How to perform a factory reset on a Palo Alto Networks device from Maintenance Mode
607363
Created On 09/25/18 19:48 PM - Last Modified 10/30/23 20:34 PM
Symptom
Device not booting requiring factory reset.
Environment
- Palo Alto Firewall
- Supported PAN-OS
- Factory Reset
Resolution
- Connect the Console cable, which is provided by Palo Alto Networks, from the "Console" port to a computer, and use a terminal program (9600,8,n,1) to connect to the Palo Alto Networks device.
NOTE: A USB-to-serial port will have to be used if the computer does not have a 9-pin serial port.
- Power on to reboot the device.
- During the boot sequence, the screen should look like this
-
Enter Maint mode
For PAN-OS 10.0 and above
-
Select PANOS (maint-sysroot1) from the options below. The options below will show for 5 seconds only
PANOS (maint-sysroot0) PANOS (maint-sysroot1) PANOS (sysroot0) PANOS (sysroot1)
For PAN-OS 9.1 and below
- Type maint and hit Enter to enter maintenance mode
- you will see a "CHOOSE PANOS" screen with the following options: PANOS (maint-other), PANOS (maint) or PANOS (sysroot0). Please choose PANOS (maint). Press enter to continue.
PAN-OS 7.1 GNU GRUB boot menu.
- Once in maintenance mode, the following is displayed, please press enter to continue
- Arrow down to Factory Reset and press Enter to display the menu
- You will see the Image that will be used to perform the factory reset. Select Factory Reset and press Enter again:
- Once complete, select the option to Reboot if presented. Some older devices/software may reboot automaticlly when complete. Please be aware that it may take several minutes before the autocommit to complete and allow the admin/admin login to work properly.
Additional Information
- If running PAN-OS 8.1.x and above, review the following link to perform SSH into Maintenance Mode: How to SSH into Maintenance Mode
- Admin-Admin not Working After Factory Reset