ScreenOS Firewalls (NOT SRX)
ScreenOS Firewalls (NOT SRX)

NS-5XT reset to factory defaults

‎01-16-2011 10:19 AM

Preambula:

after the upgrade from our service provider we get several  NS-5XT devices. They are obsolete, but yet functionaly.

So, we'd like to use them on in our network. But I cannot access them becouse I have not admin acces attributes for them. I tried to reset the devices as described in UG, "Asset Recovery" chapter. But described methods don't work.

Question:

How is possible to reset the devices to their default factoy settings in other way?

--
With respect,
4 REPLIES 4
ScreenOS Firewalls (NOT SRX)

Re: NS-5XT reset to factory defaults

‎01-16-2011 02:10 PM

Hi

 

Are you pushing in the pin-hole button, waiting for status light to turn amber, releasing the button for a few seconds, and then waiting a few seconds and then pressing the button again for another 6 seconds ?

 

Ta

 

Jude

ScreenOS Firewalls (NOT SRX)

Re: NS-5XT reset to factory defaults

‎01-16-2011 05:49 PM

There are two methods to reset the firewalls, pinhole reset mentioned above and the use of the serial number on the console cable.  They are both detailedin KB5046

 

http://kb.juniper.net/InfoCenter/index?page=content&id=KB5046

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
ScreenOS Firewalls (NOT SRX)

Re: NS-5XT reset to factory defaults

‎01-18-2011 08:59 AM

Thank you for exact links to docs. I did read User Guide for my model and tryed the both methods. Unfortunately, they didn't works. Actually I am surprised how they blocked pinwhole button! ..but the reality is so.

May be it is possible to rewrite BootLoader EPROM? In this case, where from it is possible to take the Loader factory image?

Or someone has other idias?...

I'll appreciate any help.

--
With respect,
ScreenOS Firewalls (NOT SRX)

Re: NS-5XT reset to factory defaults

‎01-18-2011 03:20 PM

I have had better luck with the console reset using the serial number.  It does take a bit of coordination to catch the right cycle on the pin hole method.

 

But as you mention, the reset from both methods can be turned OFF by the configuration as a security measure.  If they have enabled this feature then you really do need a valid login to get control again.

 

Perhaps JTAC has a back door if you have a support agreement, but I've never seen one published and it would sort of negate the security feature if you could bypass that lock.

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home