Resetting local password of a FortiGate device via FortiManager

Hoping this will save someone from a major outtage just to reset a password. If you have a FortiManager in your environment that manages your FortiGate firewalls/proxies/etc then you’re in luck (I hope).

With the FortiManager in place, it has the ability to run CLI commands against the devices it manages. This is a nice feature because otherwise you would have to reboot the device and perform the password recovery steps, which isn’t fun in a production environment.

For those that are interested as to how this all works, during the initial setup of your HA cluster with the FortiManager, you provide it the device serial numbers. The FortiManager then uses this to log into the child devices (kind of like the bcpbSERIALNUMBER login process during password recovery), the child devices allow this communication because they’re already aware of who the FortiManager is.

  1. Log onto the FortiManager in the environment that you want to do the password reset in
  2. Once logged in, under Device Manager tab, select your ADOM
  3. Go to Scripts
  4. Double click and confirm chng-pwd script is as the following (create new if doesn’t exist)
  5. Right click the chng-pwd script and click Run
  6. Select the device you want to run against
  7. Test the new password!