Skip to main content
Jelle1
Jelle1
New Member
January 29, 2025
Question

FG-200F can't reset password

  • January 29, 2025
  • 2 replies
  • 4513 views

I managed to get my hands on another fortigate, hoping this would be unclaimed.

 

This time it's a 200F.

 

I can't reset the password though. I have followed any and all guides I could find.

 

I have tried just holding the pin down for 30 seconds, it just reboots and didn't go default.

I have tried to press the pin down when the status light comes on, but when it does it is already started and ready to login.

I followed this:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-To-Reset-To-Factory-Default-Configuration/ta-p/198660

None of the way presented here works.

 

Maintainer account does not work, or is not active.

 

I have also tried to break it during start up. I found a guide saying I could press any key when it starts, and I've tried:

 

 

Press any key to display configuration menu... .. [C]:  Configure TFTP parameters. [R]:  Review TFTP parameters. [T]:  Initiate TFTP firmware transfer. [F]:  Format boot device. [B]:  Boot with backup firmware and set as default. [I]:  System configuration and information. [Q]:  Quit menu and continue to boot. [H]:  Display this list of options.  Enter C,R,T,F,B,I,Q,or H:  Enter C,R,T,F,B,I,Q,or H:  [S]:  Set serial port baudrate (will take effect on next boot). [R]:  Set restricted mode. [T]:  Set menu timeout. [U]:  Set security level. [I]:  Display system information. [E]:  Reset system configuration. [M]:  Enter memory test menu. [Q]:  Quit this menu. [H]:  Display this list of options.  Enter S,R,T,U,I,E,M,Q,or H:  OS image name   : flatkc vendor_id       : GenuineIntel cpu family      : 6 model           : 6 model name      : Intel(R) Xeon(R) CPU D-1627 @ 2.90GHz stepping        : 5 cpu MHz         : 2892.990 DRAM            : 8192MB 2133MHz Restricted mode : disabled Menu timeout    : 60 seconds Security level  : 1 TPM device      : fc1050  Enter S,R,T,U,I,E,M,Q,or H:  The factory setting is:  Serial console baudrate:    [9600] Restricted mode:            [off] Menu timeout:               [60] Security level:             [1]  Perform the system parameters factory reset? [Y/N]: Port baudrate change will take effect on next boot

 

It never reboots. If I press Q twice it just continue it's boot without a reset. I tried it a second time, then pulling the power cable to make sure it would reboot, still has a password that I do not know.

 

It's pretty frustrating that nothing wants to work...

 

I have also read that the only way to reset it is to format the flash and reinstall the firmware, however the firmware is behind a pretty big paywall, and being a private person I simply cannot afford to buy my way into getting a firmware. I wouldn't even need the newest one, just one that would work.

This whole forti stuff seems extremely locked down, more than anything else I have touched.

2 replies

adambomb1219
SuperUser
adambomb1219
SuperUser
January 29, 2025

Well its an enterprise product with very tight controls on compliance, security, etc.  Where did you purchase the FortiGate? How do you know its unclaimed?

https://docs.fortinet.com/document/fortigate/6.4.0/hardening-your-fortigate/907853/disable-the-maintainer-admin-account

    Jelle1
    Jelle1Author
    New Member
    January 29, 2025

    I can really only see one reason to lock it down so tightly, which is money.

     

    I do not know for sure that it is unclaimed, I got it to test, a local shop didn't think it was claimed, but it does have a configuration on it, so I think it is claimed.

    But if I can't reset the password in any way, there is no way I ever get into the management interface to check if it is actually claimed.

    I can't even figure out what firmware is on the thing. I believe I read somewhere that after a certain OS version, the maintainer account does not exist.

    I get the "login incorrect" when trying to use the maintainer account. I spam login the instant I get the login promt, try like 10 times in case it isn't booted 100% yet, and I keep trying because of the limited window where the maintainer account is usable. I also do it from a cold boot, and not just a reboot.

     

    However I managed to find fortiOS 7.6.1.F Build 3457 firmware, which comes as an .OUT file.

    I read somewhere on the fortinet technical pages that a full format of the flash and reinstallation of the firmware will get it back to default, but I would probably lose the licenses, but I don't know what will happen if it is claimed - if it goes online, would it download the configuration from the cloud, and lock me out again?

    adambomb1219
    SuperUser
    adambomb1219
    SuperUser
    February 4, 2025

    Depends exactly how its configured and what/if is being pushed from FortiGate Cloud.  This is why you have to be very careful buying used enterprise equipment.  This is hardly unique to Fortinet. Software downloads and support require a support contract.  "Finding fortiOS 7.6.1.F Build 3457 firmware" I would be EXTREMELY careful here as obviously this was not downloaded from an official source.   Who knows how its been modified.

      sw2090
      SuperUser
      sw2090
      SuperUser
      February 6, 2025

      well if the reset button don't work (could be disabled in firmware settings) you can still do this (since you must have physical access):

       

      Enter the bootloader Menu (the one you showed us above) 

      Format boot device (then Firmware image + settings are gone and the pwd with it)

      Then upload a new firmware image via TFTP 

      Fw will do a reboot after installing the image and then will be on factory defaults again.

      Terms & ConditionsAccessibility statement