To enter maintenance mode, you need to restart your system with request restart system in operational mode or if you’re in a situation where you’re not in the Firewall or can’t get into the Firewall, just power it down and back up.
Look out for bootloader message that looks like below:
|
1
2
3
4
|
Enter 'maint' for boot menu.Booting PANOS (sysroot0, sda) after 5 seconds...Entry: maint |
Type maint after 5 seconds, if you’re lucky the grub bootloader will appear:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
GNU GRUB version 0.98 (631K lower / 3668608K upper memory) +---------------------------- | PANOS (maint, sda) | PANOS (maint, sdb) | PANOS (sysroot0, sda) | PANOS (sysroot0, sdb) | | | | | | | | +---------------------------- Use the ^ and v keys to select which entry is highlighted. Press enter to boot the selected OS or 'p' to enter a password to unlock the next set of features. |
Choose the first partition PANOS (maint, sda), you will enter the maintenance mode that looks like this:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
Booting 'PANOS (maint, sda)'root (hd0,1) Filesystem type is ext2fs, partition type 0xfdkernel /boot/vmlinuz ro root=/dev/md2 console=ttyS0,9600n8 init=/sbin/init_maint quiet [Linux-bzImage, setup=0x3000, size=0x21f070]INIT: version 2.86 booting Welcome to PanOSSetting clock (utc): Tue Dec 11 00:28:39 PST 2012 [ OK ]Starting udev: [ OK ]Setting hostname PA-5050: [ OK ]Checking filesystems: Running filesystem check on pancfg: [ OK ] Running filesystem check on panrepo: [ OK ][ OK ]INIT: Entering runlevel: 3Entering non-interactive startupStarting Networking: [ OK ]Starting system logger: [ OK ]Starting kernel logger: [ OK ]Starting portmap: [ OK ]Starting NFS statd: [ OK ]Starting panhttpd: [ OK ]Starting sshd: [ OK ]Starting ha-sshd: [ OK ]Starting xinetd: [ OK ]Starting ntpd: [ OK ]Starting NFS services: [ OK ]Starting NFS daemon: [ OK ]Starting NFS mountd: [ OK ]Starting PAN Software: [ OK ] Welcome to the Maintenance Recovery Tool Welcome to maintenance mode. For support please contact Palo Alto Networks. 866-898-9087 or support@paloaltonetworks.com< Continue Q=Quit, Up/Down=Navigate, ENTER=Select, ESC=Back |
You will be shown to a menu of what you want to do. In this case we want #4:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
Welcome to the Maintenance Recovery Tool< Maintenance Entry Reason < Get System Info < Factory Reset < Set FIPS Mode < Set CCEAL4 Mode < FSCK (Disk Check) < Log Files < Disk Image < Select Running Config < Content Rollback < RAID < Set IP Address < Diagnostics < Debug Reboot < Reboot Q=Quit, Up/Down=Navigate, ENTER=Select, ESC=Back |
If you selected “Factory Reset”, you should see something like:
|
1
2
3
4
5
6
7
8
|
WARNING: Performing a factory reset will remove all logs and configuration.Using Image: (X) panos-7.1.6< Factory Reset < Advanced |
Again select “Factory Reset”.
NOTE:
There’s nice feature under “Advanced” to SCRUB the drive. You have two options DOD & NNSA(default):
The dod scrub sequence is compliant with the DoD 5220.22-M procedure for sanitizing removeable and non-removeable rigid disks which requires overwriting all addressable locations with a character, its complement, then a random character, and verify. Please refer to the DoD document for additional constraints.
The nnsa (default) scrub sequence is compliant with a Dec. 2005 draft of NNSA Policy Letter NAP-14.x for sanitizing removable and non-removable hard disks, which requires overwriting all locations with a pseudorandom pattern twice and then with a known pattern. Please refer to the NNSA document for additional constraints.
Now just wait for the factory reset to complete.