Skip to content

Factory Reset

Factory reset wipes the entire FortiGate config back to factory defaults. Do this when:

  • You're starting over with a unit.
  • You inherited a device with unknown admin credentials.
  • The config is so broken that recovery is harder than restarting from scratch.
  • You're returning the unit (compliance / data hygiene).

Destructive

Factory reset deletes ALL configuration: firewall policies, addresses, VPNs, admin accounts, certs, custom signatures. Take a backup first if there's anything worth saving. License/firmware are preserved.

Before You Start

  • A backup of the current config if any of it is worth keeping (see Back Up and Restore Configuration).
  • Plan for re-onboarding: how will you reach the unit after reset? It'll be on 192.168.1.99 on the internal port.
  • Have console access ready in case the network path fails.

Method 1 — From the GUI (you can still log in)

  1. System → Settings (or System → Configuration on some versions).
  2. Find Reset Configuration or Restore Factory Defaults.
  3. Click → confirm.
  4. The unit reboots into factory state.

Method 2 — From the CLI (you can still SSH/console)

execute factoryreset

The unit asks for confirmation, then reboots into factory state.

To preserve VDOM structure but reset everything else:

execute factoryreset2   # preserves more settings — rarely used

Method 3 — From the boot menu (locked out)

When you don't have admin credentials:

  1. Connect via Console Cable.
  2. Power-cycle the FortiGate.
  3. Press any key during boot when prompted ("Press any key to display configuration menu").
  4. Choose [F] Format boot device — but actually, the cleaner option is [T] TFTP firmware load which lets you install a fresh firmware and reset config in one step.
  5. Or pick the menu option that says "Format" or "Reset to factory defaults" (label varies by model/firmware).
  6. Confirm. The unit wipes and reboots.

After Reset

Your unit comes up with: - Hostname: FortiGate-<model> - Internal/Management IP: 192.168.1.99/24 - Admin: admin / blank password - No firewall policies, no VPNs, no objects

Plug your laptop into the internal/mgmt port, set static IP 192.168.1.100/24, browse to https://192.168.1.99. See First Login.

Common Issues

  • Reset didn't restore default IP. Some FortiGate models have a "deployment" mode where the LAN port comes up with DHCP instead. Use console to see the current management IP.
  • No login prompt after reset. Firmware corrupted. Use boot menu → TFTP firmware load to install fresh firmware.
  • License gone after reset. Should still be there (license is per-unit, tied to the serial number) but may need to re-activate FortiGuard subscriptions. Check System → FortiGuard.