Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
kjamshir
Staff
Staff

Created on ‎10-30-2012 09:15 AM Edited on ‎12-10-2024 10:25 AM By Moderator

Article Id 198660

Technical Tip: How To Reset To Factory Default Configuration using external button

Description

 

This article describes how to factory reset the FortiGate to erase the current configuration using the external reset button on low-end FortiGate models.


Scope

 

FortiGate/FortiWifi/-DSL:  80F, 81F, 70F, 71F, 60E/61E, 60F/61F, 40F, 80E, 60C, and other models intended for small businesses.


Solution

 

  • This button is labeled 'RESET' or 'BLE/RESET' (located either on the Back Panel near the power connector or on the Front Panel like in 80F) and is enabled by default.Successful use of this button will result in the erasure of the current config.
  • Hard reboot the device (unplug, wait for at least 10 seconds, and plug it back online). On the first 30 to 60 seconds, press and hold the button until the 'status' light starts to blink slowly.
  • In mid to high-end models (not in the scope of this article), this button can be easily confused with the non-marked NMI button (non-maskable interrupt) watchdog feature. The NMI button does not offer the factory reset functionality. Refer to the following article Technical Tip: NMI Button for Troubleshooting Kernel Issues for more info. 
  • To confirm the purpose of this external button on the FortiGate:

diagnose hardware test button


The output will show if it is used as a Reset Button or as an NMI Button. It is possible to press 'N' to stop the test.

 

  • The behavior of the reset button will depend also upon the firmware version that is being used. One of the options below will factory default the unit:
 
Option A.
 
  1.  Reboot FortiGate.
  • It should be noted that a power-cycle is required and that using the CLI command to execute a reboot may not be sufficient to enable the reset button.
  1. Wait until the FortiGate OS is running again.
  • The FortiGate OS is at the running stage when the 'STATUS'/'STA' LED is blinking slowly. It means that the console prompts the login.
  1.  Once the STATUS LED is blinking slowly (typically between the first 30 to 60 seconds of boot), press the external button 'RESET', then the 'STATUS'/'STA' LED will blink faster until the FortiGate reboots itself. If the device does not reboot even after holding the reset button for 30 seconds to one minute, the next step is to release and try to hold the rest button again for one minute until the device reboots. 


1.gif

 

  • The reset button can only be used in the first 30 or 60 seconds depending on the model after a power-cycle.
  • If the uptime of the unit is more than 30 or 60 seconds, the RESET button is disabled and when pressed the console output will prompt with the below message, and no action is taken if pressed at this stage.

Note:
If the 'STATUS/STA' LED not blinking after sometime, this indicates that the device cannot boot up and there may be boot image corruption. Access the device using serial connection with console cable to verify this. Refer to this document for more information: Technical Tip: How to connect to the FortiGate and FortiAP console port.

FortiGate:                                                                                                                                                          
The reset button has been disabled, press the button during the first 60 seconds after a power-cycle.
  1. If the external button is pressed on time, the unit reboots, and the default configuration will be active.

 

resetpowercycle.PNG

 

FortiGate:


System is resetting to factory default...

The system is going down NOW !!

 

Option B:
  1. The reset button can be pressed anytime, and the unit will perform a factory reset.
  2. After the unit reboots the default configuration will be active in the same way as if the CLI command execute factoryreset had been used.

 

How to disable the hardware reset button:

 

config system global
(global) # sh full | grep "reset"
    set admin-reset-button enable <----- This would disable the reset button.
    set check-reset-range disable
    set reset-sessionless-tcp disable

 

This is not a recommended setting, as sometimes FortiGate enters a boot loop and the RESET button helps to factory reset the settings.

 

How to reset password when the hardware reset button is disabled:

Connect with a console cable, and reboot the device. During the bootup process, when "Press any key to display configuration menu..." appears, press any key to enter the bootup menu.

 

b1.png

 

From the menu display, press to enter 'System configuration and information':

 

b2.png

 

On the next menu press to reset the system configuration:

 

b3.png

 

After this step, FortiGate will ask to confirm the choice. Press to proceed:

 

b4.png

 

This will clear the system configuration and admin password as well. To exit and reboot the device, quit the menu with multiple times, and the device will reboot with a clear configuration.

390561
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.