Categories

TechTip: Juniper SSG - Reset to Default Settings

In this article, I describe the step-by-step instructions for resetting a Juniper SSG5 to default configuration. Please note that it will help significantly if you can connect to the console port on the switch you are resetting (you can use any Juniper/Cisco console cable to connect, see Juniper SSG5 Installation and Confguration Guide (Table 1, Page 9) for HyperTerminal settings).



Using the device Serial Number


This is by far the easiest method to reset the Juniper SSG 5 firewall to default settings however it will only work if the device recovery feature has not been disabled using the "unset admin device-reset" command, and you have access to the device serial number and console CLI.

Step 1.

Connect to the console CLI as described in the article linked in the introduction above.

Step 2.

At the Login prompt, enter full device serial number.

Step 3.

At the Password prompt, enter the serial number again. The following message
appears:

!!! Lost Password Reset !!! You have initiated a command to reset the device to
factory defaults, clearing all current configuration and settings. Would you like to
continue? y/[n]


Step 4.

Press the "y" key. The following message appears:

!! Reconfirm Lost Password Reset !! If you continue, the entire configuration of the
device will be erased. In addition, a permanent counter will be incremented to
signify that this device has been reset. This is your last chance to cancel thiscommand. If you proceed, the device will return to factory default configuration,
which is: device IP: 192.168.1.1; username: netscreen, password: netscreen.
Would you like to continue? y/[n]

Step 5.

Press the "y" key to reset the device.



Using the Pinhole Reset button




Step 1.

Find the pin-hole reset button on the device (on Juniper SSG5 units it is usually located on the back, between the USB port and the Kensington security slot) and press it down with a pin (a paper-clip usually does the trick) for about 6 seconds. The power light on the device should turn amber and the console screen should read:

Configuration Erasure Process has been initiated.
Waiting for 2nd confirmation.

Don't let go of the reset button just yet.

Step 2.

Let go of the reset button for about 2-3 seconds* (power light will return to green) and press it down again for about 6 seconds, until the power light turns amber and the status light starts flashing red. The screen will then read:

2nd push confirmed.
Configuration Erase sequence accepted, unit reset.

If you don't get it from the first try - don't worry, it took me a couple of times to get the timing right, but it works like a charm once you get a feel for it.

*This part can be tricky because if you push the reset button again too fast - nothing will happen, but if you let go of the reset button for too long, you will get the "Configuration Erasure Process aborted" message and reset will be canceled and you will have to start all over again.

Once the settings have reset to default you can access your Juniper SSG 5 unit using the following default IP address, username and password:

IP Address: 192.168.1.1
Username: netscreen
Password: netscreen

13 comments:

Anonymous said...

Good help!!!
Thank you!
Wilson
Japan

Anonymous said...

Thank you very much!!
Gabriel from Brazil

Anonymous said...

Thx Gr8 Help
Alex
CA, USA

Anonymous said...

Good Help! Thanks a lot

Anonymous said...

helps me alot thx~~

Anonymous said...

Thank you, was onsite and couldnt reset the SSG20, but your instructions done the trick!

Anonymous said...

Good documentation. Used serial# procedure when I could not get pin to work.

-- j

Anonymous said...

my device's recovery feature has been disabled. is there a way to reset this device ?

Oleksiy Gayda said...

Hi Anonymous, I believe that the pinhole reset procedure should still work - if you're having troubles, try the instructions under the "Having trouble performing the Hardware Reset steps above?" section here: http://kb.juniper.net/InfoCenter/index?page=content&id=KB4749

Anonymous said...

Thanks.
Happy New Year!

Anonymous said...

Thanks! It worked....

Anonymous said...

I tried to reset via the pinhole and it worked like a charm. Thank you!

Anonymous said...

Merci !