FortiGate Firewall recover lost Administrator FortiToken
backup and restore FortiToken - Resetting a lost Fortigate admin password
Troubleshooting Tip: Admin user lost FortiToken / Token is not working
HELP! Fortitoken issues - Disable Fortitoken on a Fortigate Firewall
Deactivating a FortiToken - Resetting a lost admin password
Resetting FortiToken for 2FA - Lost Access to Firewall
Lost fortitoken account - Reset Lost Admin Password - FortiGate version v6
:
fortitoken
transfer
! restore
Be very carful if you change phone ( iPhone) No backup of FortiToken app- token possible and no way to get back in. Since you cant get back in you have to format the device LOCALY.. support cant do anything about it. I had the previous phone and tried to restore it without results. 2FA is a double swords if you are not very careful. Solution? Have 2FA on 2 different user-device OR make sure you disable it before changing phones. No for Fortinet it would be good practice to allow back up for tokens somewhere
--------------------------
Recovering lost Administrator FortiTokens
If an Administrator loses their FortiToken or the FortiToken is not working, they will not be able to log into the admin console through the GUI or the CLI. If there is another Administrator that can log into the device, they may be able to reset the two-factor settings configured for the first Administrator, or create a new Admin user for them.
Note that a super_admin user will be able to edit other admin user settings, but a prof_admin user will not be able to edit super_admin settings.In the case where there are no other administrators configured, the only option is to flash format the device and reload a backup config file. You must have console access to the device in order to format and flash the device. It is recommended to be physically on site to perform this operation.
|
The process of resetting an Admin user password using the
maintainer account cannot be used to reset or disable two-factor authentication. |
Before formatting the device, verify that you have a backup config file. You may or may not have the latest config file backed up, though you should consider using a backed up config file, and reconfigure the rest of the recent changes manually. Otherwise, you may need to configure your device starting from the default factory settings.
To recover lost Administrator FortiTokens:
If you have a backed up config file:
Open the config file and search for the specific admin user. For representational purposes we will use Test in our example.
# edit "Test"
set accprofile "super_admin"
set vdom "root"
set two-factor fortitoken
set fortitoken "FTKXXXXXXXXXX"
set email-to "
[email protected]"
set password ENC SH2BsE7VSvHKynpoY1nOupdfaefe/n+JaPrCMPFADY2U5kLUPnZwuitOpNz35YI=
next
end
Once you find the settings for the Test user, delete the fortitoken-related settings:
# edit "Test"
set accprofile "super_admin"
set vdom "root"
set password ENC SH2BsE7VSvHKynpoY1nOupdfaefe/n+JaPrCMPFADY2U5kLUPnZwuitOpNz35YI=
next
end
Format the boot device during a maintenance window and reload the firmware image using instructions in the
Formatting and loading FortiGate firmware image using TFTP KB article.
Once the reload is complete, log into the admin console from the GUI using the default admin user credentials, and go to Configuration > Restore from the top right corner to reload your config file created in Step 1 above.
Once the FortiGate reboots and your configuration is restored, you can log in with your admin user credentials.
:
100%
, !
firmware image Config File
config
edit
rename fgt_system.conf Fail
usb fat32 .
Login
Fortitoken user maintainer
Serial console port
60
user
maintainer
bcpb
FGT30E10564567887
*
:
*
fortitoken
.
user maintainer 7 6
*
license expired active
!
:
https://www.reddit.com/r/fortinet/co...ainer_account/
https://www.reddit.com/r/fortinet/co...oken_be_aware/
https://docs.fortinet.com/document/f...-and-diagnosis
https://docs.fortinet.com/document/f...a-mobile-phone
https://www.doitfixit.com/blog/2013/...dmin-password/
https://www.reddit.com/r/fortinet/co...re_fortitoken/
https://community.fortinet.com/t5/Fo...ot/ta-p/193487
https://community.fortinet.com/t5/Su...ues/m-p/214053