1

I made an error while configuring my admin account on the FortiGate 60d and enabled forti token for 2 step authentication. Thing is I enabled the wrong token and I do not have that device with me. Now when I try to login to the GUI using my admin credentials, it asks for the token code "which I don't have"!!

What should I do in order to get back into the account without having to reset it.

Thank You for your help in advance guys!

mat
  • 11
  • 1
  • 4
  • To put it simply: **You Don't**. You are going to have to reset the device and if you want to enable 2-step authentication enable the correct token. The only way to correct this error would be to use the configured token to access the GUI and disable 2-step authentication. – Ramhound May 15 '15 at 15:15
  • a coworker mentioned there is possibly a way to access the console without the token and then disable it that way. Would this be true? – mat May 15 '15 at 15:35
  • I don't know personally. I made my original statement based on the foundation that a device that implements a 2-factor authentication system is taking security seriously. Which means its unlikely there is a way around said authentication system once its enabled unless you have physical access to the device and reset it. Have you check the manual? Any documented workaround that would exist in the manual. – Ramhound May 15 '15 at 15:42
  • @mat: you should have listened to your coworker and have googled...or posted your question at forum.fortinet.com. This would have been answered within hours. – user1016274 Nov 21 '15 at 13:56

1 Answers1

1

This thread is quite dated but someone might still be looking for a solution.

Yes, there is a way back in if you have physical access and some tools (namely, a terminal app to access the serial port, and the serial-to-RJ45 cable). This is described here in Fortinet's recipe (http://docs.fortinet.com/uploaded/files/1708/Resetting_a_lost_admin_password.pdf).

The Fortigate will reboot but will retain it's configuration. You will have to change the 2F authentication in the CLI (CLI reference available at docs.fortinet.com).

Note that in recent versions of FortiOS you can disable this recovery option. Then there's is no recovery once the admin account is inaccessible.

user1016274
  • 1,549
  • 11
  • 16