It happens we all lose passwords at times, or perhaps you joined an organization, and someone else set the password, and it didn’t get passed along to you. At this point, you have only one option. You must recover the password.
To accomplish this, you will have to have access to the firewall and have the ability to restart it. Also, you will need a Console cable or RJ-45-to-DB-9 or null-modem cable and a terminal emulation software such as PuTTY.
You will also need to know the unit’s serial number. We will use it for the password by adding bcpb in front of it. The username for this process will be maintainer.
The password is bcpb plus the serial number of the firewall (the letters of the serial number must be uppercase)
For example, bcpbFGT80B3Z25…… or bcpbFGT101FRG……
There is a 14 second or less window to type in the username and password. I recommend copying the password (bcpbSERIALNUMBER) in your clipboard and pasting it in after typing the username (maintainer). You won’t see an indication of typing. Paste it in and hit enter.
If you see this message on the console, “PASSWORD RECOVERY FUNCTIONALITY IS DISABLED”, then the maintainer account has been disabled. There is more on this below.
There is no indicator of when the time runs out. It might take more than one attempt to get in.
As soon as you see the following, input the user name and password.
Initializing firewall... System is starting... Starting system maintenance... Scanning /dev/mmcblk0p1... (100%) Scanning /dev/mmcblk0p3... (100%) login:maintainer password:****************
Now that you are in, you will want to rest the admin password by doing the following.
If vdoms are not enabled:
#config system admin edit admin set password <yourpassword> end
If vdoms are enabled:
#config global config system admin edit admin set password <password> end
The maintainer account
The maintainer account is enabled by default, however, there is an option to disable this feature. If the feature is disabled and you lose the password is lost there isn’t another option to recover the system.
If you use the maintainer account and see this message on the console, “PASSWORD RECOVERY FUNCTIONALITY IS DISABLED”, then the maintainer account has been disabled.
Disabling the maintainer account:
The following command in the CLI changes the status of the maintainer account.
#config system global set admin-maintainer disable end
#config system global set admin-maintainer enable end