New Member

Question

Reset Fortigate config from Fortimanager

Forum|Forum|1 year ago
January 31, 2025
5 replies
3827 views

Hello,
I am looking for a way to do a factory reset of a Fortigate from a Fortimanager.
I haven't found anything in the documentation about this.
Am I missing something or is it really not done?
Thanks in advance for your feedback.
Regards,

dingjerry_FTNT

Staff

@THOUEL ,

To factory reset a FortiGate (FGT) device managed by a FortiManager (FMG), you can use the command "execute factory-reset" within the FortiGate CLI, which will reset all configurations on the device to factory defaults; always ensure you have a backup before performing a factory reset as it will erase all settings.

However, please note, after Factory Reset, you will lose the connection to the FGT on the FMG. So you still need console access or local access to the FGT for further configuration.

That means, it does not make any sense or it is not practical to factory reset an FGT from FMG.

THOUELAuthor

New Member

Thank you for your time.

The idea is to prevent live configuration on the Fortigate, so all configuration is done from the Fortimanager.

But when we sell a facility, and the Fortigates (HA cluster) are transferred, how can we do that the team can run a factory reset from the Fortimanager... Currently, one of the IT managers, who has the local administrator password, connects for a few minutes and performs the factory reset action on the reset all conf call.

dingjerry_FTNT

Staff

Hi @THOUEL ,

I am not sure what you mean.

Do you mean that you sell a FGT to someone, and want to erase all configuration on this FGT before you give the FGT device to that customer?

THOUELAuthor

New Member

Hi,

Sometimes my company buys and/or sells facilities. When selling, we leave the firewalls to the buyers. So we need to factory reset them.

Regards,

THOUELAuthor

New Member

And the team only have read access to the Fortigate.

johnlloyd_13

Explorer III

hi,

you can delete/remove the FGT device in FMG: device manager > device & groups > right-click device > delete.

then you issue the factory reset command in privilege mode "execute factory-reset".

the new/receiving team can console access using the default login and configure from scratch.

alazic

New Member

hello, I have some similar request with remote factory reset of the FortiGate from FortiManager. As I have a HA (active-passive) it it enough to issue command "execute factory-reset" just on primary node and both cluster members will be reset to factory defaults? If not what would be the proper procedure for having both node of the HA cluster reset to factory default remotely?

dingjerry_FTNT

Staff

Hi @alazic ,

No, running "execute factoryreset" (No dash in it) on Primary device will not factory reset both units.

What you can do:

1) Connect to the FGT HA cluster via SSH.

2) After login to the Primary unit, run "exe ha manage" command to login to the slave unit. You did not tell us what your FGT version is. The command is changed a little so you can use the question mark to tell what the correct command is.

Here is the KB for the command:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Managing-individual-cluster-units-with-the-CLI/ta-p/197110

3) Run "exe factoryreset" on the slave device first.

4) Run "exe factoryreset" on the primary device later.

NOTE:

After the factory reset, you will lose the connection to the FGT devices via FMG. You have to access to the FGT devices directly.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded