Troubleshooting Tip: All the options available when a user lost admin access (with or without multifactor authentication) to FortiGate

1. A maintainer account can help to reset the password only when FortiGate is below v7.2.4. From v 7.2.4 and later, the maintainer account is no longer available. Technical Tip: Resetting a lost admin password.
2. FortiGate above v7.2.4 can be recovered through FortiGate Cloud only with an active subscription: Technical Tip: Recover access to FortiGate via FortiGate Cloud.
3. FortiGate does not have an active subscription means FortiGate has read-only access. Check with the account manager or reseller to buy the active subscription for FortiGate and then follow step 2:  Troubleshooting Tip: Read-only access when accessing FortiGate via the FortiGate Cloud without a paid subscription.
4. If the user does not want an active subscription, the user should have the old or new backup configuration file. To remove the password line, format, and reload image option will work for FortiGate: Technical Tip: Resetting a lost admin password.
5. The user does not have a backup configuration or any other last saved configuration. The user is left with only step 2, which will save the FortiGate configuration file. Otherwise, if the configuration file is not needed, the user can directly format and reload a new image, but that will not save any old configuration or any other configuration file: Technical Tip: Formatting and loading FortiGate firmware image using TFTP.

6. If the FortiGate was accessed using a remotely authenticated Administrator account (with no local admin configured, or if the local admin password has been lost), and a recent configuration change causes the connection to the remote authentication server (such as LDAP or RADIUS) to fail, access to the device may be lost. 
   In this situation, one possible recovery method is to boot the device from the secondary partition and revert to the previous firmware image. This restores the earlier configuration, before the changes that disrupted communication between the FortiGate and the authentication server were applied. For detailed instructions for selecting an alternate firmware image at boot, see Technical Tip: Selecting an alternate firmware for the next reboot.
   
   

    

Once access has been restored, it is strongly recommended to create a new local super-admin account. Having a local administrator configured provides a critical fallback option in case a similar issue occurs in the future.