Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
reinhard_cre
New Contributor

Created on ‎10-06-2021 05:28 AM

Lost Access to Firewall

Dear Community,

 

unfortunately, I have a bigger problem. I created a super-admin with a Fortitoken. Due to a defect, I had to factory reset my smartphone, and therefore I lost my Fortitoken. So I can no longer log into the firewall. I have a backup file with Fortitoken already activated, and the backup file is unfortunately also password encrypted, which is why I cannot remove the 2 factor line. Unfortunately, the maintainer account is also no option because the command Full Config is deactivated. Does anyone have any idea whether there is a possibility to activate the command Show Full Config for the maintainer account, or if there is any other possibility without having to reset up my entire system?

 

Thank you very much 

3612
0 Kudos
4 REPLIES 4
lobstercreed
Valued Contributor

Created on ‎10-06-2021 07:00 PM

I'm confused what you mean about the command full config being disabled. Do you mean maintainer account has been disabled? If not, you can modify (or create a new) local admin account without FortiToken while logged in as maintainer. Then log in with the modified/new account to get things back where they should be. See KB here: https://kb.fortinet.com/k....do?externalID=FD34757
2806
0 Kudos
reinhard_cre
New Contributor
In response to lobstercreed

Created on ‎10-07-2021 01:06 AM

Yeah, that I have known, but my Problem is that when I log in with maintainer I only can change the password off the user and can't disable fortitoken. So there is after that a new password, but fortitoken is still enabled.
2806
0 Kudos
lobstercreed
Valued Contributor
In response to reinhard_cre

Created on ‎10-07-2021 05:25 AM

Is that the only admin account on the whole firewall?  Can the maintainer account not also create a new user account?  I'm not sure the answer to the 2nd question.  The first should never be yes (big mistake to learn from if so).  If so then I guess maybe you are out of luck.  I would have thought you could run a CLI command to remove FortiToken from maintainer though.

2806
0 Kudos
ede_pfau
SuperUser
SuperUser
In response to lobstercreed

Created on ‎10-08-2021 07:54 AM

I'd open a support ticket with CS, asking for technical support. Maybe there is a way to access the FGT via REST API without 2FA.

If not, you can only scratch the boot partition from the boot menu and rebuild.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
2806
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.