FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
mattchow_FTNT
Article Id 245880
Description The article describes how to reset the admin password using the maintainer account in the secondary unit and synchronize the config to the primary without a network outage.
Scope FortiGate.
Solution

To reset the admin account password using the maintainer account, it is necessary to power cycle the secondary unit, then follow the steps as stated in the below document:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Resetting-a-lost-Admin-password/ta-p/19704...

 

HA status will show 'out-of-sync' for a while as the output below, but it will be 'in-sync' after it successfully synchronizes the admin's password.

 

# get system ha status
.
.
FGXXXXXXXXX(updated 3 seconds ago): in-sync
FGXXXXXXXXX(updated 0 seconds ago): out-of-sync

HA checksum will be mismatched on 'global' since the admin account belongs to the global configuration as output below, it will be matched after the admin's password successfully synchronize the admin's password.

 

# diagnose sys ha checksum cluster

================== FGXXXXXXXXX ==================

is_manage_primary()=1, is_root_primary()=1
debugzone
global: 75 85 ac 22 21 c9 5c c9 31 bb 96 e4 43 0d cb d4
root: 74 1f 84 68 8e 7b d5 b0 ff 65 5c 70 bb 99 15 a8
all: 81 20 d1 6b 41 30 d5 b6 37 dd 53 ed 86 96 b7 78

checksum
global: 75 85 ac 22 21 c9 5c c9 31 bb 96 e4 43 0d cb d4
root: 74 1f 84 68 8e 7b d5 b0 ff 65 5c 70 bb 99 15 a8
all: 81 20 d1 6b 41 30 d5 b6 37 dd 53 ed 86 96 b7 78

================== FGXXXXXXXXX ==================

is_manage_primary()=0, is_root_primary()=0
debugzone
global: ab d7 a4 7d f1 2c ff 3b 45 08 c7 93 9c ad 85 e0
root: 74 1f 84 68 8e 7b d5 b0 ff 65 5c 70 bb 99 15 a8
all: 2c 1b 85 97 92 71 3d cf 87 85 51 b9 e3 da 12 51

checksum
global: ab d7 a4 7d f1 2c ff 3b 45 08 c7 93 9c ad 85 e0
root: 74 1f 84 68 8e 7b d5 b0 ff 65 5c 70 bb 99 15 a8
all: 2c 1b 85 97 92 71 3d cf 87 85 51 b9 e3 da 12 51

 

Log description as shown in the screenshot below:

 

mattchow_FTNT_0-1676454097231.png