Staff

Technical Tip: How to reset a FortiGate with the default factory settings/without losing management access

Forum|Forum|10 years ago
September 7, 2015
0 replies
1157981 views

Description

This article describes how to reset a FortiGate to factory defaults.

Scope

This command works on FortiGates and FortiProxys.

Solution

This procedure clears all changes made to the FortiGate configuration and resets the system to its original configuration with the default factory settings.

It does not change the firmware version or the antivirus or the IPS attack definitions.

There is also an option to reset FortiGate to factory settings without losing management access.

A FortiGate device can be reset to Factory defaults by using the CLI interface. This reset will remove all configurations. It will be in out-of-the-box condition. Direct access to FortiGate will be needed to access it.

Open an SSH to the system and execute the following command:

execute factoryreset

A warning will appear.

This operation will reset the system to factory default!
Do you want to continue? (y/n)

The system will reboot and load a basic configuration.

Note:

This option will require a username and a password. If the admin password is lost, refer to the KB article below to reset it:

Factory reset without losing management access.

This option will reset the FortiGate to the factory settings except for the VDOM, interface, and static route settings. This means that after resetting, FortiGate will not have any firewall policies or IPsec settings, but it will be possible to access FortiGate remotely using its IP address.

This option is available only in CLI:

Open an SSH to the system and execute the following command:

execute factoryreset2

This operation will reset the FortiGate to factory settings except for a few specific sections related to VDOMs, interfaces, and static route settings. The following is a list of configuration sections that remain unchanged after using the factoryreset2 command:

system.global.vdom-mode
system.global.long-vdom-name
system.virtual-switch
system.interface
system.settings
router.static
router.static6

Do you want to continue? (y/n) --> This warning will appear after running the command.

Since FortiOS v7.0, it is possible to keep the central management configurations after factory-reset. The command below resets the FortiGate to the factory default, except system.central-management.serial-number/system.central-management.fmg.

execute factoryreset-for-central-management

The following is an option in all versions:

execute factoryreset-shutdown <- Reset to factory default and shutdown.

Note:

Keep a backup of the previous configuration before performing a factory reset, if the unit was configured and working properly before.

After a reboot, FortiGate will have its factory default settings, but still have management access available. The default management IP is 192.168.1.99.

All administrators will be removed, and FortiGate can be accessed with the default credentials (admin/{no password}).

After a factory reset, all existing logs stored in memory/disk will be erased. Only new logs generated from the FortiGate's restart will be available.

If the user cannot perform the above-mentioned steps and wants to factory format the unit using an external button, follow the instructions on this KB article: Technical Tip: How To Reset To Factory Default Configuration using external button.

Related articles:

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded