How to perform an Enhanced Factory Reset (EFR)

How to perform an Enhanced Factory Reset (EFR)

166117
Created On 04/23/24 21:42 PM - Last Modified 11/15/24 20:16 PM


Objective


This article details how to initiate an Enhance Factory Reset via Palo Alto Networks Support.

 



Environment


Palo Alto Networks Firewalls



Procedure


  • An enhanced factory reset (“EFR”) procedure can be scheduled by opening a case through Customer Support (TAC). This procedure does not rely on the integrity of a potentially compromised device to initiate a reset, and is recommended for customers that are concerned about potential persistent compromise due to unauthorized root access to a device.
  • Customers using a VM series device should follow these remediation steps
  • After an EFR is performed, the following are recommended:
  1. Change the master key and elect for AES-256-GCM.
  2. Reset passwords, psk’s, keys, secrets, etc. (See the list of passwords and keys )
  3. Revoke and reissue all certificates with private-keys on PAN-OS; these certs-keys are on device > certificates (Revoke a certificate and generate a certificate ).


Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000CrO6CAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language