Help
FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
farhanahmed
Staff
Staff

Created on ‎01-24-2024 09:52 PM Edited on ‎01-25-2024 04:07 PM

Article Id 295838

Technical Tip: Rename FortiGate(s) default admin user via FortiManager

Description

 

This article describes how to rename FortiGate(s) default admin via the FortiManager script.

 

Scope

 

FortiManager.

 

Solution

 

  1.  The default admin username in FortiGate is 'admin', which should be changed for better security. [Best Practice] Create another admin account with a super_admin profile in case the renaming default admin gets any issue. 
  1. In FortiManager, it is possible to use Scripts to change the admin username and push multiple FortiGates (administrator usernames cannot be changed in FortiManager GUI).
  2. Checking the current admin user: Device Manager -> Device & Groups -> Managed FortiGates -> Select the FortiGate -> System -> Administrators (if the Administrators tab is not visible, it can be enabled via 'Feature Visibility').

 

1.png

 

  1. Under Device Manager -> Scripts -> Create New, give a name, select 'Device Database', create the below script, and select 'OK' to save:

 

config system admin

rename admin to <New Username>

end

 

Note:

In the case of FortiGate(s) with VDOM, need to modify the script:

 

config global
    config system admin
    rename admin to <New Username>
end

 

2.png

 

 

  1. To run the script: Select the script -> Run Script:

 

3.png

 

  • Select the FortiGate(s) and select the right arrow:

 

4.png

 

 

  • Select Run Now:

 

5.png

 

  • Select OK:

 

6.png

 

  • The script will start running:

 

7.png

 

  • Script ran successfully:

 

8.png

 

  1. Checking the Administrators under FortiManager -> Device Manager -> Device & Groups -> Managed FortiGates -> Select the FortiGate -> System -> Administrators: the default 'admin' now has been changed to 'optimusprime' (as set in the script).

 

9.png

 

  1. Install the config to FortiGate using 'Install Wizard':

 

10.png

 

11.png

 

  • Select Install Preview to see what changes FortiManager is pushing to the FortiGate(s).

 

12.png

 

Note:

The install preview will show that FortiManager is creating a new admin with the name set in the script (and with the same set of details/config set on the 'admin' account) and deleting the default 'admin'.

 

13.png

 

14.png

 

  • Select Close and then select Install.

 

15.png

 

  • The installation has been successful.
  1. Confirming the changes in FortiGate: System -> Administrators -> The default 'admin' user is now changed.

 

16.png

 

Note 1:

Make sure to manually change the 'admin' credentials for FortiGate in FortiManager -> Device Manager -> Device & Groups -> Managed FortiGate -> 'Right-Click a FortiGate -> Edit:

 

17.png

 

 

Note 2:

The script can also be run on 'Remote FortiGate Directly (via CLI)'; it will simply rename the user on the FortiGate. This change will then be updated in FortiManager as 'Auto-update' automatically.

 

18.png

 

Related articles:

Add a Script

Technical Tip: How to delete or rename the default 'admin' user

691
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.