Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
cbenejean
Staff
Staff

Created on ‎11-07-2017 02:29 AM

Article Id 193917

Technical Note: HA synchronization and admin account

Description
When two units form a cluster, it is not possible to change or delete the “admin” account.  Any attempt to do this will create a synchronization issue and the HA system.admin checksums will not match.

Scope
FortiOS v4.3 and above.

Solution
It is not recommended to delete or rename admin account.

However, if this must be done, the change should be made on the master first, and then connect to the slave on console and make the same change.

fw-cluster-ha1 (global) # config system admin
fw-cluster-ha1 (admin) # delete admin
Cannot delete super admin 'admin'!
command_cli_delete:5271 delete table entry admin unset oper error ret=-37
Command fail. Return code -37
fw-cluster-ha1 (admin) # rename admin to wex
fw-cluster-ha1 (admin) # delete wex

1693
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.