FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
This article describes how to change a FortiGate admin password via a CLI script on the Device Database or via a CLI template assigned to FortiGate device.
Scope
FortiManager v7.x.
Solution
Important: The password must be changed in ENC, and not in plaintext.
To get an admin password in ENC format using FortiGate 7.x:
Create an admin user with password entered in clear text.
Dump admin user password:
config system admin
edit <ADMIN_USER> show
For example:
config system admin edit "admin" set trusthost1 192.168.250.0 255.255.254.0 set accprofile "super_admin" set vdom "root" set password ENC SH28g4NpTVD2dvdrvz3jxvBpQ4MW0uKA34bTBj3QNc0vME35Fiqvbrf7x6+9Ju4Y= next end
Create a CLI script under Device Manager -> Script and specify CLI Script, Device Database.
Alternatively, create a CLI Template under Device Manager -> Provisioning Template -> CLI template.
config system admin edit "admin" set password ENC SH28g4NpTVD2dvdrvz3jxvBpQ4MW0uKA34bTBj3QNc0vME35Fiqvbrf7x6+9Ju4Y= next end
Save the CLI script or CLI template.
Execute the CLI script on FortiGate or assign a CLI template to FortiGate.
