Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] How Do I Perform a Hardware Reset on my Firewall to Factory Default Settings?



Article ID: KB4749 KB Last Updated: 27 Jan 2020Version: 66.0

Customers may need to reset a Firewall back to Factory Defaults for a number of reasons; including recovering from a lost password and needing to remove all existing configuration.

  • Cannot manage the device
  • Cannot login to the device
  • Lost password
  • Forgot password
  • Asset Recovery
  • Reset device using the pinhole reset
  • Need to Reset to Factory Defaults

To perform a hardware reset of your Firewall device to factory default settings, perform the following steps:

Note: If you have lost or forgotten the root username or password of your Firewall, it is necessary to reset the device to factory default settings.

Step one: Connect to the device with a console connection. For more information on accessing the device with a console connection:
Note: It is highly recommended to have a console connection while resetting the Firewall to Factory Defaults. A console connection allows you to see the progress of the reset procedure.

Step two: Locate the Asset Recovery Pinhole (labeled RESET on some devices) on the device. 

Note: For this example, we have selected an SSG-5 device.

Step three: Using a thin, firm wire (such as a paper clip), push the pinhole for four to six seconds, and then release. A serial console message states that the Configuration Erasure Process has been initiated, and the system sends an SNMP/SYSLOG alert. The Status LED blinks amber / red once every second.

Step four: Wait for one-half to two seconds. After the first reset is accepted, the Power LED blinks green; the device is now waiting for the second reset push. The serial console message now reads, Waiting for 2nd confirmation.

Step five: Push the reset pinhole again for four to six seconds. The Status LED lights amber / red for one-half second, and then returns to the blinking green state.

Step six: The device resets to its original factory settings. When the device resets, the Status LED will turn amber /red for one-half second and then return to the blinking green state. The serial console message states Configuration Erase sequence accepted, unit reset. The system generates SNMP and SYSLOG alerts to configured SYSLOG or SNMP trap hosts.

Step seven: The device now reboots. The default factory settings are:
  • System IP Address
  • username netscreen
  • password netscreen
Note: If you do not follow the complete sequence, the reset process cancels without any configuration change and the serial console message states Configuration Erasure Process aborted. The Status LED returns to blinking green. During a reset, there is no guarantee that the final SNMP alert sent to the receiver before the reset will be received.

Note: Having trouble performing the Hardware Reset steps above?   

If you do not have a console connected to help you inform you of the progress of the reset procedure, then it can be difficult to perform the above steps.  Watching the Status LED is a another way to determine when to push and release the pinhole.  It is also helpful to ping (the default IP address assigned to the trust interface of the firewall) from a client connected to the trust port of the firewall during this process.

a. Push and HOLD pinhole with thin wire.  The Status LED will turn to a “blinking amber'.  Keep holding, and when it turns to 'blinking green', immediately release the pinhole.

b. After 1 second, push and HOLD the pinhole again.  The Status LED will turn to a “blinking red”.  Keep holding, and when the Status LED turns to 'solid amber' or 'solid green', immediately release the pinhole and wait.

c. Firewall will reboot and be available in approximately 3-5 minutes.  Pings to should then work.

Another option to reset the device to factory default:

If the Serial number of the device is known, then you can logon to the device by using the Serial Number as the Username and Password and this will reset the device to factory default. In this case, the default settings would be the same as mentioned above. Please note this can be performed only via a Console CLI session.
Modification History:
2020-01-24: Article reviewed for accuracy. No changes made. Article is correct and complete.
‚Äč2017-12-01: Minor edits.  Article reviewed for accuracy

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search