinet Technical Support for assistance.

 

Related articles:

    Terms & ConditionsAccessibility statement