Palo Alto Networks Knowledgebase: How to Recover Password if User has One Admin Superuser Account

How to Recover Password if User has One Admin Superuser Account

28370
Created On 02/08/19 00:08 AM - Last Updated 02/08/19 00:08 AM
Cortex Data Lake Panorama
Resolution

Option One:

Steps

  1. Go into the Maintenance mode and export the log files to an SCP or a TFTP server
  2. The exported file will be in the form of a tar file (for example: 009401000552_maint_logs.tar)
  3. Untar the file that has been exported and open
  4. Go to the Management folder and click on saved-configs. There will be a "techsupport-saved-currcfg" file and rename it as "recovered_config.xml." The "techsupport-saved-currcfg" file will have the current configuration.
    Capture-reset.JPG.jpg
  5. Import and load this configuration into a test device and make sure it is not malformed
  6. Factory reset the device (see: How to Factory Reset a Palo Alto Networks Device)
  7. Import the "recovered_config.xml" and load it to the device
  8. Create a new superuser admin account
  9. Commit the changes
  10. Login to the Palo Alto Networks firewall with the new admin account and change the password

Note: On the Palo Alto Networks firewall, a factory reset is required for password recovery.

Option Two:

If the firewall is connected to Panorama, then access the managed firewall through the Context switch from Panorama, create a new administrator account and commit the changes.

owner: achalla



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClK2CAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language