default admin account

unknown1020 · ‎08-04-2023

friends good day
One question: For security reasons we have to remove all admin accounts from fortigate.

However, the following is displayed on the dashboard:

It is observed that the admin account is associated with the ip 172.0.0.1, which is a local host.

Would deleting the admin account have any impact?

chauhans · ‎08-04-2023

Hello @unknown1020

Kindly follow below doc. link to delete "the default 'admin' user account on a FortiGate unit"

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-delete-the-default-admin-user-accou....

Thanks,

Shaleni

unknown1020 · ‎08-04-2023

Thanks for answering, so it doesn't generate any impact by deleting that account? since in the second image it is displayed that the IP 172.0.0.1 associated with the admin account appears. And from what I understand, that IP is a local host.

Toshi_Esumi · ‎08-04-2023

Actually, from some point of 6.0.x, you can delete "admin" admin user directly without renaming it to something else. We do that all the time to virtually all FGTs we install for our customers. No particular side effect I'm aware of.

Just need to create a new admin user, then re-login in to it with the new user name. Then you can remove the "admin".

config sys admin

edit "new-admin"

set accprofile "super_admin"

set password <whaterver_the_password_is>

exit

Then login with "new_admin".

config sys admin

delete admin

end

Toshi

pgautam · ‎08-04-2023

Hi @unknown1020

In Foritgate you can rename or delete an admin account without any bad consequences whatsoever.

Here is how to do it on CLI of the FortiGate.

1) Before diving into the config, you may want to know a few facts about the procedure:

2) You cannot rename/delete the admin user while logged in with it.

3) You have to create first another user privileged enough (super_admin) to make changes to admin. This way Fortigate prevents you from locking yourself out of the management.

4) Just renaming the admin does NOT alter its password, so you can still log in with the existing one.

5)You can rename the user back to admin if you want to, i.e. the renaming is reversible.

6) If you delete admin, you can later create a new user named admin again.

Regards

Priyanka

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

ede_pfau · ‎08-05-2023

First, you are currently logged in as 'admin'. Your sessions are shown in the screenshot.

As long as you are logged in, you cannot remove the account.

Create a new administrative account with profile 'super_admin', log out, log in as the new user and delete the 'admin' account.

This will have no adverse effects whatsoever.

Second, what you observe is sessions to '127.0.0.1', not '172.0.0.1'. The first is the 'localhost' address, that is, the PC you are currently logged in to. The second is indeed a private address of a LAN which is unknown to you (no wonder). So in short, this is perfectly OK.

Ede Kernel panic: Aiee, killing interrupt handler!