Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
lgupta
Staff
Staff

Created on ‎10-21-2024 06:09 AM Edited on ‎09-14-2025 10:53 PM By Moderator

Article Id 350631

Technical Tip: How to recover admin account with super_admin profile

Description This article describes that in case of lost access to the admin account with a super_admin profile, follow the steps to restore the admin account with a super_admin profile.
Scope All FortiOS.
Solution

To begin, let us understand how it is possible to run into such a situation. 

Refer to this article: Technical Tip: Prof_Admin admin profile will not be able to back up the Super_Admin.

 

Now, once logged in as prof_admin, it is not possible to create a new admin account with a super_admin profile or restore the configuration file by appending it with a new admin account with a super_admin profile.

 

Picture1.png

 

This picture depicts that an account with a prof_admin role cannot restore a configuration file.

 

The solution to this problem is explained in steps below:

  1. Secure a current backup configuration file and take note of the current firmware version.
  2. Flash format the FortiGate and reload the same firmware using the TFTP server. Refer to this article: Technical Tip: Formatting and loading FortiGate firmware image using TFTP.
  3.  Once the FortiGate is up, append the backup configuration file with the following changes:

 

config system admin

    edit "admin"

        set accprofile "super_admin"

        set vdom "root"

  set password password-in-plaintext

    next

end

 

Note: Be sure that the admin account name is not repeated.

 

  1. Restore this configuration file. Now, when the FortiGate is up again, it will have the same configurations as before and will also have an admin account with a super_admin profile.

 

Option without the requirement to execute a clean install on the device.

Requirements for this option:

  1. A profile with the Read/Write under the System/Configuration at least.

 

PermissionPermission

 

  1. USB on the Device.

 

USB_settingUSB_setting

 

Steps:

  1. Copy the configuration file that was appended to the user as in item 3 above.
  2. Insert the USB disk.
  3. Go to the Menu System/Settings and change the field content on 'Detect configuration' under the 'USB auto-install' to the same configuration name that is on the USB disk.
  4. Disable the option 'Detect firmware' (it is not necessary in this case).
  5. Reboot the device.

 

Alternative:

There are more than 2 options to restore/add a super_admin account, but there are also some requirements:

  1. FortiManager (requires the FortiManager license).
  2. FortiGate Cloud (requires FortiGate Cloud subscription. The free option is only for read-only access).

 

Related articles:

Technical Tip: Admin account can be pushed from FortiManager to FortiGate

Technical Tip: Recover access to FortiGate via FortiGate Cloud

Technical Tip: How to restore the default admin account
2998
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.