Shulou(Shulou.com)06/01 Report--

I. Preface

When NGFW module Web management, SSH and console all forget the password and cannot log in, and the firewall is in the active / standby mode, use this method to recover the password.

My system version is: V100R001C30SPC300

Second, pre-operation preparation

1. Operating time

Try to choose the time when the business is free to do this operation, which is scheduled for this Tuesday (2018.7.3) afternoon.

2. Prepare tools

Pre-operation preparation tool

Quantity and use of tools

One of the two computers is used for regular ping IP addresses, and the other two are used for specific operations.

Two console lines are used to connect the console port operation

One network cable is used to connect MGMT port operation.

Two computers, one of which often ping three addresses: 10.10.5.254, 10.10.5.252, 10.10.5.253, respectively, to check whether the master / slave has been switched; the other two are used to recover passwords through the console line.

3. Prepare the restart method

On switch S12712, type power off slot 2ap5, wait 10 seconds, and then type the power on slot 2ap5 command.

4. Understand the interface between the active and standby firewall and the switch

Interface between the main firewall and the switch: Eth-trunk103

Prepare the interface between firewall and switch: Eth-trunk102

5. The ciphertext of Admin@1234% @% @ XY [V + I Universe 9YhJuNl4gmur8J (| sgyog28ccc\ Q.LgKHVQEClae 0.% @ br/ >% @ XY [V + IUniqmlml9YhJuNl4gMur8J (| sgyog28ccc\ Q.LgKHVQE0.%}% @% @%) @% @

If the NGFW master / slave is configured correctly, the master / slave switching process is basically second-cut, and only about 3-5 packets are lost in the middle, but this operation uses manual switching, which is also basically second-cut.

7. Sequence of operating machines

Unplug the heartbeat cable-> close the service port of the backup wall (Eth-trunk102)-> choose to recover the password on the NGFW backup-> make the standby firewall become the main-> open the backup wall service port-> close the main wall service port (Eth-trunk103)-> choose to recover the password on the NGFW host.

III. Specific operation steps

1. Unplug the heartbeat line between the master and standby.

2. Close the business port of the backup wall: Eth-trunk102

Int Eth-trunk102 / / close the backup wall service port

Shutdown

3. Connect the equipment and restart the wall through the Console port

Power off slot 2ActurePower on slot 2Accord 5 / / restart the backup wall with this command, restart with reset command is invalid, I don't know why

4. Specific password recovery operations

In the process of device startup, press Ctrl+B when you see the prompt "Press Ctrl+B to Enter Main Menu...3". After entering the BootROM password, enter the BootROM main menu of the extended segment, and follow the steps below to configure the device as empty configuration to start.

Description:

The default BootROM password for  is O&m15213. If you log in with the default value, in order to improve security, it is recommended to select 5 to modify it after entering the main menu of the extended segment BootROM. Please take good care of the password so as not to lose it.

Press Ctrl+B to Enter Main Menu...3

Password: *

=

=

Boot System

Set Startup Application Software and Configuration

File Management Menu...

Load and Upgrade Menu...

Modify Bootrom Password

Reset Factory Configuration

RebootPress Ctrl+T to Enter Manufacture Test Menu...Press Ctrl+Z to Enter Diagnose Menu...

=

Enter your choice (0-6): 2 / / Select 2 here to enter the submenu of setting up startup files and configuration files.

Current boot application software:

Current boot configuration:

Modify setting

Quit

Enter your choice (0-1): 1 / / Select 1 here to go to the modify configuration submenu.

File (s) in hda1:

1:hda1:/sup.bin 139720443 bytes

2:hda1:/vrpcfg.zip 17142 bytes

Total size: 1201569792 bytes.

Free size: 1061832207 bytes.

File (s) in hda2:

1:hda2:/keylog/log_1389968546.txt 442185 bytes

Total size: 640745472 bytes.

Free size: 640253952 bytes.

Input the name of application software (eg: hda1:/sup.bin):

Input the name of configuration or'. To clear setting (eg: hda1:/vrpcfg.zip):. / / enter "." here. To change the next startup configuration to an empty configuration.

Modifed configuration successful.

Next boot configuration: NULL

=

=

Boot System

Set Startup Application Software and Configuration

File Management Menu...

Load and Upgrade Menu...

Modify Bootrom Password

Reset Factory Configuration

RebootPress Ctrl+T to Enter Manufacture Test Menu...Press Ctrl+Z to Enter Diagnose Menu...

=

Enter your choice (0-6): 1 / / Select 1 here to boot the system.

3. Log in to Web interface through HTTPS and log in to Web interface.

1) connect the administrator PC port to the MGMT interface of the device (GigabitEthernet 0UniPax 0) through the network cable. 2) set the IP address of administrator PC's network connection to the IP address in the range of 192.168.0.2' 192.168.0.254.

3) Open a web browser in the administrator PC and access the default IP address https://192.168.0.1:8443 of the MGMT interface of the device that needs to be logged in. The default account "admin" and password "Admin@123" br/ > 2) set the IP address of the administrator PC's network connection to the IP address in the range of 192.168.0.2, 192.168.0.254.

3) Open a web browser in the administrator PC, and access the default IP address https://192.168.0.1:8443 of the MGMT interface that needs to log in to the device, and the default account "admin" and password "Admin@123"

5. Extract the file on PC to get vrpcfg.cfg, and use the text editing tool to change the administrator password in the configuration file. Change the password of administrator admin to Admin@1234 (tried in clear text does not work). The ciphertext of Admin@1234:% @% @ XY [V + I Universe Mechan 9YhJuNl4gmur8J (| sgyog28yogcc\ Q.encrypted LgKHVQEClae 0.% @% @ br/ > Admin@1234 ciphertext:% @% @ XY [V + I Universe Machiavellian 9YhJuNl4gMur8J (| sgyog28yogcc\ Q.LgKHVQEUR 0.% @)

7. Select "system > configuration > system restart", click "restart", and restart the device. 8. After the device is started, you can log in with the new user name admin and password Admin@1234 (console and web login at the same time), and the configuration is restored to the recently saved configuration. Br/ > 8. After the device is started, you can log in with the new user name admin and password Admin@1234 (both console and web login at the same time), and the configuration is restored to the most recently saved configuration.

Int Eth-trunk102 / / Open the service port of preparing wall

Undo shutdown

10. Quickly close the service port (Eth-trunk103) of the main wall on the switch so that the main wall does not participate in forwarding packets.

Int Eth-trunk103 / / close the main wall service port

Shutdown

11. Check the ping result. If the business is normally cut to the backup wall, continue with the following operations.

12. Use the same method above to change the password of admin on the main wall, and try to log in with the new password after the restart is completed. If you can continue to do the following

13. Plug in the heartbeat cord and quickly open the business port Eth-trunk103 of the main wall (this operation is best done by two people).

Int Eth-trunk103 / / Open the main wall service port

Undo shutdown

14. At this time, the main wall will seize the master again, and check whether the computer of the regular ping gateway has lost any packets. If you follow the actual operation and move quickly, only one packet will be lost. At this point, the password will be restored to test whether the business is normal. ****

IV. Post-operation testing

1. Log in to the firewall web and ssh with the new password to test whether you can log in.

2. Check whether the restarted NGFW has been started through another regular ping computer.

3. Check whether there are any unrestored alarms in the monitoring.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.