Help
FortiAP
FortiAP devices are thin wireless access points (AP) supporting the latest Wi-Fi technologies (multi-user MIMO 802.11ac Wave 1 and Wave 2, 4x4), as well as 802.11n, 802.11AX , and the demand for plug and play deployment.
Abin_FTNT
Staff
Staff

Created on ‎11-12-2015 08:56 AM Edited on ‎05-14-2025 01:28 AM By Moderator

Article Id 193998

Technical Tip: Reset a lost admin password on a FortiAP (password recovery) from a FortiGate

Description

 
This article explains how to reset a FortiAP password to its default value or to a new password from a FortiGate.


Scope

 
All FortiAPs managed via FortiGate.


Solution

 

The following FortiGate CLI commands will reset the password of the FortiAP to the default value or to a new password:

 

FGT-HO # config wireless-controller wtp

FGT-HO (wtp) edit FPXXXFTFXXXXXXXX

FGT-HO (FPXXXFTFXXXXXXXX) set override-login-passwd-change enable

FGT-HO (FPXXXFTFXXXXXXXX) set login-passwd-change ? 

yes <--Change the managed WTP, FortiAP, or AP's administrator password. Use the login-password option to set the password.

default <-- Keep the managed WTP, FortiAP, or AP's administrator password set to the factory default.

no  Do not change the managed WTP, FortiAP or AP's administrator password

FGT-HO (FPXXXFTFXXXXXXXX) set login-passwd-change default *** 

 

Or:

 

FGT-HO (FPXXXFTFXXXXXXXX) set login-passwd-change yes                                                            

FGT-HO (FPXXXFTFXXXXXXXX) set login-passwd <8 character password>

FGT-HO (FPXXXFTFXXXXXXXX) next

FGT-HO (wtp) end

 

Before v7.0.2, the option ‘set login-passwd-change=default’ will result in a blank password for FortiAP (not recommended). After v7.0.2, the command ‘set login-passwd-change=default’ will request a new password every time logged into the FortiAP console.

 

Note:
The option of changing password or ‘login-passwd-change’ will only come up when ‘override-login-passwd-change’ is enabled, as shown above.
 
This management password can also be changed to a group of FortiAPs sharing the same WTP profile. This configuration is made as follows on FortiGate:
 
config wireless-controller wtp-profile
    edit <wtp profile name>
        set allowaccess https ssh snmp
        set login-passwd-change yes
        set login-passwd <new management password>
    next
end
 

The management password for a group of FortiAPs sharing the same WTP profile can also be changed or reset via the GUI. To do this, navigate to WiFi & Switch Controller -> FortiAP Profiles, select the FortiAP Profile associated with the FortiAPs, edit the profile through the GUI, and select 'OK' at the bottom to save the changes.


Screenshot 2025-05-14 092053.png

32327
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.