FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
mdeparisse_FTNT
Article Id 198673

Description


This article describes how to recover access to FortiManager/FortiAnalyzer  Hardware when the admin password is lost, in order to restore access, download and install firmware from a local TFTP server, via Console on the FortiManager/FortiAnalyzer hardware.

To restore the old config back back on the FortiManager/FortiAnalyzer, it is necessary to have a backup of the config and contact Fortinet Support to remove the password if unknown, before restore process.


Note.
Installing firmware from a local TFTP server via console resets the FortiManager/FortiAnalyzer system settings to default.

Disclaimer.
After reloading the firmware image on Hardware unit make sure to re-configure the System Settings accordingly as explained at the end of this article.
Otherwise, it risks data loss and corruption.

Any action taken upon the information on this article is strictly at own risk.

Scope

 

FortiAnalyzer.


Components.

 

  • Null modem, or DB9 to DB9 console connector cable. See also the related article, Serial cable pin outs for console access to Fortinet devices.
  • Ethernet RJ45 cable (depending on the hardware model).
  • Terminal client, such as a PC running HyperTerminal (Windows).

TFTP server (following is the recommended TFTP software).
 
Recommended TFTP software.

 

 

Solution
Step to reset push new Firmware.

 

  1. Download the image for the FortiManager/FortiAnalyzer from the Fortinet Support Site. At the same website, download the <image name>.md5 file that contains the MD5 checksum for the firmware image downloaded. Please make sure to download the firmware version which is currently running on the machine to avoid any possible issue caused by downgrade or unwanted upgrade.
  2. Check that the image is successfully downloaded and is not corrupted Compare the generated MD5 sum against the one in the .md5 file.

Notes.
Some console prompts in this procedure include a default value in square brackets, for example, [image.out]. To use this default value, press Enter.

 

  1. Connect the computer to the FortiManager/FortiAnalyzer unit using the null modem cable.

    Terminal client communication parameters.
    8 bits
    no parity
    1 stop bit
    9600 baud
    Flow Control = None
  2. Restart the FortiManager/FortiAnalyzer.
  3. When the console displays 'Press any key to display configuration menu...' press the space bar or any other key.
  4. When a list of choice with letter of Alphabet comes up press G to continue.
  5.  Connect the computer running TFTP server to the FortiManager/FortiAnalyzer unit. The port is prompted in the console output as below:

 

Please connect TFTP server to Ethernet port "1"

 

  1. Type the IP address of the computer running the TFTP server and press Enter.
    The console displays:

 

Enter TFTP server address [192.168.1.168]:

 

  1. Type the IP address of the FortiManager/FortiAnalyzer port that is on the same subnet as the TFTP server and press Enter.
    The console displays:

 

Enter Local Address [192.168.1.188]:

 

  1. Type the firmware image file name and press Enter.
    The console displays:
    Enter File Name [image.out]:
    The console periodically displays a "#" (pound or hash symbol) to show the download progress.
  2. When the download completes, the console displays a message similar as below, Press D.

 

Save as Default firmware/Backup firmware/Run image without saving:[D/B/R]?D

 

The FortiManager/FortiAnalyzer unit installs the new firmware image and restarts. The installation may take a few minutes to complete.



 
 
This will change the System Settings configuration back to default status.

If any config has been saved to provide to Fortinet Support, it will be necessary need to reconfigure the unit.
If a backup is present, open a support ticket asking for password removal and reload the provided config on the same version as the original one.

Re-configure the port IP address/allowaccess and static route to have an access to the unit via GUI and SSH.

Re-enable ADOMs, Advanced Mode, workspace/workflow mode, Workflow Approval, re-configure Administrators, profiles, SNMP, Mail Server or Syslog server if needed.

Note that the workflow sessions are not preserved and they will be purged after reloading the firmware image.

It is possible to extract the system level configuration from the backup file, by using a decompression utility such as tar, 7-zip or WinRar.
The system configuration file is stored under /var/fwclienttemp/system.conf filename.

The CLI configuration can then be copied & pasted via a serial or terminal session. 
It is best to do this in chunks of not more than 30 text lines at a time.

The rest of configuration remains untouched, logs remain untouched.
 

[OPTIONAL] Restore System Level Settings using Backup Config File:
If a recent backup of the config file exists, the admin password can be removed and the system-level settings can be restored once the above steps have been completed.

 

  1. Make sure the backup config file is the same version as the firmware image.
  2. Edit systemconf .from the backup config file. See this article for more information on how to edit the file.
  3. Search 'config system admin user' and look for the admin username.
  4. Remove the 'set password ENC …..' line. For example:

 

 

Before removal:

 

vraev_0-1704197580000.png

 

 

After removal

 

vraev_1-1704197580001.png

 

 

  1. Save the system.conf file -> Exit -> Update both archive files.
  2. Restore using the updated backup config file.
  3. Once the hardware is running again, login with the username and the password: <<blank>>.
  4. Navigate to the respective ADOM/Device Logs and verify the status.

 

Related Articles:

Technical Tip: Formatting and loading FortiGate firmware image using TFTP

Technical Note: FortiManager Tips and Best Practices Guide

Troubleshooting Tip: Restoring FortiManager or FortiAnalyzer configuration when admin password is lo...

Technical Tip: How to recover access to FortiManager or FortiAnalyzer when the admin password is los...

Technical Tip: Resetting the admin password for FortiManager/FortiAnalyzer hardware