Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Contributor III

fortigate-tech-support user


a strange thing happened to me today.

My home firewall 40F (7.2.1) rebooted unexpectedly.
I looked in the log and found that the reboot was done by the user "fortigate-tech-support" and the reason was a firmware upgrade (7.2.1->7.2.2)

In system/Administrator this user was created and I don't know about it.
My admin password is set to 17 characters (including special characters) and another administrator has an equally strong password.
FortiGate is added to FortiCloud.
Passwords remained unchanged, all configuration looks ok.


How should I explain it? I'm assuming it's not a trusted event... or is it something to do with the new CVE?


Thank you.


New Contributor

Hi @Amar1 ,


Is this legitimate? I am seeing the same issue as well.



If you see "fortigate-tech-support" or have device with logs (type="event" subtype="system") and any of following properties:

then open a technical ticket of Fortinet's Support for further steps and checks.

Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff

New Contributor

@Jirka1please advise on the feedback from support if you reported ? i also experienced the same thing on the same date as you

New Contributor III

Noticed these on some Fortigates as well, what was the feedback and recommendation from Fortinet to take on this?

New Contributor

Based on the information provided, the unexpected reboot of your FortiGate device and the existence of an unknown user "fortigate-tech-support" in the Administrator section raise several important points and potential concerns:

  1. Unscheduled Firmware Upgrade: The reboot appears to have been triggered by a firmware upgrade (from version 7.2.1 to 7.2.2), which may indicate an automated update process, possibly managed through FortiCloud or a scheduled task. Normally, these updates should be controlled and approved by an authorized administrator, and any deviation from this process should be investigated.

  2. Unrecognized User Account: The creation of a new user account "fortigate-tech-support" without your knowledge is a significant concern. It may indicate unauthorized access to your device, a potential security breach, or a misconfiguration issue.

  3. FortiCloud Integration: Since the FortiGate device is integrated with FortiCloud, it's possible that Fortinet technical support may have access to the device for support purposes. However, this should be done only with explicit authorization and proper security measures in place.

  4. Security Vulnerabilities (CVE): The mention of a potential CVE (Common Vulnerabilities and Exposures) may suggest that there was a known security flaw in the firmware version 7.2.1 that required patching. It's important to review the release notes and here is security advisories for the new firmware version (7.2.2) to understand if there was a known vulnerability being addressed.


Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors