New Member

Solved

How To Reset a FortiAP FAP-234F-A to Factory Defaults

Forum|Forum|3 months ago
February 17, 2026
5 replies
971 views

Hello Everyone:

We need to reset an FAP-234F-A to factory defaults because we don't have the admin password.

Here are the details:

1. We have the unit connected to a FortiGate 40F, which has the default IP address of 192.168.1.99 for now while we set things up. The FAP-234F-A is set to 192.168.1.2 and we can ping it and browse to the GUI.

2. The QuickStart Guide for this unit says that it comes with a special POE injector that has a reset button on it because the AP doesn't. Probably because it's a ruggedized outdoor unit and having a reset button would compromise the ruggedness. The model number of the PO injector that shows in the QSG is EPA5006GPR-4P. It's made by EnGenius, but the only one they have is the EPA5006GR, so we bought that one. It has a reset button on it but pressing it for more than 10 seconds doesn't reset the AP to factory defaults. It does nothing. Probably because it's slightly different than the EPA5006GPR-4P and the pinout is different. Here is a link to the unit: https://store.engeniustech.com/products/epa5006gr?variant=48010898735420

3. We can connect to the AP via the console. Our understanding is that if we install/replace the firmware during boot, it will reset the unit to factory defaults. We have downloaded firmware for it and gone through the whole process several times, but still can't login to the unit. We'll paste the CLI text in hopes that someone can spot something there that is preventing the unit from accepting the new firmware. There are probably errors there that explain why the unit is not accepting the firmware replacement, but we don't know enough to understand what we're looking at.

4. We found the article below and it's exactly what we're going through. We read the articles suggested by the Fortinet staff member that replied to the post a couple of times, but they don't look like they will work just like they didn't work for the person that added that post. Link: https://community.fortinet.com/t5/Support-Forum/Factory-reset-FortiAP-222E/m-p/213157

Thanks in advance.

===

U-Boot 2016.01-svn152333 (Sep 01 2022 - 18:06:00 +0000)

DRAM: smem ram ptable found: ver: 2 len: 4
1 GiB
NAND: ONFI device found
ID = 1190acc2
Vendor = c2
Device = ac
qpic_nand: changing oobsize to 80 from 128 bytes
ipq_spi: page_size: 0x100, sector_size: 0x10000, size: 0x800000
520 MiB
MMC: sdhci: Node Not found, skipping initialization

Flash: 8 MiB

Ver:04000003
Serial number: FP234FTF23025865
Region code: A

PCI0 is not defined in the device tree
In: serial@78B1000
Out: serial@78B1000
Err: serial@78B1000
machid: 8030200

To boot Kernel image at active partition rootfs
Net: MAC0 addr:80:80:2c:e2:0c:40
PHY ID1: 0x4d
PHY ID2: 0xd0b2
eth0
Hit any key to stop autoboot: 5

[G]: Get OS image from TFTP server.
[Q]: Quit menu and continue to boot with default OS.
[S]: Switch partitions. current active partition is rootfs
[H]: Display this list of options.

Enter G,Q,S or H:

Enter TFTP server address [192.168.1.254]:
Enter local address [192.168.1.2]:
Enter firmware image file name [image.out]:
eth0 PHY0 Down Speed :10 Half duplex
eth0 PHY1 Down Speed :10 Half duplex
eth0 PHY2 up Speed :1000 Full duplex
eth0 PHY3 Down Speed :10 Half duplex
eth0 PHY4 Down Speed :10 Half duplex

Please connect TFTP server to Ethernet port 'LAN1'.

Using eth0 device
TFTP from server 192.168.1.254; our IP address is 192.168.1.2
Filename 'image.out'.
Load address: 0x41000000
Loading: *
Got TFTP_OACK: TFTP remote port: changes from 69 to 65068
#################################################################
#################################################################
#################################################################
#################################################################
#################################################################
#################################################################
#################################################################
#################################################################
#################################################################
#################################################################
#################################################################
#################################################################
#################################################################
#################################################################
#################################################################
#################################################################
#################################################################
#################################################################
#################################################################
#################################################################
#################################################################
#################################################################
#################################################################
#################################################################
#################################################################
#################################################################
#################################################################
#################################################################
#################################################################
#################################################################
#################################################################
#################################################################
###########################################################
3.9 MiB/s
done
Bytes transferred = 31388351 (1def2bf hex)
unzipped : 33426996(0x01fe0e34)
Save as Default firmware[D]?D

