Working with a FortiGate account

Last update: May 10 2026

The settings in the instructions apply to FortiOS 6.x and 7.x versions. If you have a different version of FortiOS, you can find documentation for that version in the FortiGate control panel in the upper right corner or on the official FortiGate website.

Create an administrator account

Graphical interface

1. Connect to the firewall.
2. In the FortiGate control panel, go to System → Administrators.
3. Click Create new → System administrator.
4. Specify the login and password with which the administrator will connect to the firewall.
5. Select a profile. A profile is an administrator role with access to firewall settings. By default, the super_admin profile with full access to settings is available. You can create a new profile under System → Admin Profiles.
6. Click OK.

CLI

1. Connect to the firewall.

2. Create an administrator account:

   config system admin
       edit <username>
         set accprofile <profile_name>
         set vdom <virtual_domain>
         set password <password>
       next
   end

   Specify:

   • <username> - administrator login;
   • <profile_name> - administrator profile. A profile is an administrator role with access to firewall settings. The default profile available is super_admin profile with full access to settings. For more information on creating a new profile, see Administrator profiles in the FortiGate official documentation;
   • <virtual_domain> - virtual domain to which the administrator will have access. By default, the virtual domain available is root. For more information on virtual domains, see the Virtual Domains section in the FortiGate official documentation;
   • <password> - administrator password.

Change the password for the administrator account

Graphical interface

1. Connect to the firewall.
2. In the FortiGate control panel, go to System → Administrators.
3. Select the administrator login from the list.
4. Switch to edit mode.
5. Select Change password.
6. Enter your old password.
7. Enter a new password.
8. Repeat the new password.
9. Press OK.

CLI

1. Connect to the firewall.

2. Change the password for the administrator account:

   config system admin
       edit <username>
         set password <new_password>
   end

   Specify:

   • <username> - administrator login;
   • <new_password> - new administrator password.

Configure account lockout

By default, the account is locked out for 60 seconds after three password attempts.You can change the number of password attempts and the time to wait until the next password attempt.

CLI

1. Connect to the firewall.

2. Configure the number of password attempts and the waiting time:

   config system global
       set admin-lockout-threshold <admin_lockout_threshold>
       set admin-lockout-duration <admin_lockout_duration>
   end

   Specify:

   • <admin_lockout_threshold> - number of attempts to enter the password. The default setting is three attempts. You can specify a value from 1 to 10;
   • <admin_lockout_duration> - waiting time in seconds, after which you can enter the password again. The default setting is 60 seconds. You can specify a value from 1 to 4294967295.

Rename the account

Graphical interface

You cannot rename the account under which you connected to the firewall.

1. Connect to the firewall under an account with the profile super_admin or another profile with access to the settings in the System.
2. In the FortiGate control panel, go to System → Administrators.
3. Select the administrator login from the list.
4. Switch to edit mode.
5. Change the administrator login.
6. Press OK.