Monday, February 10, 2014

Palo Alto Firewall: Reset Palo Alto Firewall But Keep Software Install and Updates Intact

I have come across times when I needed to reset a Palo Alto firewall, but I needed to keep the licenses and software install intact.  I only needed to get the customer specific data off the unit.  Well there is a way to do that on the Palo units.  You run the "request system private-data-reset " command.  Here is what I did here recently when resetting a unit, but keeping the software and licenses intact:

PA-3020> request system ?
> external-list        Perform external-list refresh/sanity functions
> fqdn                 Perform fqdn refresh/reset functions
> private-data-reset   Delete private data, keep software, content installations
> self-test            FIPS/CC self test commands
> self-test-job        Run FIPS/CC self test job
> software             Perform system software installation functions

PA-3020> request system private-data-reset
Executing this command will remove all logs and configuration will revert back to factory defaults. The system will restart and then reset the data. Are you sure you want to continue? (y/n) (y or n) y

When you reset this, you log back in, set the IP address/default gateway/DNS info, and re-connect to the Palo Alto site to license the box.  Everything like the OS version you had plus the updates you did will be there, after you put the license back on.  However, you may want to check for updates again to get it completely up to date.

UPDATE: I did this on another unit and it wouldn't boot up afterwards. I had to do a factory reset on it and build everything from scratch again. Just fyi


Your comment will be reviewed for approval. Thank you for submitting your comments.