FortiGate 100D will not accept factory login

vwilliams · ‎01-10-2018

I have a Fortigate 100D from my job and I was trying to do a factory reset by:

1- From a PC, connect to Fortigate unit using Hyper Terminal. 2- at the console login prompt, type in " maintainer" for userid 3- Type in " bcpbFGTxxxxxxxxxxxxx" for password (After bcpbFGT put the S/N of the Fortigate)

I tried this method but it still says incorrect username or password. I have tried FortiGate Explorer as well. It recognized the Firewall but still can't log in to set to factory. Any suggestions?

Toshi_Esumi · ‎01-10-2018

It should work if you do it within 14 sec after getting the prompt. You might need to ship it back for RMA to recover it.

vwilliams · ‎01-10-2018

OK. We are talking about the prompt in Fortigate Explorer right? Or are we talking about putty because I can't get anything in putty to connect.

Chris · ‎01-10-2018

Have a look here:

http://kb.fortinet.com/kb/documentLink.do?externalID=FD34757

You must wait at least 10 seconds when you unplug the device from power.

They say that it can be corrupt the memory in some cases.

Use copy paste to put the password because the time is very short to login. 14 seconds or less.

The letters for serialnumber all in upper case format.

May you have no success at the first time so you will have to try it severall times again.

If the maintainer login is disabled and the login is sucessfull you will see :

PASSWORD RECOVERY FUNCTIONALITY IS DISABLED

At this point you have no chance to get in.

You say you have teh unit from your job. Is there no one that have the correct Login credentials?

Toshi_Esumi · ‎01-10-2018

Wait a minute. You said you wanted to do factory reset. Then, why don't you use the reset button? It should reset everything.

sw2090 · ‎01-15-2018

if you don't know the admin pwd and the above solution did not work you still can do it the hard way:

Connect serial console and open it in a terminal. Then powercycle your FGT (hence you cannot soft reboot without pwd) and wait for the boot menue to appear. Then enter the boot menue and select "wipe boot partition".

This will erase the complete firmware and with it all settings, including the admin pwd. It will not delete the boot loader of course.

So you will have to resupply the firmware image via tftp for example. You can still boot on serial console now and get into the boot menue that can install a firmware image from tftp server.

I did that several times on old FGTs I hadn't in use for quite a while and due to that lost the password and it always worked fine. However you will loose your config. But you would also lose it by doing a factory reset.

--

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

vwilliams · ‎01-11-2018

I tried it and it still didn't work, multiple times. I even tried holding the reset button and starting, it just keep going to the login prompt. If I wipe it and try to install the software again do you think that will work?If so which should I use and where are the instructions please?

loic · ‎01-11-2018

The reset button can only be used in the first 30 seconds after the box is back to normal after a power-cycle. After this time interval the reset button is disabled.

Source : http://kb.fortinet.com/kb/viewContent.do?externalId=FD33883

another solution is to reload the firmware ussing tftp : http://kb.fortinet.com/kb...nt.do?externalId=10338

Loïc

Toshi_Esumi · ‎01-11-2018

Like any other routers/FWs, reset button operation doesn't remove software. It wipes configuration including username/passwords.

After the reset, it's just like a brand-new box you purchased. You can log in with admin/(no password).

emnoc · ‎01-11-2018

FWIW

We had a FGT100D that failed during a upgrade to 5.6.x and we where unable to recover local login. It resulted in a RMA.

Ken

PCNSE

NSE

StrongSwan