How to perform an Enhanced Factory Reset (EFR)
166117
Created On 04/23/24 21:42 PM - Last Modified 11/15/24 20:16 PM
Objective
This article details how to initiate an Enhance Factory Reset via Palo Alto Networks Support.
Environment
Palo Alto Networks Firewalls
Procedure
- An enhanced factory reset (“EFR”) procedure can be scheduled by opening a case through Customer Support (TAC). This procedure does not rely on the integrity of a potentially compromised device to initiate a reset, and is recommended for customers that are concerned about potential persistent compromise due to unauthorized root access to a device.
- Customers using a VM series device should follow these remediation steps.
- After an EFR is performed, the following are recommended:
- Change the master key and elect for AES-256-GCM.
- Reset passwords, psk’s, keys, secrets, etc. (See the list of passwords and keys )
- Revoke and reissue all certificates with private-keys on PAN-OS; these certs-keys are on device > certificates (Revoke a certificate and generate a certificate ).