Changing the “admin” account password
The default administrator account, named admin, initially has no password.
Unlike other administrator accounts, the admin administrator account exists by default and cannot be deleted. The admin administrator account is similar to a root administrator account. This administrator account always has full permission to view and change all FortiADC configuration options, including viewing and changing all other administrator accounts. Its name and permissions cannot be changed.
Before you connect the FortiADC appliance to your overall network, you should configure the admin account with a password to prevent others from logging in to the FortiADC and changing its configuration.
| Set a strong password for the admin administrator account, and change the password regularly. Failure to maintain the password of the admin administrator account could compromise the security of your FortiADC appliance. As such, it can constitute a violation of PCI DSS compliance and is against best practices. For improved security, the password should be at least 8 characters long, be sufficiently complex, and be changed regularly. To check the strength of your password, you can use a utility such as Microsoft’s password strength meter. |
To change the admin administrator password via the web UI
1. Go to System > Admin > Administrators.
2. In the row corresponding to the admin administrator account, double-click.
The Edit Administrator dialog appears in a new panel below the list of accounts.
3. Mark the check box named Change Password.
Additional text fields appear where you can enter the new password.
4. In the Old Password field, do not enter anything. (In its default state, there is no password for the admin account. If it is not in its default state, enter your current password.)
5. In the New Password field, enter a password with sufficient complexity and number of characters to deter brute force and other attacks.
6. In the Confirm Password field, enter the new password again to confirm its spelling.
| When changing the password of the admin account, always verify that these fields match. Failure to do so could lock you out of your appliance. (See “Restoring firmware (“clean install”)”.) The web UI will verify that the passwords match exactly to ensure that there have been no typos, and will alert you with a red icon to the right of the field if the passwords do no match. However, it will not prevent you from saving the settings. |
7. Click Save.
8. Click Logout.
The new password takes effect the next time that administrator account logs in.
To change the admin administrator password via the CLI
Enter the following commands:
config system admin
edit admin
set password <new-password_str> ''
end
exit
where <new-password_str> is the password for the administrator account named admin.
The new password will take effect the next time that the administrator account logs in.