Skip to main content
Abin_FTNT
Staff
Abin_FTNT
Staff
November 12, 2015

Technical Tip: Reset a lost admin password on a FortiAP (password recovery) from a FortiGate

  • November 12, 2015
  • 0 replies
  • 35620 views

Description

 
This article explains how to reset a FortiAP password to its default value or to a new password from a FortiGate.


Scope

 
All FortiAPs managed via FortiGate.


Solution

 

This post describes three ways to recover FortiAP management password:

 

  • Scenario 1. Recover password for a specific FortiAP.
  • Scenario 2. Recover password for all APs linked to a wtp-profile.
  • Scenario 3. Perform a factory reset to the FortiAP.

 

The three scenarios are described as follows:

 

Scenario 1. Recovering the password for a specific FortiAP.

The following FortiGate CLI commands will reset the password of one specific FortiAP to the default value or to a new password:

 

FGT-HO # config wireless-controller wtp

FGT-HO (wtp) edit FPXXXFTFXXXXXXXX

FGT-HO (FPXXXFTFXXXXXXXX) set override-login-passwd-change enable

FGT-HO (FPXXXFTFXXXXXXXX) set login-passwd-change ? 

yes <----- Change the managed WTP, FortiAP, or AP's administrator password. Use the login-password option to set the password.

default <----- Keep the managed WTP, FortiAP, or AP's administrator password set to the factory default.

no  Do not change the managed WTP, FortiAP or AP's administrator password

FGT-HO (FPXXXFTFXXXXXXXX) set login-passwd-change default *** 

 

Or:

 

FGT-HO (FPXXXFTFXXXXXXXX) set login-passwd-change yes                                                            

FGT-HO (FPXXXFTFXXXXXXXX) set login-passwd <8 character password>

FGT-HO (FPXXXFTFXXXXXXXX) next

FGT-HO (wtp) end

 

Before v7.0.2, the option ‘set login-passwd-change=default’ will result in a blank password for FortiAP (not recommended). After v7.0.2, the command 'set login-passwd-change=default' will request a new password every time logged into the FortiAP console.

 

Note:
The option of changing password or 'login-passwd-change' will only come up when 'override-login-passwd-change' is enabled, as shown above.
 
Important: For this change to take place, the FortiAP must be online on FortiGate already. If the CAPWAP tunnel between the FortiAP and FortiGate (wireless-controller) is not up, this change will not take effect.
 
Scenario 2. Recovering the password for all APs linked to the same wtp-profile.
This management password can also be changed to a group of FortiAPs sharing the same WTP profile. This configuration is made as follows on FortiGate:
 
config wireless-controller wtp-profile
    edit <wtp profile name>
        set allowaccess https ssh snmp
        set login-passwd-change yes
        set login-passwd <new management password>
    next
end
 

The management password for a group of FortiAPs sharing the same WTP profile can also be changed or reset via the GUI. To do this, navigate to WiFi & Switch Controller -> FortiAP Profiles, select the FortiAP Profile associated with the FortiAPs, edit the profile through the GUI, and select 'OK' at the bottom to save the changes.


Screenshot 2025-05-14 092053.png

 

Important: For this change to take place, the FortiAP must be online on FortiGate already. If the CAPWAP tunnel between the FortiAP and FortiGate (wireless-controller) is not up, this change will not take effect.

 

Scenario 3. Recovering the management password by performing a factory reset.

 

Push the reset button of the FortiAP for 15 seconds. After the FortiAP reboots, it will have the default configurations.

  • User: admin

 

After the prompt asks for the password, press enter and then set up a new secure password.

    Terms & ConditionsAccessibility statement