This article describes a historical method to recover full administrative access to FortiGate if the device was online and managed by FortiGate Cloud with a paid subscription.

The process below is no longer possible since FortiGate Cloud 24.4. An alternative recovery method is described in the article Technical Tip: Recover access to FortiGate via FortiGate Cloud.

Requirements.

1. FortiGate should already be registered with FortiCloud with the status UP in FortiCloud.
2. During registration and management to FortiCloud, the admin credentials should already have been applied in FortiCloud.
3. If the Admin password does not match, we will not be able to reset the 2FA for admin.
4. A FortiGate Cloud paid subscription for remote management.

Related document:

Feature comparison]

Note:

FortiGate Cloud no longer deploys configuration changes directly since FortiGate Cloud 24.4. A similar method to apply changes using a CLI script can be used instead if the requirements are met, see Technical Tip: Recover access to FortiGate via FortiGate Cloud

The method outlined below will no longer function and is retained for historical reference only.

Go to the FortiCloud portal and manage the intended firewall:

• Go to System -> Administrator and select 'Create New'.
• Create a new admin1.
• Type Local user.
• Administrator Profile is super_admin.
• Assign a password.
• Assign an email address.
• Select 'Save'.

Once saved, select 'Deploy' to push new changes to the FortiGate from FortiCloud:

• Once the deployment is selected, select 'Schedule'.
• Check to deploy immediately.
• Select 'Apply'.
• Wait for the log summary and ensure no errors during deployment.
• Log in to the Firewall with the newly created admin and unset the admin 2-factor FortiToken.
• Delete the temp admin created once the admin account is recovered.