Programming the boot device now.
## Executing script at 44000000
crc32+ Flashing ubi: [ done ] 0
ubi0: attaching mtd2
ubi0: scanning is finished
ubi0: volume 3 ("rootfs_data") re-sized from 1 to 657 LEBs
ubi0: attached mtd2 (name "mtd=0", size 128 MiB)
ubi0: PEB size: 131072 bytes (128 KiB), LEB size: 126976 bytes
ubi0: min./max. I/O unit sizes: 2048/2048, sub-page size 2048
ubi0: VID header offset: 2048 (aligned 2048), data offset: 4096
ubi0: good PEBs: 1024, bad PEBs: 0, corrupted PEBs: 0
ubi0: user volume: 4, internal volumes: 1, max. volumes count: 128
ubi0: max/mean erase counter: 1/0, WL threshold: 4096, image sequence number: 899233225
ubi0: available PEBs: 0, total reserved PEBs: 1024, PEBs reserved for bad PEB handling: 80
Read 0 bytes from volume kernel to 44000000
No size specified -> Using max size (4821140)
## Loading kernel from FIT Image at 44000000 ...
Using 'config@cp03-c1' configuration
Trying 'kernel@1' kernel subimage
Description: ARM OpenWrt Linux-4.4.60
Type: Kernel Image
Compression: gzip compressed
Data Start: 0x440000e4
Data Size: 4117942 Bytes = 3.9 MiB
Architecture: ARM
OS: Linux
Load Address: 0x41208000
Entry Point: 0x41208000
Hash algo: crc32
Hash value: 213ba820
Hash algo: sha1
Hash value: 89b3b92fb111e7be7532972236ab68977c6f0a55
Verifying Hash Integrity ... crc32+ sha1+ OK
## Loading fdt from FIT Image at 44000000 ...
Using 'config@cp03-c1' configuration
Trying 'fdt@cp03-c1' fdt subimage
Description: ARM OpenWrt qcom-ipq60xx-cpxx device tree blob
Type: Flat Device Tree
Compression: uncompressed
Data Start: 0x44488010
Data Size: 67057 Bytes = 65.5 KiB
Architecture: ARM
Hash algo: crc32
Hash value: 726714b3
Hash algo: sha1
Hash value: c7f9658846f4599e93a2b0678a5350d5fec24839
Verifying Hash Integrity ... crc32+ sha1+ OK
Booting using the fdt blob at 0x44488010
Uncompressing Kernel Image ... OK
Loading Device Tree to 484ec000, end 484ff5f0 ... OK
Could not find PCI in device tree
Using machid 0x8030200 from environment

Starting kernel ...

[ 0.257881] <CORE> glink_core_register_transport: IPC Logging disabled
[ 0.257956] msm_glink_smem_native_xprt rx fifo not found
[ 0.258259] <CORE> glink_core_register_transport: IPC Logging disabled
[ 0.834424] mtdsplit: no squashfs found in "rootfs"
[ 1.260536] DEV CI test message
[ 3.784387] msm-usb-ssphy-qmp 78000.ssphy: QMP PHY initialization timeout
[ 3.784411] msm-usb-ssphy-qmp 78000.ssphy: USB3_PHY_PCS_STATUS:68686868
65536+0 records in
65536+0 records out
65536 bytes (64.0KB) copied, 0.182939 seconds, 349.8KB/s
2116+0 records in
2116+0 records out
2116 bytes (2.1KB) copied, 0.006312 seconds, 327.4KB/s
[ 7.427254] ubi: mtd19 is already attached to ubi0
[ 9.898996] Supported Frequencies -
[ 9.899013] 187.2 MHz 748.8 MHz
[ 9.956320] 1.4976 GHz [ 9.967764]
[ 9.995092] 7f6fe180: NSS core 0 DDR from 40000000 to 41000000
[ 10.049240] Invalid macid 6
[ 10.068327] diag: IPC Logging disabled
qcawifi configuration is disable
*****starting cnssdaemon*****
*********initiating cold boot calibration*************
*****cnssdaemon pid=1060*********
[ 18.879206] diag: In diag_send_feature_mask_update, control channel is not open, p: 2, 7f8cb3c4
Found unused ubi device: /dev/ubi1
qcawifi qcawificfg80211 disable radio wifi0
qcawifi qcawificfg80211 disable radio wifi1
qcawifi qcawificfg80211 disable radio wifi2
qcawifi qcawificfg80211 disable radio wifi0
qcawifi qcawificfg80211 disable radio wifi1
qcawifi qcawificfg80211 disable radio wifi2
*****Registers configuration for qdss_tracing completed*******
******Starting cnss_cli********

FortiAP-234F login:
process '/usr/sbin/lldpd' (pid 2649) exited. Scheduling for restart.
[ 38.247442]
[ 38.264686]

FortiAP-234F login: admin
Password:
Login incorrect

FortiAP-234F login:

FortiAP

Best answer by 7WBS

Hi AEK:

We upgraded the firmware on the AP to a higher version that the one it had and that replaced the previous version and asked us to enter a new password. We did, and now the unit is Online and working perfectly.

It looks like these APs won't accept older versions of firmware installed via TFTP and there's no warning as far as we can tell.

So this is the solution for APs that don't have a reset switch: Install a higher version of the firmware via TFTP and that will reset the unit to factory defaults.

