If you forgot your domain account you used to log on your favorite PAN-OS systems, you simply have to reset it from the domain controller (or the equivalent).
But how to recover the local account password?
To do so, there are multiple ways to recover it.
1 - High Availability
In the case the firewall is in HA with another firewall, if you can access the peer firewall, you can create a new local account, and then sync the config.
2- Panorama
In case the firewall is added to Panorama, it is possible to connect from Panorama then select the firewall to display the firewall.
You can also add a new account on a template, and push the template to the firewall.
3- Maintenance mode
It is possible to restore a previous configuration (you need to need the password on the previous configuration).
You can also export the configuration, edit the configuration then load it with a new password.
Finally, you can factory reset (last resort solution)
Finally, I advise you to set a read-only account with a password which can expire : if you have lost the superuser password, and you don't want to factory reset the firewall, the TAC will be able to do something using this read-only account.
And while you cannot configure the firewall, you still can see the logs and reports.
No comments:
Post a Comment