Knowledge Center Search


 

[ScreenOS] How Do I Perform a Hardware Reset on my Firewall to Factory Default Settings?

  [KB4749] Show KB Properties

  [KB4749] Hide KB Properties

Categories:
Knowledge Base ID: KB4749
Last Updated: 11 Oct 2013
Version: 64.0

Summary:
Customers may need to reset a Firewall back to Factory Defaults for a number of reasons; including recovering from a lost password and needing to remove all existing configuration.

Problem or Goal:
Symptoms & Errors:
  • Cannot manage the device
  • Cannot login to the device
  • Lost password
  • Forgot password
  • Asset Recovery
  • Reset device using the pinhole reset
  • Need to Reset to Factory Defaults

Cause:

Solution:

To perform a hardware reset of your Firewall device to factory default settings, perform the following steps:

Note: If you have lost or forgotten the root username or password of your Firewall, it is necessary to reset the device to factory default settings.

Step one: Connect to the device with a console connection. For more information on accessing the device with a console connection, select from the list below:
Note: It is highly recommended to have a console connection while resetting the Firewall to Factory Defaults. A console connection allows you to see the progress of the reset procedure.

Step two: Locate the Asset Recovery Pinhole (labeled RESET on some devices) on the device. 

Note: For this example, we have selected a NetScreen 5GT device.

Image of step two

Step three: Using a thin, firm wire (such as a paper clip), push the pinhole for four to six seconds, and then release. A serial console message states that the Configuration Erasure Process has been initiated, and the system sends an SNMP/SYSLOG alert. The Status LED blinks amber / red once every second.

Step four: Wait for one-half to two seconds. After the first reset is accepted, the Power LED blinks green; the device is now waiting for the second reset push. The serial console message now reads, Waiting for 2nd confirmation.

Step five: Push the reset pinhole again for four to six seconds. The Status LED lights amber / red for one-half second, and then returns to the blinking green state.

Step six: The device resets to its original factory settings. When the device resets, the Status LED will turn amber /red for one-half second and then return to the blinking green state. The serial console message states Configuration Erase sequence accepted, unit reset. The system generates SNMP and SYSLOG alerts to configured SYSLOG or SNMP trap hosts.

Step seven: The device now reboots. The default factory settings are:
  • System IP Address 192.168.1.1
  • username netscreen
  • password netscreen
Note: If you do not follow the complete sequence, the reset process cancels without any configuration change and the serial console message states Configuration Erasure Process aborted. The Status LED returns to blinking green. During a reset, there is no guarantee that the final SNMP alert sent to the receiver before the reset will be received.



Note: Having trouble performing the Hardware Reset steps above?   

If you do not have a console connected to help you inform you of the progress of the reset procedure, then it can be difficult to perform the above steps.  Watching the Status LED is a another way to determine when to push and release the pinhole.  It is also helpful to ping 192.168.1.1 (the default IP address assigned to the trust interface of the firewall) from a client connected to the trust port of the firewall during this process.

a. Push and HOLD pinhole with thin wire.  The Status LED will turn to a “blinking amber'.  Keep holding, and when it turns to 'blinking green', immediately release the pinhole.

b. After 1 second, push and HOLD the pinhole again.  The Status LED will turn to a “blinking red”.  Keep holding, and when the Status LED turns to 'solid amber' or 'solid green', immediately release the pinhole and wait.

c. Firewall will reboot and be available in approximately 3-5 minutes.  Pings to 192.168.1.1 should then work.

Another option to reset the device to factory default:

If the Serial number of the device is known, then you can logon to the device by using the Serial Number as the Username and Password and this will reset the device to factory default. In this case, the default settings would be the same as mentioned above.

Purpose:
Configuration
Troubleshooting

Related Links:

 

 

ASK THE KB

Question or KB ID:


 


 

 
Copyright© 1999-2012 Juniper Networks, Inc. All rights reserved.