Technical Tip: How to recover admin account with super_admin profile.

To begin, let us understand how it is possible to run into such a situation. 

Refer: Technical Tip: Prof_Admin admin profile will not be able to back up the Super_Admin

Now, once logged in as prof_admin, it is not possible to create a new admin account with a super_admin profile or restore the configuration file by appending it with a new admin account with a super_admin profile.

This picture depicts that an account with prof_admin role cannot restore a configuration file.

The solution to this problem is explained in below steps:

1. Secure a current backup configuration file and take note of the current firmware version.
2. Flash format the FortiGate and reload the same firmware using the TFTP server. Refer: Technical Tip: Formatting and loading FortiGate firmware image using TFTP
3.  Once the FortiGate is up, append the backup configuration file with the following changes:

config system admin

    edit "admin"

        set accprofile "super_admin"

        set vdom "root"

    next

end

Note: Be sure that the admin account name is NOT repeated.

  4. Restore this configuration file. Now when the FortiGate is up again, it will have the same configurations as before and will also have an admin account with a super_admin profile.

Option without the requirement to execute a clean install on the device

Requirements for this option:

1. A profile with the Read/Write under the System/Configuration at least.

Permission

2. USB on the Device.

USB_setting

Steps:

1. Copy the configuration file which was appended to the user as in the item 3 above.
2. Insert the USB disk.
3. Go to the Menu System/Settings and change the field content on 'Detect configuration' under the 'USB auto-install' to the same configuration name which is on the USB disk.
4. Disable the option 'Detect firmware' (it is not necessary on this case).
5. Reboot the device.