Managing a FortiGate account

Last update: June 04 2026

The settings in this guide are relevant for FortiOS 6.x and 7.x versions. If you are using a different FortiOS version, you can find the documentation for it in the FortiGate control panel in the top-right corner or on the official FortiGate website.

Create an administrator account

Graphical interface

1. Connect to the firewall.
2. In the FortiGate control panel, go to System → Administrators.
3. Click Create new → System administrator.
4. Specify the username and password that the administrator will use to connect to the firewall.
5. Select a profile. A profile is an administrator role with access to firewall settings. By default, the super_admin profile is available with full access to settings. You can create a new profile in the System → Admin Profiles.
6. Click OK.

CLI

1. Connect to the firewall.

2. Create an administrator account:

   config system admin
       edit <username>
         set accprofile <profile_name>
         set vdom <virtual_domain>
         set password <password>
       next
   end

   Specify:

   • <username> — administrator login;
   • <profile_name> — administrator profile. A profile is an administrator role with access to firewall settings. By default, the super_admin profile with full access to settings is available. Learn more about creating a new profile in the Administrator profiles section of the official FortiGate documentation;
   • <virtual_domain> — virtual domain to which the administrator will have access. The root virtual domain is available by default. Learn more about virtual domains in the Virtual Domains section of the official FortiGate documentation;
   • <password> — administrator password.

Change administrator account password

Graphical interface

1. Connect to the firewall.
2. In the FortiGate control panel, go to System → Administrators.
3. Select the administrator username from the list.
4. Switch to edit mode.
5. Select Change password.
6. Enter the old password.
7. Enter the new password.
8. Repeat the new password.
9. Click OK.

CLI

1. Connect to the firewall.

2. Change the administrator account password:

   config system admin
       edit <username>
         set password <new_password>
   end

   Specify:

   • <username> — administrator username;
   • <new_password> — new administrator password.

Configure account lockout

By default, the account is locked for 60 seconds after three failed password attempts. You can change the number of password retry attempts and the timeout duration before the next attempt.

CLI

1. Connect to the firewall.

2. Configure the number of password retry attempts and the timeout duration:

   config system global
       set admin-lockout-threshold <admin_lockout_threshold>
       set admin-lockout-duration <admin_lockout_duration>
   end

   Specify:

   • <admin_lockout_threshold> — number of password retry attempts. Three attempts are set by default. You can specify a value from 1 to 10;
   • <admin_lockout_duration> — timeout duration in seconds, after which you can try entering the password again. 60 seconds is set by default. You can specify a value from 1 to 4294967295.

Rename an account

Graphical interface

You cannot rename the account you are currently using to connect to the firewall.

1. Connect to the firewall using an account with the super_admin profile or another profile with access to the System.
2. In the FortiGate control panel, go to System → Administrators.
3. Select the administrator username from the list.
4. Switch to edit mode.
5. Change the administrator username.
6. Click OK.