← Back to Guides Homepage

How to Reset FortiGate Firewall Password (New Method)

This guide explains how to reset a lost admin password on a FortiGate firewall. Previously (before FortiOS 7.2.4), a "maintainer" account backdoor using the serial number was available. This is no longer functional on newer firmware versions, requiring a different approach involving a configuration backup and a factory reset.

Prerequisite: Configuration Backup

Critical: This method requires you to have a backup of your firewall's configuration file. If you are already locked out and do not have a backup, you cannot restore your previous settings using this method.

If you have access or are preparing for the future:

1. Log in to the Web GUI.
2. Navigate to the admin menu (top right) and select Configuration > Backup.
3. Save the file to "Local PC". It will download as a .conf file.

Part 1: Factory Reset the Firewall

To clear the current locked state, we must factory reset the physical device.

1. Hardware Reset Procedure

1. Unplug the power cable from the device.
2. Locate the reset button (often a small pinhole).
3. Press and hold the reset button while plugging the power cable back in.
4. Continue holding the button for approximately 1-2 minutes.
5. Release the button only when the Status LED (often the middle one) begins flashing.

Part 2: Edit the Configuration File

While the firewall resets, we will modify our backup file to remove the old password.

1. Open and Search

Open your .conf backup file using a text editor like Notepad++. Setting the language to YAML can help with readability.

Search for the admin user configuration block:

config system admin

2. Remove Password Line

Locate the specific admin user entry. You will see a line starting with set password followed by an encrypted hash string.

Action: Delete this entire line.

set password ENC ... [Delete this line]

Save the modified file. When we load this back into the system, the firewall will interpret the missing password line as a request to set a new password upon login.

Part 3: Restore and Set New Password

Once the firewall is online (default IP is typically 192.168.1.99), connect a standard Ethernet cable to a LAN port.

1. Initial Login

Log in with the default credentials:

• Username: admin
• Password: (blank)

You will immediately be prompted to create a new password for this factory-reset state. Enter a temporary password.

2. Restore Configuration

Navigate to the admin menu (top right) and select Configuration > Restore.

• Select Upload.
• Choose your modified .conf file (the one with the password line deleted).
• Click OK. The system will reboot to apply the configuration.

3. Final Password Setup

After the reboot, access the Web GUI again.

• Enter Username: admin.
• Leave the Password: field blank (since we deleted it from the config).

The system will now prompt you to set a new password for your restored configuration. Enter your desired secure password. Once logged in, you will see your original dashboard, themes, and interfaces are fully restored.

← Back to Guides Homepage