Reset password without changing settings?
Is it possible to reset the password to factory default while keeping existing settings?
I'm the new IT guy and inherited a TZ300 which was customized by prior IT staff.
Unfortunately the default password was changed but no one has the password. We are installing a new VoIP provider and need to whitelist a few IP addresses and ports but don't want to clear out any existing settings by resetting to the factory default.
I saved a copy of the current settings / firmware in SafeMode. If I select to reboot with the factory default, will I be able to log into the firewall and restore the current settings from SafeMode while keeping the default password? Or will that restore the current password too?
Much thanks in advance!
@RooibosGreen that's the way to go, the restore of your config will keep the default password.
@BWC Does this really work? I don't think I've ever exported the settings through Safe Mode and I've assumed that the settings can't be exported without knowing the current password as a security feature.
@SonicAdmin80 hmm you got me thinking, but @RooibosGreen got the config exported in Safe Mode and if we follow the usual "logic" and import a config to a factory reset appliance it should end up in having the default password with a running config.
I'am not eager to test it with my production appliance (don't have a spare unit to test with), but I'am quite sure, because this is how I did it on replacement units.
@BWC On most networking appliances you need to know the admin password to export settings, but I haven't done the export in Safe Mode on a SonicWall, so can't be sure. If it's possible it's a bit of a security hole although user passwords aren't in a readable form and the built-in admin password isn't included.
Could it be that in Safe Mode the settings export actually exports the default configuration, or are you certain it exports the user config? If that's the case I must make a note as this could come in handy.
@SonicAdmin80 I can't say for sure, it seems in Gen7 there is no export config option in Safe Mode according to the KB article. I assumed it was possible in the way @RooibosGreen described it. I checked on an older appliance and there was indeed no configuration export option in Safe mode, maybe the Download Firmware option got confused with it?
Probably I reset appliances in Safe Mode and imported a backup from cloud backup. Not a daily routine, maybe memory is a bit fuzzy on that.
@BWC I usually start configuring a new appliance after resetting it to factory defaults and updating the firmware through Safe Mode, but I can't remember the options either. But sounded odd that exporting settings without a password would be allowed in Safe Mode. I still haven't used Gen 7 devices much so don't know all the options there, except to be careful not to wipe the whole OS.
Thank you @BWC and @SonicAdmin80 for your insights. I haven't tried rebooting yet but here's what I'm seeing from SafeMode:
I am offered two firmware download options:
a) Current firmware (which I assume includes current settings) <--- I have downloaded this file, 188.8.131.52-19n
b) Current firmware with Factory Default Settings
As an aside, I noticed both files have the same size and got to wondering whether changing settings would have changed the file sizes, too, such as adding whitelisted IPs, etc? Perhaps there weren't many changes made to default settings?
Ideally, I would like to keep the current settings, restore the factory default password, then update to the latest firmware. The steps I have in mind for doing this are:
1) Enter SafeMode
2) Select "Upload New Firmware" with the file I've downloaded 184.108.40.206-19n (hopefully this resets the password to default while keeping current settings)
3) Restart in SafeMode
4) Select "Upload New Firmware" with the latest firmware, 220.127.116.11n (which hopefully lets me keep the current settings while updating to the latest firmware)
Do the above steps sound right? Anthing else I should consider?
Thank you both again in advance!
@RooibosGreen I did a quick check and ran the procedure you listed above and it seems that the downloaded Firmware does not contain any settings.
Is there a Cloud Backup or manual Local Backup available by any chance?
Hi Michael @BWC , thanks for looking into this.
Unfortunately, it looks like Cloud Backup is not available for firmware below v6.5.
Is it by chance possible to run a manual Local Backup from Safe Mode? If so I would very much appreciate hearing more about it.
Thank you again!
@RooibosGreen maybe it was possible on very old firmware releases but IMHO there is currently no way to safe the config in Safe Mode. You should hold the prior IT staff accountable for that.
Look on the bright side, if you configure the Appliance from scratch you can do a complete Overhaul of the Policies 😉
Absolutely true @BWC Michael! :D
Let me talk to my supervisor about her preference for next steps.
Thank you again for all your help!