Question
We have a local console password set on one of our firewalls but we have have forgotten the password, what can we do? What are our options?
Answer
The answer is different depending on if cOS Core is the older 32 bit version or the newer 64 bit version (used, for example, with NetWall 100, 300, 500 and 6000 Series hardware).
cOS Core 32 bit versions
There are several ways to remove the local console password, depending on the situation, but not all may be applicable.
1. Use InControl to change the local console password. Since InControl is using NetCon to connect and to authenticate to the firewall this is possible to do without first entering the old password. See below image for the location of the option in InControl:
- Reset the unit to factory default using either SSH, WebUI or InControl.
- Note-1: A configuration reset does NOT remove the local console password.
- Note-2: This means the removal of the configuration, unless you have a saved backup from earlier it means that all data/configurations on the firewall would be lost.
- On some appliance models there is a factory reset button that can be used to reset the unit to its factory defaults. This would also remove the local console password.
- Note: This means the removal of the configuration, unless you have a saved backup from earlier it means that all data/configurations on the firewall would be lost.
- Send the unit to Clavister to perform a manual password removal. Please note that this is not covered by the RMA/Hardware replacement, there will be a cost involved.
cOS Core 64 bit versions
In a cOS Core 64 bit version the local console does not have a separate database and instead uses a local database. By default, it uses the same database as when logging into SSH/WebUI but it can use a different database. The screenshot below shows the location of the relevant setting for selecting the user database.
In 64 bit cOS Core versions, the options are slightly less than in 32 bit versions when it comes to removing or changing the local console password:
- Use InControl to change the local console password. Since InControl is using NetCon (it's own encryption key/protocol) to connect and to authenticate to the firewall, this is possible to do without first entering the old password. Note that this assumes that the firewall has been already added in InControl. It is not possible to re-add it afterwards in InControl unless the Netcon key was previously saved.
- On most firewall appliance models there is a physical factory reset button that can be used to reset the unit to its factory defaults. See the "Getting Started Guide" for the relevant model for information about the reset button's location and how to use it. Warning: This operation will wipe the entire configuration and revert to the factory installed cOS Core version.
- Send in the unit to Clavister to perform a manual password removal. Please note that this is not covered by the RMA/Hardware replacement so there will be a cost involved.
Related articles
19 Apr, 2023 core hyperv serial console log