Working with a FortiGate account

Create an administrator account

Graphical interface
CLI

Connect to the firewall.
In the FortiGate control panel, go to System → Administrators.
Click Create new → System administrator.
Specify the login and password with which the administrator will connect to the firewall.
Select a profile. A profile is an administrator role with access to firewall settings. By default, the super_admin profile with full access to settings is available. You can create a new profile under System → Admin Profiles.
Click OK.

Connect to the firewall.
Create an administrator account:
```
config system admin
    edit <username>
      set accprofile <profile_name>
      set vdom <virtual_domain>
      set password <password>
    next
end
```
Specify:
- <username> - administrator login;
- <profile_name> - administrator profile. A profile is an administrator role with access to firewall settings. The default profile available is super_admin profile with full access to settings. For more information on creating a new profile, see Administrator profiles in the FortiGate official documentation;
- <virtual_domain> - virtual domain to which the administrator will have access. By default, the virtual domain available is root. For more information on virtual domains, see the Virtual Domains section in the FortiGate official documentation;
- <password> - administrator password.

Change the password for the administrator account

Graphical interface
CLI

Connect to the firewall.
In the FortiGate control panel, go to System → Administrators.
Select the administrator login from the list.
Switch to edit mode.
Select Change password.
Enter your old password.
Enter a new password.
Repeat the new password.
Press OK.

Connect to the firewall.
Change the password for the administrator account:
```
config system admin
    edit <username>
      set password <new_password>
end
```
Specify:
- <username> - administrator login;
- <new_password> - new administrator password.

Configure account lockout

By default, the account is locked out for 60 seconds after three password attempts. You can change the number of password attempts and the time to wait until the next password attempt.

Connect to the firewall.
Configure the number of password attempts and the waiting time:
```
config system global
    set admin-lockout-threshold <admin_lockout_threshold>
    set admin-lockout-duration <admin_lockout_duration>
end
```
Specify:
- <admin_lockout_threshold> - number of attempts to enter the password. The default setting is three attempts. You can specify a value from 1 to 10;
- <admin_lockout_duration> - waiting time in seconds, after which you can enter the password again. The default setting is 60 seconds. You can specify a value from 1 to 4294967295.

Rename the account

Graphical interface

You cannot rename the account under which you connected to the firewall.

Connect to the firewall under an account with the profile super_admin or another profile with access to the settings in the System.
In the FortiGate control panel, go to System → Administrators.
Select the administrator login from the list.
Switch to edit mode.
Change the administrator login.
Press OK.