How to rename or delete default 'admin' account on FortiGate

By default, every FortiGate firewall comes with an administrative account named 'admin'. Whether through internal or external networks, accounts named root, admin, administrator, system, and similar are common targets for brute force and password dictionary attacks.

The next two images demonstrate brute force attempts targeting both the 'admin' account and other users, using common credentials from an attacker's dictionary list.

To prevent such scenarios, it’s recommended to disable or rename this account. This recommendation also applies to other devices and systems.

In our FortiGate firewall scenario, the process to rename or delete the account is fully reversible. If you choose only to rename it, the password remains unchanged. A critical step before editing or deleting the account is to ensure you have a pre-configured account with equivalent privileges to perform the desired action. No active sessions should be using the 'admin' account.

Let’s proceed with the steps:

In the image gallery, we see the sequence of actions for editing the 'admin' account:

Image 01 shows the failure when attempting to edit the account because you're logged in with the 'admin' account and it's the only administrative account on the firewall

Image 02 demonstrates creating another account with the same privileges as the 'admin' account

Image 03 sequences show the results after:

• Creating the new administrative account

• Renaming and deleting the 'admin' account

• The final result displayed in the GUI

As mentioned, this procedure is fully reversible - you can either recreate or restore the account to its original name.