Skip to main content
singhl
Staff
singhl
Staff
November 18, 2024

Technical Tip: Bulk change the admin credentials for devices in FortiManager Device manager

  • November 18, 2024
  • 0 replies
  • 1792 views
Description

 

This article describes how to update admin credentials for multiple devices at once in FortiManager device manger database. These credentials are used to connect FortiManager with the FortiGate device.

 

Scope

 

FortiManager, FortiManager Cloud.

 

Solution

 

There are 2 options which can be used to achieve this task.

 

Option1:

 

  • Use the cli commands 'execute device replace user <device_name> <new_user>' and  “execute device replace pw <device_name> <new_password>”  to change the username and password for managed devices.
  • A list can be created for multiple device and then pasted to Fortimanager CLI. For example:

execute device replace user FortiGate-40F user101

execute device replace user FortiGate-60E user102

execute device replace pw FortiGate-40F Secure123#

execute device replace pw FortiGate-60E 123#Secure

 

Option2:

 

  1. Export device list from FortiManager using “Export Device List” feature.

Note: Follow the article How to export, import, or edit a Device List in FortiManager Device Manager for details on exporting and editing the device list, these detail applies to step 1-3 of option2 in this article.

 

  1. Edit the file with new credentials required for each device and save it.

singhl_1-1731883668014.png

 

  • Import the saved file back to FortiManager.
  • The policy package and provisioning template assignment for the imported devices will reset and show as never installed.
  • Add the device back to Policy package Installation Target using following methods:
    • Use the GUI to add devices back to Installation target.

    singhl_2-1731883668018.png

 

  • Use API requests to set the device/VDOM as Installation target.

    Example API request:

{

  "method": "set",

  "params": [

    {

        "data": [

            {

                "name": "Device1",

                "vdom": "root"

            },

            {

                "name": "Device2",

                "vdom": "root"

            }

        ],

        "url": "/pm/pkg/adom/root/FortiGate-60E-PKG/scope member"

    }

  ],

  "session": "string”

  "id": 1

}

 

  1. When using provisioning templates, assign those back to the devices using following methods: 
    • Via GUI, by assigning all templates on device manager.

    singhl_3-1731883668023.png

 

  • Using API request. An example of assigning the CLI template:

{

  "method": "set",

  "params": [

    {

        "data": [

            {

               "name": "FortiGate-60E",

                "vdom": "root"

            },

            {

                "name": "FortiGate-40F",

                "vdom": "root"

            }

        ],

        "url": "/pm/config/adom/72/obj/cli/template/dashbaord/scope member"

    }

  ],

  "session": "string”

  "id": 1

}

 

Note: The value of the 'URL' field needs to be changed based on template type:

 

  • Template group: '/pm/tmplgrp/adom/<adom_name>/<template_grp_name>/scope member'
  • IPsec: '/pm/template/_ipsec/adom/<adom name>/<template name>/scope member'
  • Static Route: '/pm/template/_router_static/adom/<adom name>/<template name>/scope member'
  • SD-WAN: '/pm/wanprof/adom/<adom name>/<template name>/scope member'

 

  1. Install Policy Package & Device Settings to devices and synchronize the status.
    Terms & ConditionsAccessibility statement