FortiOS 7.2.4如何重設遺失的管理帳號密碼

前言:

FortiOS 7.2.4更新版有個重大安全性調整移除了maintainer帳號機制(請見連結 Changes in default behavior 829544),後續重設遺失的管理帳號密碼的做法也有調整以下就由我來示範新的重設流程。

環境說明:

  • After FortiOS 7.2.4
  • 3CDaemon or tftpd軟體
  • Putty or SecureCRT軟體
  • Console Line
  • FortiGate Firmware (視手邊的設備型號決定,至官方網站下載)
  • FortiGate Config file

重設管理帳號密碼:

定期備份FortiGate設定

平常養成定期備份設定檔的習慣以備不時之需。

重刷FortiGate Firmware

FortiGate重開機後按Enter鍵進入開機選單

[C]: Configure TFTP parameters.
[R]: Review TFTP parameters.
[T]: Initiate TFTP firmware transfer.
[F]: Format boot device.
[I]: System information.
[B]: Boot with backup firmware and set as default.
[Q]: Quit menu and continue to boot.
[H]: Display this list of options.

Enter C,R,T,F,I,B,Q,or H:c #按c設定TFTP相關參數

[P]: Set firmware download port.
[D]: Set DHCP mode.
[I]: Set local IP address.
[S]: Set local subnet mask.
[G]: Set local gateway.
[V]: Set local VLAN ID.
[T]: Set remote TFTP server IP address.
[F]: Set firmware file name.
[E]: Reset TFTP parameters to factory defaults.
[R]: Review TFTP parameters.
[N]: Diagnose networking(ping).
[Q]: Quit this menu.
[H]: Display this list of options.

Enter P,D,I,S,G,V,T,F,E,R,N,Q,or H:i #按i設定FortiGate local IP

Enter local IP address [192.168.1.1]:192.168.1.1

Enter P,D,I,S,G,V,T,F,E,R,N,Q,or H:t #按t設定TFTP Server IP

Enter remote TFTP server IP address [192.168.1.100]:192.168.1.100

Enter P,D,I,S,G,V,T,F,E,R,N,Q,or H:f #按f設定firmware檔名稱

Enter firmware file name [FGT_81F-v7.2.4.F-build1396-FORTINET.out]:FGT_81F-v7.2.4.F-build1396-FORTINET.out

Enter P,D,I,S,G,V,T,F,E,R,N,Q,or H:q #按q離開選單

Enter C,R,T,F,I,B,Q,or H:t #按t開始傳送firmware到FortiGate

Please connect TFTP server to Ethernet port ‘WAN2’. #電腦網卡接到FortiGate的WAN2

Failed to complete copper auto-nego.1514
MAC: 94:f3:92:58:a9:ea

Connect to tftp server 192.168.1.100 …

Image Received.
Checking image… OK
This firmware image is certified!
Save as Default firmware/Backup firmware/Run image without saving:[D/B/R]?d #設定成Default firmware

Programming the boot device now.The system must re-layout the boot device to install this firmware.
The default and backup firmware will be lost.
Continue:[Y/N]?y #重開機FortiGate
.. OK
Verifying… OK
.done

Booting OS…
Initializing firewall…

System is starting…
Resizing shared data partition…done
Formatting shared data partition … done!
Starting system maintenance…
FortiGate Firmware重刷完成

修改設定檔admin帳號密碼設定

本範例以admin帳號為例只要帳號有super_admin權限做法都相同

使用文字編輯軟體找到設定檔中config system admin->edit admin->set password ENC xxxxxx設定改成明文密碼設定,例如(set password cleartextpassword)存檔後還原設定到FortiGate即完成密碼重設。

作者: Andy

Andy目前在台灣最大的Fortinet代理商聯達資訊工作,熱愛IT技術與經驗分享,經營這個網站與大家一起學習成長