FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
This article describes how to recover access to FortiManager/FortiAnalyzer  Hardware when the admin password is lost, in order to restore access, download and install firmware from a local TFTP server, via Console on the FortiManager/FortiAnalyzer hardware.

To restore the old config back back on the FortiManager/FortiAnalyzer, it is necessary to have a backup of the config and contact Fortinet Support to remove the password if unknown, before restore process.

Installing firmware from a local TFTP server via console resets the FortiManager/FortiAnalyzer system settings to default.

After reloading the firmware image on Hardware unit make sure to re-configure the System Settings accordingly as explained at the end of this article.
Otherwise, it risks data loss and corruption.

Any action taken upon the information on this article is strictly at own risk.


- Null modem, or DB9 to DB9 console connector cable. See also the related article, Serial cable pin outs for console access to Fortinet devices
- Ethernet RJ45 cable (depending on the hardware model)
- Terminal client, such as a PC running HyperTerminal (Windows)
- TFTP server (following is the recommended TFTP software)
Recommended TFTP software.

- Windows users

TFTPD32 - Open Source tftp server for windows  here

3CDaemon V2 - 3com's TFTP server for windows
- Linux users

Ubuntu 8.04 LTS, 8.10,  9.04 and 9.10
Fedora Core 9
Centos 5

- Mac OS X 10.5/10.6 users
TFTP Server v 3.3.1

Step to reset push new Firmware.

1) Download the image for the FortiManager/FortiAnalyzer from the Fortinet Support Site. At the same website, download the <image name>.md5 file that contains the MD5 checksum for the firmware image downloaded. Please make sure to download the firmware version which is currently running on the machine to avoid any possible issue caused by downgrade or unwanted upgrade.
2) Check that the image is successfully downloaded and is not corrupted Compare the generated MD5 sum against the one in the .md5 file.

-  Windows users can download and use the md5sum.exe <filename> (such as :  or
- Linux users can accomplish this with md5sum <filename>
- Mac OS X  users can also use md5sum <filename>
Some console prompts in this procedure include a default value in square brackets, for example, [image.out]. To use this default value, press Enter.

3) Connect the computer to the FortiManager/FortiAnalyzer unit using the null modem cable.

Terminal client communication parameters.
8 bits
no parity
1 stop bit
9600 baud
Flow Control = None

4) Restart the FortiManager/FortiAnalyzer.
5) When the console displays 'Press any key to display configuration menu...' press the space bar or any other key.
6) When a list of choice with letter of Alphabet comes up press G to continue.

7) Connect the computer running TFTP server to the FortiManager/FortiAnalyzer unit. The port is prompted in the console output as below:
Please connect TFTP server to Ethernet port "1"
8) Type the IP address of the computer running the TFTP server and press Enter.
The console displays:
Enter TFTP server address []:
9) Type the IP address of the FortiManager/FortiAnalyzer port that is on the same subnet as the TFTP server and press Enter.
The console displays:
Enter Local Address []:
10) Type the firmware image file name and press Enter.
The console displays:
Enter File Name [image.out]:
The console periodically displays a "#" (pound or hash symbol) to show the download progress.

11) When the download completes, the console displays a message similar as below, Press D.
Save as Default firmware/Backup firmware/Run image without saving:[D/B/R]?D
The FortiManager/FortiAnalyzer unit installs the new firmware image and restarts. The installation may take a few minutes to complete.

This will change the System Settings configuration back to default status.

If any config has been saved to provide to Fortinet Support, it will be necessary need to reconfigure the unit.
If a backup is present, open a support ticket asking for password removal and reload the provided config on the same version as the original one.

Re-configure the port IP address/allowaccess and static route to have an access to the unit via GUI and SSH.

Re-enable ADOMs, Advanced Mode, workspace/workflow mode, Workflow Approval, re-configure Administrators, profiles, SNMP, Mail Server or Syslog server if needed.

Note that the workflow sessions are not preserved and they will be purged after reloading the firmware image.

It is possible to extract the system level configuration from the backup file, by using a decompression utility such as tar, 7-zip or WinRar.
The system configuration file is stored under /var/fwclienttemp/system.conf filename.

The CLI configuration can then be copied & pasted via a serial or terminal session. 
It is best to do this in chunks of not more than 30 text lines at a time.

The rest of configuration remains untouched, logs remain untouched.

Related Articles

Technical Tip: Formatting and loading FortiGate firmware image using TFTP

Technical Note: FortiManager Tips and Best Practices Guide

Troubleshooting Tip: Restoring FortiManager or FortiAnalyzer configuration when admin password is lo...

Technical Tip: How to recover access to FortiManager or FortiAnalyzer when the admin password is los...