Home

The Complete Guide to Factory Resetting Your Fortinet Firewall

.

Whether you're a network administrator troubleshooting a complex configuration issue, an IT professional preparing a device for redeployment, or someone who has acquired used Fortinet equipment, knowing how to properly factory reset your Fortinet firewall is an essential skill. A factory reset returns the device to its original out-of-the-box state, removing all custom configurations, policies, and potentially problematic settings that may be causing operational issues.

This comprehensive guide draws from official Fortinet documentation and community experiences to provide you with multiple proven methods to reset your Fortinet firewall, along with crucial considerations about what happens to your data and access during the process.

Method 1: Resetting via Command Line Interface (CLI)

The Command Line Interface is the most common and controlled method for resetting a Fortinet firewall, especially when you have administrative access to the device.

Standard Factory Reset

For a complete wipe of all configurations, use the basic factory reset command. This method is ideal when repurposing a device, troubleshooting severe configuration errors, or when you plan to rebuild the configuration from scratch.

  1. Establish a connection to the FortiGate via SSH.
  2. Enter the command: execute factoryreset
  3. Confirm the action when prompted with: Do you want to continue? (y/n)

Important: This process will erase all configurations, including interface IP addresses. You will lose remote management access and will need physical console access to reconfigure the device. All existing logs stored in memory or on disk will also be permanently erased.

Factory Reset with Preserved Management Access

A significant advancement for network administrators is the ability to reset a device while maintaining basic management connectivity. This option is invaluable in remote management scenarios or when you need to reconfigure a device without traveling to its physical location.

  1. Connect via SSH.
  2. Enter the command: execute factoryreset2
  3. Confirm the action at the prompt.

This command performs a reset while preserving key network accessibility settings. The following configuration sections remain intact:

  • Virtual Domain (VDOM) mode and names
  • Interface configurations
  • Static routes (both IPv4 and IPv6)

After this reset, the device will have no firewall policies or VPN settings, but you will retain the ability to access it remotely via its existing IP address. All administrator accounts except the default are removed.

Specialized Reset Commands

Fortinet provides additional CLI commands for specific scenarios:

  • execute factoryreset-for-central-management: Available in FortiOS v7.0 and later, this command resets the device but retains its registration with FortiManager, preserving the central management serial number.
  • execute factoryreset-shutdown: This command resets the device to factory defaults and then shuts it down, which can be useful for secure storage or transportation.

Method 2: Hardware Reset Using the Physical Button

When you cannot access the CLI—often due to a lost admin password or a corrupted configuration—the hardware reset button is your primary recovery tool. This method is commonly used on smaller FortiGate models intended for small to medium businesses.

Step-by-Step Hardware Reset Procedure

  1. Power Cycle: Fully shut down the FortiGate by disconnecting the power cable. Wait at least 10 seconds before reconnecting power.
  2. Timing is Critical: As the device boots, watch the STATUS/STA LED. The reset button is typically only active during the first 30 to 60 seconds after power-up, depending on the model.
  3. Initiate Reset: Once the STATUS LED begins blinking slowly (usually after 30-40 seconds), press and hold the reset button. You may need to hold it for up to 30-60 seconds.
  4. Confirm Action: The STATUS LED will begin blinking faster. On a connected console, you will see the message: System is resetting to factory default...
  5. Release and Reboot: Release the button. The device will reboot automatically with factory default settings loaded.

Crucial Hardware Reset Notes

  • Model Variations: The reset button may be labeled 'RESET' or 'BLE/RESET' and can be located on the front or back panel.
  • Firmware Impact: The exact behavior can vary by FortiOS version. For instance, in v7.4.1 and above, the STATUS LED sequence is slightly different (turns solid, then slow blinking).
  • Button Disabled? The hardware button can be disabled in the software. You can check its function with the CLI diagnostic command: diagnose hardware test button. If disabled, you will need console access for recovery.
  • Not an NMI Button: Do not confuse the reset button with an NMI (Non-Maskable Interrupt) button found on some higher-end models. The NMI button is for kernel debugging and will not factory reset the device.

