Description
This article describes how to update admin credentials for multiple devices at once in FortiManager device manger database. These credentials are used to connect FortiManager with the FortiGate device.
Scope
FortiManager, FortiManager Cloud.
Solution
There are 2 options which can be used to achieve this task.
Option1:
- Use the cli commands 'execute device replace user <device_name> <new_user>' and “execute device replace pw <device_name> <new_password>” to change the username and password for managed devices.
- A list can be created for multiple device and then pasted to Fortimanager CLI. For example:
execute device replace user FortiGate-40F user101
execute device replace user FortiGate-60E user102
execute device replace pw FortiGate-40F Secure123#
execute device replace pw FortiGate-60E 123#Secure
Option2:
- Export device list from FortiManager using “Export Device List” feature.
Note: Follow the article How to export, import, or edit a Device List in FortiManager Device Manager for details on exporting and editing the device list, these detail applies to step 1-3 of option2 in this article.
- Edit the file with new credentials required for each device and save it.
- Import the saved file back to FortiManager.
- The policy package and provisioning template assignment for the imported devices will reset and show as never installed.
- Add the device back to Policy package Installation Target using following methods:
- Use the GUI to add devices back to Installation target.
- Use the GUI to add devices back to Installation target.
- Use API requests to set the device/VDOM as Installation target.
Example API request:
{
"method": "set",
"params": [
{
"data": [
{
"name": "Device1",
"vdom": "root"
},
{
"name": "Device2",
"vdom": "root"
}
],
"url": "/pm/pkg/adom/root/FortiGate-60E-PKG/scope member"
}
],
"session": "string”
"id": 1
}
- When using provisioning templates, assign those back to the devices using following methods:
- Via GUI, by assigning all templates on device manager.
-
Using API request. An example of assigning the CLI template:
{
"method": "set",
"params": [
{
"data": [
{
"name": "FortiGate-60E",
"vdom": "root"
},
{
"name": "FortiGate-40F",
"vdom": "root"
}
],
"url": "/pm/config/adom/72/obj/cli/template/dashbaord/scope member"
}
],
"session": "string”
"id": 1
}
Note: The value of the 'URL' field needs to be changed based on template type:
- Template group: '/pm/tmplgrp/adom/<adom_name>/<template_grp_name>/scope member'
- IPsec: '/pm/template/_ipsec/adom/<adom name>/<template name>/scope member'
- Static Route: '/pm/template/_router_static/adom/<adom name>/<template name>/scope member'
- SD-WAN: '/pm/wanprof/adom/<adom name>/<template name>/scope member'
- Install Policy Package & Device Settings to devices and synchronize the status.
