FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
pdelapena
Staff
Staff
Article Id 349767
Description This article describes how to create an administrator profile with least-privileges that can be assigned to an administrator who can run the command 'execute factory-reset' for the device.
Scope FortiGate.
Solution

If the FortiGate needs an urgent factory reset or cannot be accessed due to the main Administrator account getting locked out because of lost password or 2FA issues, normally a separate super-admin account can be used to make some changes and regain access.

 

However, providing high privileges to multiple administrators imposes security risks and account management concerns. It is possible in FortiGate to create an administrator with the minimum account of privilege to at least factory reset the device.

 

To set up this factory-reset admin account, create a new administrator profile with Read/Write privilege for System -> Administrator Users.

 

1.JPG

 

Then create a separate administrator account and assign the factory-reset administrator profile. It is optional to enable 2FA to this user for additional security.

 

2.JPG

 

Do not forget to verify if the FortiGate is accessible with the newly created administrator account.

 

3.JPG

 

The command to factory reset the FortiGate to default settings is 'execute factoryreset'.

 

factoryreset1.JPG


Related documents:

Reset a FortiGate to default factory settings without losing management access 

Factory Reset Options for KVM