FortiGate firewall: a quick start

Last update: December 11 2025

You can operate the FortiGate firewall through the GUI or CLI.

1. Connect to the firewall.
2. Change the administrator password.
3. Optional: create a new administrator account.
4. Optional: Change the name of the firewall.
5. Optional: follow the safety recommendations.

1. Connect to the firewall

Graphical interface

1. Open the page in your browser:

   https://<ip_address>

   Specify <ip_address> - The IP address of the firewall that you received in the ticket after ordering the service.

2. Authorize with the login and password you received in the ticket after ordering the service.

CLI

1. Open the CLI.

2. Connect to the firewall via SSH:

   ssh <username>@<ip_address>

   Specify:

   • <username> - login that you received in the ticket after ordering the service;
   • <ip_address> - The IP address of the firewall that you received in the ticket after you ordered the service. ordering the service.

3. Enter the password you received in the ticket after ordering the service.

2. Change the administrator password

Graphical interface

1. In the FortiGate control panel, go to System → Administrators.
2. Select the admin login from the list.
3. Switch to edit mode.
4. Click Change password.
5. Enter your old password.
6. Enter a new password.
7. Repeat the new password.
8. Press OK.

CLI

Change the administrator password:

config system admin
    edit admin
      set password <new_password>
end

Specify <new_password> is the new administrator password.

3. Optional: create a new administrator account

By default, FortiGate has created an admin account with full access to firewall settings. You can create multiple accounts with different access to settings.

Graphical interface

1. Go to System → Administrators.
2. Click Create new → System administrator.
3. Specify the login and password with which the administrator will connect to the firewall.
4. Select an administrator profile. A profile is an administrator role with access to firewall settings. By default, the super_admin profile with full access to settings is available. You can create a new profile under System → Admin Profiles.
5. Click OK.

CLI

Create an administrator account:

config system admin
    edit <username>
      set accprofile <profile_name>
      set vdom <virtual_domain>
      set password <password>
    next
end

Specify:

• <username> - administrator login;
• <profile_name> - administrator profile. A profile is an administrator role with access to firewall settings. The default profile available is super_admin profile with full access to settings. For more information on creating a new profile, see Administrator profiles in the FortiGate official documentation;
• <virtual_domain> - virtual domain to which the administrator will have access. By default, the virtual domain available is root. For more information on virtual domains, see the Virtual Domains section in the FortiGate official documentation;
• <password> - administrator password.

4. Optional: change the name of the firewall

Graphical interface

1. Go to System → Settings.
2. In the Host name field, specify a new name for the firewall.
3. Click Apply.

CLI

Change the name of the firewall:

config system global
    set hostname <hostname>
end

Specify <hostname> is the new firewall name.

5. Optional: follow the safety recommendations

You can follow the Safety Recommendations for working with a FortiGate:

• Use secure access protocols;
• enable redirection to HTTPS;
• change the default access ports;
• configure short login timeouts;
• configure login for trusted addresses;
• create multiple administrator accounts;
• configure account lockout;
• to rename the administrator account;
• disable unused interfaces;
• disable unused protocols.