How to perform a factory reset on a Palo Alto Networks device from Maintenance Mode

How to perform a factory reset on a Palo Alto Networks device from Maintenance Mode

719494
Created On 09/25/18 19:48 PM - Last Modified 04/23/24 19:41 PM


Symptom


Device not booting requiring factory reset.

Environment


  • Palo Alto Firewall
  • Supported PAN-OS
  • Factory Reset

Resolution


  1. Connect the Console cable, which is provided by Palo Alto Networks, from the "Console" port to a computer, and use a terminal program (9600,8,n,1) to connect to the Palo Alto Networks device.

NOTE: A USB-to-serial port will have to be used if the computer does not have a 9-pin serial port.

  1. Power on to reboot the device.
  2. During the boot sequence, the screen should look like this
    1. Screenshot for Welcome to the PanOS Bootloader

  3. Enter Maint mode 

For PAN-OS 10.0 and above

  • Select PANOS (maint-sysroot1) from the options below. The options below will show for 5 seconds only 

PANOS (maint-sysroot0)
PANOS (maint-sysroot1)
PANOS (sysroot0)
PANOS (sysroot1)

For PAN-OS 9.1 and below
  1. Type maint and hit Enter to enter maintenance mode
    1. Screenshot of Entry in Bootloader
  2. you will see a "CHOOSE PANOS" screen with the following options: PANOS (maint-other), PANOS (maint) or PANOS (sysroot0). Please choose PANOS (maint). Press enter to continue.
    1. Screenshot of Choose PAN-OS with highlighted PANOS (maint)
PAN-OS 7.1 GNU GRUB boot menu.
  1. Once in maintenance mode, the following is displayed, please press enter to continue
    1. Screenshot of Welcome to the Maintenance Recovery Tool with Continue highlighted
  2. Arrow down to Factory Reset and press Enter to display the menu
    1. Screenshot of Welcome to the Maintenance Recovery Tool with Factory Reset highlighted
  3. You will see the Image that will be used to perform the factory reset. Select Factory Reset and press Enter again:
    1. Screenshot of Factory Reset page
  4. Once complete, select the option to Reboot if presented. Some older devices/software may reboot automaticlly when complete. Please be aware that it may take several minutes before the autocommit to complete and allow the admin/admin login to work properly.
  5. IMPORTANT: If this procedure is used to put a firewall back into production, restore the device configuration, re-deploy the firewall licenses, upgrade PAN-OS to the desired version, and download-and-install all required Content updates (Antivirus, Apps+Threats, WildFire, Global Protect client, etc) before the device is put back in production, to ensure the firewall provides the necessary protections by running the latest Threat Prevention content.

Additional Information
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CldXCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language