Hi guys!
We had an administrator in the environment whose work methods were somewhat questionable and he chose to delete the super_admin accounts, leaving only accounts with the prof_admin profile on the appliance.
A FORTINET analyst through ticket 9306777 reported that through the .conf backup file, it would be possible to insert or modify an existing user by changing the profile from prof_admin to super_admin.
Example of my configuration file:
next
edit "ffranca"
set trusthost1 172.16.250.0 255.255.255.0
set trusthost2 172.16.253.0 255.255.255.0
set trusthost3 192.168.30.0 255.255.255.0
set trusthost4 192.168.10.0 255.255.255.0
set accprofile "prof_admin"
set vdom "root"
Would changing just the profile and uploading to restore the appliance from this new .conf file change mine from prof_admin to super_admin?
Thanks!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello @ffranca ,
Yes, that's right. You can change the admin profile on the config file without any problem. After this change, your FortiGate starts with a new configuration, and your admin user becomes a super_admin.
When you login using "prof_admin" account, you will not be able to see accounts with higher privilege like "super_admin".
Changing the accprofile from "prof_admin" to "super_admin" on backup configuration and restoring it on the firewall will make your account to be super_admin.
The option to restore configuration will only be available if you are using super_admin when you login to the firewall.
Therefore, on your current situation you need to:
1. Perform factory reset of the device. You can use factoryreset2. This option will reset the device to factory settings except for VDOM, interface, and static route settings.
This means that after resetting, FortiGate will not have any firewall policies, IPsec settings, but it will be possible to access the FortiGate remotely on its IP address.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-reset-a-FortiGate-with-the-default-...
2. Access the firewall with default admin account (username admin with no password).
https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/241541/connecting-using-a-we...
3. Restore the modified configuration with your account on super_admin profile.
https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/702257/configuration-backups...
https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/294491/administrator-profile...
Did this on one of my customer and it work perfectly fine.
Hello ozkanaltas,
No, changing the profile from "prof_admin" to "super_admin" in the .conf backup file alone will not suffice to grant a user super_admin privileges.
The .conf backup file contains configuration settings for the FortiGate device, including user accounts and their associated profiles. However, simply modifying the profile setting in the backup file won't grant a user additional privileges. The permissions and privileges associated with each profile are controlled by the FortiGate device itself and are not solely determined by the configuration file.
To grant a user super_admin privileges, you typically need to have administrative access to the FortiGate device itself. From there, you can either:
If all super_admin accounts have been deleted and only accounts with the prof_admin profile remain, you'll need to have access to an existing account with prof_admin privileges and then perform one of the above actions to grant super_admin privileges to a user.
Thank you.
Hello @Durga_Ashwath ,
Are you sure about this? Your colleague @adimailig , said the same thing as me.
I'm sure about this. You can change admin profile on the config file. After that, you can restore your FortiGate with this file. That's all. Your user became super admin.
Also, you can see people who have the same problem and their solutions in these link.
https://community.fortinet.com/t5/Support-Forum/All-superadmin-is-deleted/m-p/212711
https://community.fortinet.com/t5/Support-Forum/Lost-super-admin-how-to-exec-factoryreset/m-p/303818
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1707 | |
1093 | |
752 | |
446 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.