-Eli

Stephen_G

Moderator

Hi 7WBS,

Is this article any help?: https://community.fortinet.com/t5/FortiAP/Technical-Tip-Reset-a-lost-admin-password-on-a-FortiAP-password/ta-p/193998

Stephen_G - Fortinet Community Team

7WBSAuthor

New Member

Hi Stephen:

We had previously found that article and tried Scenarios 1 and 2, but no luck.

This AP is incredibly stubborn, if that's even possible.

We'll go through the steps again and see if we can get anywhere.

Installing new firmware hasn't reset this thing to factory and Scenarios 1 and 2 aren't having any effect on this unit either. We've tried so many other steps in various articles, that we've lost track.

We can ping it, browse to the GUI, supposedly install new firmware, see it in the Fortigate and FortiSwitches, but just can't get into the management side of it.

Do these things have some kind of lock function that prevents and changes to it unless you have the admin password?

Thanks for the link to that post.

-Eli

AEK

SuperUser

You can simply change it from the managing FGT as suggested by Stephen.

AEK

7WBSAuthor

New Member

Thanks for the response.

We had previously found that article and tried Scenarios 1 and 2, but no luck.

We'll go through the steps again and see if we can get anywhere.

At the moment, the unit is Authorized, but Offline, so we want to reset it to factory defaults. We can connect to the AP's CLI from the FortiGate and we land here:

FortiGate-40F (FP234FTF23025865) #

But now the problem is that none of the FortiAP CLI commands work here. Like if we type fap-get-status, we get: Unknow Action 0.

We probably have to enter the commands differently since we're coming in via the FortiGate's CLI, so we'll have to find out how to do that.

We may be able to send it a command to reset itself to factory default if we can figure out how.

Thanks again for reaching out.

-Eli

AEK

SuperUser

Hi Eli

For info I tried it on my FGT/FAP and it worked fine.

Just in case, if your new password has special characters then put it between 'quotes'.

FGT (FP221ETF1804***) # set override-login-passwd-change enable 
FGT (FP221ETF1804***) # set login-passwd-change yes
FGT (FP221ETF1804***) # set login-passwd '------'
FGT (FP221ETF1804***) # next
FGT (wtp) # end

FGT (root) # exec ssh admin@172.20.100.2
admin@172.20.100.2's password: 
FortiAP-221E # help
exit Exit
help Display the commands and alias
? Synonym for 'help'
Commands:
=========
arp
brctl
cfg
cw_debug
...

AEK

7WBSAuthor

New Member

Hi AEK:

Thanks for sending this over. Tried it and the password is still failing, but it looks like we may have found out why.

Check this post: Reset a lost admin password on a FortiAP ... - Fortinet Community

The "Note" section for Scenarios 1 and 2 says that none of this will take effect unless the AP is online in the FortiGate. Ours is Offline, so we're not getting any errors when we try your commands, but they're not sticking.

We've been losing our minds here wondering why nothing we try makes any difference. Maybe that's why.

So it looks like that's the mission now. Getting this thing online.

1. We can ping it from the management PC.

2. We can browse to it from the management PC.

3. The exec ssh command you sent over works and connects, but the password fails.

4. We have Security Fabric checked for the Interface this thing is connected to.

5. The IP address for the AP (192.168.1.2) is in the same subnet as the Interface it's on, which is the Hardware Switch on the Fortigate, which is on .99 (for now).

We're thinking DHCP is disabled in the AP, but even then, it should connect to the Fortigate since its IP address is on the same subnet as the Interface.

Walking away to think about this and see what we can do to get this thing online.

Thanks again.

-Eli

AEK

SuperUser

Hi Eli

Yes if it is offline it can't push the password .

Check if the FGT interface that faces the AP has the Security Fabric (or CAPWAP) service is enabled.

Once done reboot your AP and see if it helps.

AEK

SuperUser

Please share the FortiGate model, FortiOS version, and FAP firmware version.

AEK

7WBSAuthor

New Member

Hi AEK:

The FortiGate model is FG-40F with 7.4.11 firmware.

We don't know what the firmware version is on the AP.

We can connect to the CLI of the AP, but since we don't have the admin password, we can't run any CLI commands to find the firmware version. We can see the boot sequence, but nothing we see there tells us the firmware version.

There may be some additional information you that can help in the original post in this thread if you scroll all the way up.

Thanks again for your help with this.

-Eli

AEK

SuperUser

Hi Eli

Check if your FGT model support this AP model, using the below commands:

config wireless-controller wtp-profile 
  edit test
    config platform 
      set type ?

Do you see it in the list?

AEK

7WBSAuthor

New Member

Hi AEK:

This AP model is in the list.

It would be great if we knew what firmware version it has, but can't seem to get that without the admin password.

Thanks again for your help.

-Eli

https://community.fortinet.com/t5/Support-Forum/How-To-Reset-a-FortiAP-FAP-234F-A-to-Factory-Defaults/m-p/433363#M284125

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded