Fortinet black logo

Administration Guide

Changing the “admin” account password

Changing the “admin” account password

The default administrator account, named admin, initially has no password.

Unlike other administrator accounts, the admin administrator account exists by default and cannot be deleted. The admin administrator account is similar to a root administrator account. This administrator account always has full permission to view and change all FortiWeb configuration options, including viewing and changing all other administrator accounts. Its name and permissions cannot be changed.

Before you connect the FortiWeb appliance to your overall network, you should configure the admin account with a password to prevent others from logging in to the FortiWeb and changing its configuration.

Set a strong password for the admin administrator account, and change the password regularly. Failure to maintain the password of the admin administrator account could compromise the security of your FortiWeb appliance. As such, it can constitute a violation of PCI DSS compliance and is against best practices. For improved security, the password should be at least eight characters long, be sufficiently complex, and be changed regularly.
To change the admin administrator password via the web UI
  1. Go to System > Admin > Administrators.
    To access this part of the web UI, your administrator's account access profile must have Read and Write permission to items in the Admin Users category. For details, see Permissions.
  2. In the row corresponding to the admin administrator account, mark its check box.
  3. Click Change Password.
  4. In the Old Password field, do not enter anything. In its default state, there is no password for the admin administrator account.
  5. In the New Password field, enter a password with sufficient complexity and number of characters to deter brute force attempts and other attacks.
  6. In the Confirm Password field, enter the new password again to confirm its spelling.

  7. If you have configured Password Policy in System > Admin > Settings, follow the settings when entering the new password.
  8. Click OK.
  9. Click Logout.

FortiWeb logs you out. To continue using the web UI, you must log in again. The new password takes effect the next time that admin administrator account logs in.

To change the admin administrator password via the CLI

Enter the following commands:

config system admin

edit admin

set password <new-password_str> ''

end

exit

where <new-password_str> is the password for the administrator account named admin.

FortiWeb logs you out. To continue working in the CLI, you must log in again using the new password.

If you have configured admin-lockout-threshold and admin-lockout-duration via CLI, FortiWeb will lock the account according to the login failure times and lockout duration you have set. See FortiWeb CLI Reference for details.


Changing the “admin” account password

The default administrator account, named admin, initially has no password.

Unlike other administrator accounts, the admin administrator account exists by default and cannot be deleted. The admin administrator account is similar to a root administrator account. This administrator account always has full permission to view and change all FortiWeb configuration options, including viewing and changing all other administrator accounts. Its name and permissions cannot be changed.

Before you connect the FortiWeb appliance to your overall network, you should configure the admin account with a password to prevent others from logging in to the FortiWeb and changing its configuration.

Set a strong password for the admin administrator account, and change the password regularly. Failure to maintain the password of the admin administrator account could compromise the security of your FortiWeb appliance. As such, it can constitute a violation of PCI DSS compliance and is against best practices. For improved security, the password should be at least eight characters long, be sufficiently complex, and be changed regularly.
To change the admin administrator password via the web UI
  1. Go to System > Admin > Administrators.
    To access this part of the web UI, your administrator's account access profile must have Read and Write permission to items in the Admin Users category. For details, see Permissions.
  2. In the row corresponding to the admin administrator account, mark its check box.
  3. Click Change Password.
  4. In the Old Password field, do not enter anything. In its default state, there is no password for the admin administrator account.
  5. In the New Password field, enter a password with sufficient complexity and number of characters to deter brute force attempts and other attacks.
  6. In the Confirm Password field, enter the new password again to confirm its spelling.

  7. If you have configured Password Policy in System > Admin > Settings, follow the settings when entering the new password.
  8. Click OK.
  9. Click Logout.

FortiWeb logs you out. To continue using the web UI, you must log in again. The new password takes effect the next time that admin administrator account logs in.

To change the admin administrator password via the CLI

Enter the following commands:

config system admin

edit admin

set password <new-password_str> ''

end

exit

where <new-password_str> is the password for the administrator account named admin.

FortiWeb logs you out. To continue working in the CLI, you must log in again using the new password.

If you have configured admin-lockout-threshold and admin-lockout-duration via CLI, FortiWeb will lock the account according to the login failure times and lockout duration you have set. See FortiWeb CLI Reference for details.