Jump to content

Fortigate Firewall Account Password Reset Example


Recommended Posts

Step 1: Ensure you have prerequisites set up for your web server and hosts, as per this forum post (Once off process)

Step 2: Add new Password Record configured as follows:


Screen 1: Ensure you configure the below 5 options correctly and enter in the password for the account.  If you configure an Expiry Date it will automatically change the password when that date is reached.




Screen 2: 

  • Confirm you select the appropriate Reset Fortigate Password script.
  • Fortigate accounts can reset their own password, so there is no need to create and assign a privileged account.  However if you want to choose one SuperAdmin account to perform the resetting across all your devices, then setting a Privileged account here would be advisable.  This privileged account will need to have the same username and password across all your devices.
  • Confirm the Password Reset Schedule is enabled if you want the password to automatically change when the Expiry Date occurs



Screen 3: Confirm the Validate Password for Fortigate Account validation script is selected





Some More notes about Linux Resets:


You also have the option to automate all of this by using a Fortigate Discovery job.  These can be set up under the Tools Menu and more information about them can be found under Help -> User Manual -> Passwords -> Tools Menu -> Account Discovery.





Link to comment
Share on other sites

  • 1 year later...

We've setup this for one of our local fortinet admin accounts as a test but this is not working

We don't use a privileged account


When we check out the account and check it in, a password reset  is queued,


After that we see the reset icon change to green. And a message is logged that the account pw is succesfully reset " The Passwordstate Windows Service successfully processed the Password Reset Script 'Reset Fortigate Password' against Host"


But when we checkout the account again, and use the heart to verify the username password an error is logged. Username/password incorrect.

Log message: A manual Account Heartbeat check failed to validated the password for account <account> of Account Type 'Fortigate' on Host <host>


After some time the heartbeat icon is also turned to red.


After some troubleshooting we found out that although pwstate reports the account password is reset, it is still using the previous password (so in other words password is not changed at all)


Any helps would be appriciated.


Regards Dick


Link to comment
Share on other sites

Hello Dickiedik,


We have no experience this ourselves, but can you let us know what build number of Passwordstate you are using, and also what version of the Fortigate firewalls software, and we'll do some testing to see if we can replicate the issue?


Click Studios

Link to comment
Share on other sites

Hi Dickiedik,


Also, could you please test something for us to see if we can get an error message for this?  Steps to manually test this are below:


1. Go to Administration -> Powershell Scripts -> Scripts - Password Reset and find the Fortigate reset script.  Use the Actions Menu for this script and select "Test Script Manually"

2. Now comment out line 129 and add $results.tostring to line 130 (screenshot below)

3. if you now use the field on that screen to enter the hostname, port, account etc, try running the script and it should give you some verbose output.  Could you copy that and paste it in a reply to this forum?  If you want to email this you can on support@clickstudios.com.au







Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...