Staff

Technical Tip: Use the CLI to change a FortiGate admin user password on FortiManager

Forum|Forum|1 year ago
March 31, 2025
0 replies
2360 views

Description

This article describes how to change a FortiGate admin password via a CLI script on the Device Database or via a CLI template assigned to FortiGate device.

Scope

FortiManager v7.x.

Solution

Important: The password must be changed in ENC, and not in plaintext.

To get an admin password in ENC format using FortiGate 7.x:

Create an admin user with password entered in clear text.
Dump admin user password:

config system admin

edit <ADMIN_USER>
show

For example:

config system admin
    edit "admin"
        set trusthost1 192.168.250.0 255.255.254.0
        set accprofile "super_admin"
        set vdom "root"
        set password ENC SH28g4NpTVD2dvdrvz3jxvBpQ4MW0uKA34bTBj3QNc0vME35Fiqvbrf7x6+9Ju4Y=
    next
end

Create a CLI script under Device Manager -> Script and specify Type:
CLI Script, Run script on:
Device Database.
Alternatively, create a CLI Template under Device Manager -> Provisioning Template -> CLI template.

config system admin
    edit "admin"
        set password ENC SH28g4NpTVD2dvdrvz3jxvBpQ4MW0uKA34bTBj3QNc0vME35Fiqvbrf7x6+9Ju4Y=
    next
end

Save the CLI script or CLI template.
Execute the CLI script on FortiGate or assign a CLI template to FortiGate.
Install device settings or policy package.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded