Monday, July 6, 2020

Palo Alto firewall - Reset to Factory Default (3 cases)


The following steps describe how to perform a factory reset on a Palo Alto Networks device. There are three cases based on your situation.


    • Case 1. Without an Admin Password

    If you do not know the admin account password, you must first place the firewall in maintenance mode.

    Note: If running PAN-OS 6.0 and above, review the following link to perform SSH into Maintenance Mode: How to SSH into Maintenance Mode.

     ▶ Steps

    1) Connect the Console cable, which is provided by Palo Alto Networks, from the "Console" port to a computer, and use a terminal program (9600,8,n,1) to connect to the Palo Alto Networks device.

    NOTE: A USB-to-serial port will have to be used if the computer does not have a 9-pin serial port.

    2) Power on to reboot the device.

    3) During the boot sequence, the screen should look like this:


    1) Type maint to enter maintenance mode.


    2) PAN-OS 7.1 NOTE: When performing this on PAN-OS 7.1, you will see a "CHOOSE PANOS" screen with the following options: PANOS (maint-other), PANOS (maint) or PANOS (sysroot0). Please choose PANOS (maint). Press enter to continue.
    PAN-OS 7.1 GNU GRUB boot menu.

    3) Once in maintenance mode, the following is displayed, please press enter to continue:


    4) Arrow down to Factory Reset and press Enter to display the menu:


    5) You will see the Image that will be used to perform the factory reset. Select Factory Reset and press Enter again:


    6) The unit will reboot when complete. Please be aware that it may take several minutes before the autocommit to complete and allow the admin/admin login to work properly.


    • Case 2. With an Admin Password

    If you know the admin account password, you can use the CLI command debug system maintenance-mode.

    ▶ Steps

    1) Connect the Console cable, which is provided by Palo Alto Networks, from the "Console" port to a computer, and use a terminal program (9600,8,n,1) to connect to the Palo Alto Networks device.

    NOTE: A USB-to-serial port will have to be used if the computer does not have a 9-pin serial port.

    2) Enter your login credentials.

    3) Enter the following CLI command:
    debug system maintenance-mode

    The firewall will reboot in the maintenance mode.

    4) When the firewall reboots, press Enter to continue to the maintenance mode menu.
    Select Factory Reset and press Enter.

    5) Select Factory Reset and press Enter again.

    The firewall will reboot without any configuration settings. The default username and password to log in to the firewall is admin/admin.


    • Case 3. With an Admin Password to Remove all Logs and Restore the Default Configuration 

    If you know the admin account password, you can use the CLI command request system private-data-reset. This command will not perform the same actions as a factory reset of the device from Maintenance Mode. Private-data-reset will not do a zero-ization of the data and will not erase the system disks. Performing a bit-level recovery procedure can still retrieve the data from the device. Also, all the content packages installed will remain with the same PAN-OS, but all the logs and saved configurations on the firewall will be cleared.

    If you know the admin account password and want to remove all logs and restore the default configuration without erasing the system disks, you can use the CLI command:

    request system private-data-reset

    Executing this command will remove all logs and configuration will revert back to factory defaults. The system will restart and then reset the data.

    Are you sure you want to continue? (y/n) (y or n)



    2 comments:

    Unknown said...

    Hi.
    If I use the Case 1, do not affect fw license?

    AnalysisMan's Blog said...

    The license is private data, so it will be deleted in all three cases.