| Description |
This article describes the purpose and functionality of the default 'guest’ and ‘Guest-group’ that are created in FortiOS by default and after a factory reset. |
| Scope | FortiGate. |
| Solution |
When configuring a FortiGate for the first time or after performing a factory reset, a user named ‘guest’ is created as a member of the group ‘Guest-group’. By default, the password of the ‘guest’ user is set to ‘guest’. This user/group is not created when adding new VDOMs to a FortiGate, they are only created for the ‘root’ VDOM.
On FortiWiFis, ‘Guest-group’ is referenced as the default group that is able to log into the ‘GuestWiFi’ WiFi SSID that is also created by default.
On non-FortiWiFis, there are no default references to the ‘Guest-group' group, and the only reference for the 'guest' user is its membership in ‘Guest-group’. This means that by default, neither of them can be used to:
As long as there are no references to either the ‘guest’ user or the 'Guest-group' group, they can be deleted without affecting the normal operation of the FortiGate.
The reference count can be verified by looking at the 'Ref' column in the GUI, or referring here: Technical Note: How to Check Referenced Objects
It is also worth noting that the default ‘guest’ user is separate from the 'Guest Management' feature within FortiOS, which requires configuring a separate group on the FortiGate with the type set to 'Guest'. Note that the default ‘Guest-group’ is a Firewall group and cannot be used for Guest Management. |