Method 3: Resetting via Web-Based Manager

If you have administrative access to the device's web interface, this method offers a straightforward graphical option.

  1. Log into the FortiGate's web-based manager.
  2. Navigate to System > Status.
  3. In the "Unit Operation" section, click the Reset button.
  4. Confirm the action. This triggers the same process as the execute factoryreset CLI command.

Post-Reset Access and Configuration

Regardless of the reset method used, the device will return to its default access credentials and state.

  • Default IP Address: The default management IP is typically 192.168.1.99.
  • Default Credentials:
    • Username: admin
    • Password: blank (no password)
  • First Login: Upon first login with the username admin and a blank password, the system will force you to create a new, strong admin password.
  • Firmware Intact: A factory reset does not downgrade or change the firmware version. The device boots with the same FortiOS version it had before the reset, but with a default configuration.

Special Considerations and Warnings

  • Older Models (e.g., FortiGate 60): Some legacy models, like the original FortiGate 60, do not have a physical reset button. For these devices, you must use the CLI method. If the password is lost and you lack console access, recovery becomes very difficult, highlighting the importance of maintaining access credentials.
  • Backup Before Reset: Always back up your current configuration before performing a reset if possible. While you may be resetting to solve a problem, having a backup allows you to reference old settings or perform a controlled restore.
  • Data Erasure: Be aware that a factory reset erases all logs and event data. For forensic or compliance purposes, ensure you have exported necessary logs beforehand.
  • FortiWeb Appliances: For FortiWeb web application firewalls, the process is similar. The command execute factoryreset works from the CLI. Note that FortiWeb also offers an execute formatlogdisk command to specifically wipe log data from the hard disk, which is recommended before decommissioning or reselling the appliance.

Frequently Asked Questions (FAQ)

What is the difference between execute factoryreset and execute factoryreset2?

The standard execute factoryreset erases all configuration settings, resulting in a complete out-of-the-box state. You will lose management IP addresses and need console access. The execute factoryreset2 command is a "softer" reset that preserves core network settings (interfaces, static routes, VDOMs), allowing you to maintain remote management access via the existing IP after the reset. Use factoryreset2 when you need to rebuild policies but want to keep the device on the network.

I've pressed the hardware reset button, but nothing happens. Why?

First, confirm timing: the button must be pressed within a short window (30-60 seconds) after a full power cycle. A reboot from the CLI may not activate the button's function. Second, check if the button is disabled via software (set admin-reset-button disable). Third, verify you are not pressing an NMI button by mistake, which is used for debugging, not resetting. Using a console cable during the process is the best way to see confirmation messages.

Will a factory reset remove viruses or malware from my FortiGate?

A factory reset removes all configuration and custom scripts, which can eliminate malware that has modified these elements. However, it does not revert the firmware or attack definitions. The device boots the same underlying FortiOS version. For a completely clean slate, a firmware clean install (reloading the firmware image) is required, which is a separate procedure from a configuration reset.

What should I do before selling or discarding my old Fortinet firewall?

Perform a full factory reset using the CLI (execute factoryreset). For models with internal storage (like FortiWeb), also run execute formatlogdisk to securely erase log data. This protects your organizational data and prepares the device for its next owner, who can then log in with the default admin credentials.

My FortiGate is stuck in a boot loop after a failed update. Can a factory reset help?

Yes, this is a common recovery scenario. If the device cannot boot properly, interrupting the boot process with the hardware reset button is often the only way to regain control. It resets the configuration to a known-good default, which may allow the device to boot successfully. You can then attempt the firmware upgrade again or contact support.

I have an old FortiGate without a reset button and no password. What are my options?

Your primary option is to gain console port access using an RJ45-to-DB9 serial cable or a USB console cable. Through the console, you can interrupt the boot process or, if the OS loads, you may be able to access maintenance modes or CLI prompts that allow for a password reset or recovery. The exact process can vary significantly by model and firmware age, so consulting the specific model's installation manual is crucial.