How to reset to Factory Default configuration using external button
Description
This article is about the FortiGate. It tells you how to do a factory reset on the FortiGate. You can erase the configuration on the FortiGate by using a special button.
This button is on the outside of some FortiGate models, like the low-end ones.
Scope
FortiGate/FortiWifi/-DSL: 80F, 81F, 70F, 71F, 60E/61E, 60F/61F, 40F, 80E, 60C, 100F/101F, 70G, 71G, 90G, 120G, and other models intended for small businesses.
Solution
To reset a FortiGate unit to its factory settings without losing the ability to manage it or changing the version of FortiGates operating system, which is called FortiOS you need to follow the steps in this article, about FortiGate units and FortiOS.
This button is called the 'RESET' or 'BLE/RESET' button. It is found on the Back Panel near the power connector or on the Front Panel like on the 80F model. The 'RESET' or 'BLE/RESET' button is on by default. You can only use the 'RESET' or 'BLE/RESET' button for thirty seconds after you start up the device. When you use the 'RESET' or 'BLE/RESET' button it will get rid of the settings.
To reset the device you need to turn it off wait for ten seconds. Then turn it back on. Wait for thirty to sixty seconds. Then you will see the 'status light blinking slowly. Now you need to press and hold the 'RESET' or 'BLE/RESET' button until the 'status light starts blinking faster.
On some models like the mid to high-end ones the 'RESET' or 'BLE/RESET' button can be hard to tell from another button. This other button is called the NMI button. It has no mark on it. The NMI button is for the -maskable interrupt watchdog feature. The NMI button does not do a factory reset, like the 'RESET' or 'BLE/RESET' button does.
For v7.2.4 and later, where the maintainer account is no longer available, follow these steps to reset the admin password:
To confirm the purpose of this external button on the FortiGate:
diagnose hardware test button
The output will show if it is used as a Reset Button or as an NMI Button. It is possible to press 'N' to stop the test.
If the button is for resetting the
FortiGate, the following output will be displayed:FortiGate # diagnose hardware test button
Factory configurations are recommended for running HQIP
Test Begin at UTC Time Fri Oct 31 03:03:21 2025
03:03:21 ( 0s) ==> Reset Button
The behavior of the reset button will also depend on the firmware version that is being used. One of the options below will factory default the unit:
Option A.
The FortiGate must be connected to a Desktop/Laptop via a Console Cable.
Go to Device Manager -> Ports (COM & LPT):
Verify that the same information from the Device Manager is being placed on the PuTTY configuration:
⦁ Reboot FortiGate: It should be noted that a power cycle is required and that using the CLI command to execute a reboot may not be sufficient to enable the reset button.
⦁ Wait until the FortiGate OS is running again: The FortiGate OS is at the running stage when the 'STATUS'/'STA' LED is blinking slowly. It means that the console prompts for the login.
⦁ Once the STATUS LED is blinking slowly (typically between the first 30 to 60 seconds of boot), press the external button 'RESET', then the 'STATUS'/'STA' LED will blink faster until the FortiGate reboots itself. If the device does not reboot even after holding the reset button for 30 seconds to one minute, the next step is to release and try to hold the 'RESET' button again for one minute until the device reboots.
It can also be used as a reference that the login prompt on a Putty session is shown at the same time that the status light turns on:
⦁ The reset button on the device can only be used for the 30 or 60 seconds after you turn it on.
⦁ This time limit depends on what kind of device model you have.
⦁ If the device has been on for than 30 or 60 seconds you cannot use the reset button.
⦁ If you try to press the reset button at this point the device will send a message to the console. Nothing will happen.
⦁ You can plug in a console cable to see what is going on when you reset the device.
⦁ After you press the reset button you can look at the command line interface to see that the device reset button has worked and the device has been reset, to its settings.
In certain situations, the reset button must be pressed when the 'System is starting…..' message appears and kept pressed until the 'System is resetting to factory default' message is shown.
If the 'STATUS/STA' LED does not blink after waiting a while, this indicates that the device cannot boot up, and there may be boot image corruption.
Access the device using a serial connection with the console cable to verify this. Refer to this document for more information:
FortiGate:
The reset button has been disabled. Press the button during the first 60 seconds after a power cycle.
If the external button is pressed on time, the unit reboots, and the default configuration will be active.
FortiGate:
System is resetting to factory default...The system is going down NOW !!
The process I am talking about is good until we get to version 7.4.0.. When we get to version 7.4.1 and later the Status LED does something different.For version 7.4.1 and anything after that do these steps:Turn the FortiGate off and on again.After 40 seconds the STATUS LED will be steady.About 80 to 90 seconds after you turn it on the STATUS LED will go from being steady to blinking.
This slow blinking only happens for around 5 to 10 seconds.When the STATUS LED is blinking slowly press the RESET button.The FortiGate will then go back, to how it was when it came from the factory.
Option B:
The reset button can be pressed at any time. The unit will then perform a factory reset.When the unit restarts it will have the default settings.These settings will be active, like when you use the command "execute factoryreset" in the command line interface.The FortiGate logs as follows when the reset button is pressed:
date="2024-08-24" time="16:08:15" id=7135583482205437973 bid=5898939 dvid=1155 itime=1661382495 euid=3 epid=3 dsteuid=3 dstepid=3 logver=702010000 logid="0100032252" type="event" subtype="system" level="critical" action="factory-reset" msg="User reset to the factory settings from forticron" logdesc="Factory settings reset" ui="forticron" eventtime=1661382495134259444 tz="-0700" devid="FGT61Exxxxxxxxxx" vd="root" devname="FGT61Exxxxxxxxxx" devgrps="{NULL}"
date="2024-08-24" time="16:08:22" id=7135583516565176327 bid=5898939 dvid=1155 itime=1661382503 euid=3 epid=3 dsteuid=3 dstepid=3 logver=702010000 logid="0100032138" type="event" subtype="system" level="critical" action="reboot" msg="User rebooted the device from forticron. The reason is 'factory reset'" logdesc="Device rebooted" ui="forticron" eventtime=1661382502832782205 tz="-0700" devid="FGT61Exxxxxxxxxx" vd="root" devname="FGT61Exxxxxxxxxx" devgrps="{NULL}"
How to disable the hardware reset button:
config system global(global) # show full | grep "reset" set admin-reset-button enable <----- This would disable the reset button. set check-reset-range disable set reset-sessionless-tcp disable
This is not a recommended setting, as sometimes FortiGate enters a boot loop, and the RESET button helps to factory reset the settings.There is an observation on a rare scenario where when the Boot interrupt sequence process did not show up (for example any option for flash format/TFTP) the last option would be to press the reset button on the back of the FortiGate and get the FortiGate back to factory default and on this case the FortiGate can be logged in using default account but make sure a good known config file is already available to restore after accessing the FortiGate.This option is to be considered only when the admin password is lost or is not working. After this, try to perform an upgrade to the latest version and observe the behavior. If the same issue is observed, consider performing Hardware tests (HQIP).No Boot interrupt sequence seen after factory format or reboot FortiGate:
Note:
When you do a factory reset you will need to use the default credentials.The username is admin.The password is blank so you do not need to enter anything for the password.When you log in for the time with the username admin and no password the FortiGate will ask you to create a new password.Notes:You should have a console connection while you are doing this so you can see if the device is really resetting when you press the pin hole.To manage your FortiGate firewall you need a cable, either an RJ45-to-DB9 serial console cable or a USB-A-, to-RJ45 console cable.