Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Nishtha_Baria
Staff
Staff

Created on ‎07-14-2023 01:24 AM Edited on ‎06-09-2024 10:05 PM By Community Manager

Article Id 263991

Technical Tip: Reset another super admin’s password (Lost/Forgotten)

Description

This article describes how to reset another super administrator's password as a super administrator.
Scope FortiGate.
Solution

If there are two or more upper administrators in the FortiGate and one of the account owners has lost or forgotten the password, follow the steps in this article to reset the password.

 

By default, it is necessary to enter the old password followed by the new password when changing another super administrator's password:

 

1.PNG

 

To change the administrator’s lost/forgotten password, follow the steps below to reset it. Additionally, note that it will be necessary to have at least one super_admin user to log in to FortiGate with.

 

  1. First, change the administrator profile of the administrator that requires the password reset. Navigate to System -> Administrator and select the administrator user to edit. Change the profile from ‘super_admin’ to ‘prof_admin’ and save the changes by selecting the ‘OK’ button on the page. 

 

22.png

  1. Next, edit the same admin user again and select the ‘Change Password’ button next to the username. See the screenshot below.

 

3.png

 

  1. A prompt will appear asking for a new password without the need for the old password. Change the password and save it by selecting the ‘OK’ button. The password for the admin user will be changed accordingly.

 4.png

 

  1. Lastly, change the Administrator profile back to ‘super_admin’ from ‘prof_admin’. 

 

Note:

Starting from v7.2.x and above, if an attempt is made to reset the password through the CLI console in the GUI, the CLI will still require the old password to be entered, regardless of whether the user is a prof_admin or super_admin. This must be done through the GUI.


Additionally, note that if a password policy is applied, this may require the old administrator password. In particular:

  • If a password may not be re-used.
  • If a minimum number of changes from the old password are required.

If either setting is in place, FortiGate will display a prompt for the old password. This is due to FortiGate requiring the old password for comparison to the new one (the old password is stored as a hash on FortiGate, and plaintext cannot be recovered from it, so the old password must be entered for FortiGate to be able to compare).
The only workaround for this is to either disable the password policy temporarily or disable the specific settings outlined above temporarily.

Another available workaround is updating the password of the firewall admin via SSH (TCP 22). In this way, an old password is not required.
6166
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.