Resetting a lost Fortigate Admin Password

If you have lost the admin password for a Fortigate you can reset it if you have physical access to the box.
  • Connect the console cable to the Fortigate and fire up your favorite terminal emulator
  • Reboot the firewall unit.
  • At the console login prompt, type in "maintainer" as the userid.
  • Type in bcpbFGTxxxxxxxxxxxxx as the password. xxxxxxxxxxxxxwill be the S/N of the Fortigate. The serial number is case sensitive so for example you should use FGT60B, not FGT60b.
  • After logging in, change the admin password:
config system admin
edit admin
set password 
next
end

Heads up: You have to type the userid and password within a few seconds of the login prompt first appearing. If you take too much time you should reboot the firewall again.

 

저작자 표시 비영리 변경 금지
신고
  • Favicon of http://sbpaek.tistory.com BlogIcon 괴물™ 2012.12.20 11:44 신고

    포티게이트 Password Recovery 방법입니다.

    1. console 접속하여 장비 리부팅 후 로그인 화면 출력
    2. 로그인시 ID: maintaner, Password: bcpb<장비시리얼번호>
    3. 장비 접속후 접속자 계정 패스워드 변경 후 로그아웃
    4. 재접속

    + 주의사항
    - ID 및 Password가 틀렸을시 포티게이트 리부팅이 필요
    - 로그인시 부팅후 1~2분내로 접속하여하며 그렇지 못했을시 리부팅이 필요

 

 

저작자 표시 비영리 변경 금지
신고

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

저작자 표시 비영리 변경 금지
신고

# Fortigate IPS DoS configuration Sample

qvrexhqfw2 $ show ips DoS block_dos
config ips DoS
    edit "block_dos"
            config anomaly
                edit "tcp_syn_flood"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "tcp_port_scan"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "tcp_src_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "tcp_dst_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "udp_flood"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "udp_scan"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "udp_src_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "udp_dst_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "icmp_flood"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "icmp_sweep"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "icmp_src_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "icmp_dst_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "ip_src_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
                edit "ip_dst_session"
                    set status enable
                    set log enable
                    set action block
                    set threshold 10
                next
            end
    next
end
qvrexhqfw2 $ sh firewall interface-policy
config firewall interface-policy
    edit 1
        set interface "dmz"
            set srcaddr "all"
            set dstaddr "all"
            set service "ANY"
        set ips-DoS-status enable
        set ips-DoS "block_dos"
    next
end

저작자 표시 비영리 변경 금지
신고

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

저작자 표시 비영리 변경 금지
신고


티스토리 툴바