You CAN and probably should rename/delete the default admin user on Fortigate, here is how

Many best practices in security and regulations (PCI-DSS, NIST 800-53) demand or recommend renaming/deleting the default administrative accounts that come with the equipment. And every Fortinet product comes with the admin account built-in. Some people are afraid to lose administrative access by such changes, but with the Fortinet Fortigate it is not the case - you can rename or delete this account without any bad consequences whatsoever. Here is how to do it on CLI of the Fortigate.

Before diving in to the config, you may want to know few facts about the procedure:

You cannot rename/delete the admin user while logged in with it.

You have to create first another user privileged enough (super_admin) to make changes to admin. This way Fortigate prevents you from locking yourself out of the management.

Just renaming the admin does NOT alter its password, so you can still log in with the existing one.

You can rename the user back to admin if you want to, i.e. the renaming is reversible.

If you delete admin, you can later create a new user named admin again.

Renaming the `admin` user to something else (here to `original_admin`)

First, have to create a new user (fortiadmin, name is irrelevant) with super_admin access profile:

config sys adminedit fortiadminset password s#cr#tset accprofile super_adminset trusthost1 10.10.19.0/24next

Now I can rename the admin

# config sys admin(admin) # rename admin to original_admincommand parse error before 'admin' . <-- HAVE TO LOG OUT OF ALL SESSIONS OF admin FIRSTCommand fail. Return code -61FGT-Perimeter (admin) # rename admin to original_adminFGT-Perimeter (admin) # showconfig system admin    edit "original_admin"        set accprofile "super_admin"        set vdom "root"        set password ENC SH2vACIdY6Mn1jTArqaRkLrK5kRjdFSMOrFUwG5wY/MdGEQQfVOPeDq7vzVEZs=    next    edit "fortiadmin"        set accprofile "super_admin"        set vdom "root"        set trusthost 10.10.19.0/24        set password ENC SH2/ivwkt6MPTQbJdStQmFrA6CAn73T86rjGEPka3ivoNfbVE6a6W2YlpBFjN8=    nextend

Delete `admin` altogether

FGT-Perimeter (admin) # del adminFGT-Perimeter (admin) # end

Re-crete `admin` user

FGT-Perimeter # config sys adminFGT-Perimeter (admin) # edit adminnew entry 'admin' addedFGT-Perimeter (admin) # set password s3cr3ButNotFGT-Perimeter (admin) # set accprofile super_adminFGT-Perimeter (admin) # end

50,000 VPN usernames and their passwords from Fortigates around the world were leaked last week – what you can do to prevent it from happening to you

Fortigate guest user accounts - create, edit, delete and deploy

Fortigate - enable e-mail as a two-factor authentication for a user and increase token timeout

Fortigate ssh admin access with certificate authentication

Follow me on https://www.linkedin.com/in/yurislobodyanyuk/ not to miss what I publish on Linkedin, Github, blog, and more.