Juniper SSG5 忘記登錄密碼！恢復出廠設置!

- 10月 26, 2017

Juniper SSG5 忘記登錄密碼！恢復出廠設置：

Juniper SSG5跟Juniper SRX系列或是CISCO的網路設備，在密碼管理方面不太一樣，當您忘記密碼時，並沒有所謂的密碼恢復程序來讓您能夠恢復密碼，您唯一能做的事就是恢復出廠設置(常用的說法有出廠組態、出廠設定等)!

而一旦恢復了出廠設置，Juniper SSG5就會清空設備內的組態(設定)

所以千萬要養成每次更改設定後，就立刻儲存成備份設定檔的好習慣，以防萬一。

過程中需要連線Juniper SSG5 console主控台，請參考此連結：

如何連線CONSOLE

原廠相關連結：

[ScreenOS]How Do I Perform a Hardware Reset on my Firewall to Factory Default Settings?

要恢復SSG5 出廠設置有兩個方法：

1.Hardwarw Reset：

在SSG5的後面有一個Reset的針孔，您必須配合它的燈號，第一次差大約6秒不動，然後燈號變成一紅一綠，在將針拔出然後間隔約2秒之後，再將針插入約6秒，如此才能完成Reset動作。

按設備reset鍵恢復出廠設置

Reset鍵在設備背面USB插頭附近。

首先按住用牙籤按住reset 鍵6秒左右，console畫面顯示以下資訊

Configuration Erasure Process has been initiated.

Waiting for 2nd confirmation.

直到電源燈閃爍綠色，再按住reset鍵2-3秒，顯示以下資訊

2nd push has been confirmed.

Configuration Erase sequence accepted, unit reset.

直到狀態燈變成琥珀色長亮1.5秒，然後回到綠色閃爍狀態，這個時候設備已經被重置到出廠設置狀態了。

接著console畫面顯示以下資訊：

Juniper Networks SSG5 Boot Loader Version 1.3.2 (Checksum: A1EAB858)

Total physical memory: 128MB

Test - Pass

Initialization - Done

Hit any key to run loader

。。。。。。。。。。。。。

總之，要完成以上步驟還是需要點程序的。

2.Console Reset：

Unset all

reset

From the CLI, enter unset all; press ENTER.

When prompted for Erase all system config, are you sure y/[n]; press y.

Enter reset; press ENTER.

When prompted for Configuration Modifies, save; press n.

When prompted for System Reset, Are you sure; press y.

※Upon the system reboot, the configuration will be reverted to the factory default.
※The default IP address of the NetScreen device is 192.168.1.1, the admin name is netscreen and the password is netscreen.

或者：

Password:序號

查看序號：

ssg5-serial-> get system

Product Name: SSG5-Serial

Serial Number: 0162032012000759, Control Number: 00000000

Hardware Version: 0710(0)-(00), FPGA checksum: 00000000, VLAN1 IP (0.0.0.0)

可以直接用序列號登陸。用戶名和密碼都輸入產品序列號。

用設備序列號恢復出廠設置

用console線連接到netscreen防火牆，然後輸入設備序列號（serial number），serial number在設備背板面上。

password: 0162032012000759

!!! Lost Password Reset !!! You have initiated a command to reset the device to factory defaults, clearing all current configuration and settings. Would you like to continue? y/[n] Y

恢復出廠設置，將刪除當前所有的配置，按“Y”

!! Reconfirm Lost Password Reset !! If you continue, the entire configuration of the device will be erased. In addition, a permanent counter will be incremented to signify that this device has been reset. This is your last chance to cancel this command. If you proceed, the device will return to factory default configuration, which is: System IP: 192.168.1.1; username: netscreen, password: netscreen. Would you like to continue? y/[n] Y 按“Y”

In reset ...

Juniper Networks SSG5 Boot Loader Version 1.3.2 (Checksum: A1EAB858)

Total physical memory: 128MB

Test - Pass

Initialization - Done

Hit any key to run loader

Loading default system image from on-board flash disk...

Done! (size = 15,171,584 bytes)

Image authenticated!

Start loading...

.................................................................

..........................................

Done.

Juniper Networks, Inc

SSG5/SSG20 System Software

Version 6.2.0r3.0

Load Manufacture Information ... Done

Initialize FBTL 0........ Done

Load NVRAM Information ... (6.2.0)Done

Install module init vectors

Install modules (01128800,0209f5c0) ...

PPP IP-POOL initiated, 256 pools

Initializing DI 1.1.0-ns

w3g_cfg_init

*********************************************************

System time: 22July2010:15:29:44

If this is the initial device startup,

use the "set clock" command to set the system clock.

*********************************************************

system init done..

現在可以用出廠默認帳號密碼（netscreen）登陸

password:

ssg5-serial-> get interface 查詢一下i介面資訊，確定已經重置了

A - Active, I - Inactive, U - Up, D - Down, R - Ready

Interfaces in vsys Root:

Name IP Address Zone MAC VLAN State VSD

serial0/0 0.0.0.0/0 Null N/A - D -

eth0/0 0.0.0.0/0 Untrust 0023.9c2a.1500 - D -

eth0/1 0.0.0.0/0 DMZ 0023.9c2a.1505 - D -

bgroup0 192.168.1.1/24 Trust 0023.9c2a.150b - D -

eth0/2 N/A N/A N/A - D -

eth0/3 N/A N/A N/A - D -

eth0/4 N/A N/A N/A - D -

eth0/5 N/A N/A N/A - D -

eth0/6 N/A N/A N/A - D -

bgroup1 0.0.0.0/0 Null 0023.9c2a.150c - D -

bgroup2 0.0.0.0/0 Null 0023.9c2a.150d - D -

bgroup3 0.0.0.0/0 Null 0023.9c2a.150e - D -

vlan1 0.0.0.0/0 VLAN 0023.9c2a.150f 1 D -

null 0.0.0.0/0 Null N/A - U 0

注意：在您每次更改系統配置後，應該及時備份新的配置。這將使您在恢復系統密碼的時候能迅速恢復以前的配置。

注意：設備恢復出廠設置功能是開放的。您可以在命令行下輸入：unset admin device-reset關閉這個功能。

恢復出廠配置(組態)後的設定檔內容：

此配置乃是恢復出廠後，第一次用流覽器登入J-Web(在網址列輸入192.168.1.1)，在 Rapid Deployment Wizard 快速部署精靈 畫面中，選擇 No, skip the Wizard and go straight to the WebUI management session instead. 選項後，系統所自動產生的內容。

set clock timezone 0

set vrouter trust-vr sharable

set vrouter "untrust-vr"

exit

set vrouter "trust-vr"

unset auto-route-export

exit

set alg appleichat enable

unset alg appleichat re-assembly enable

set alg sctp enable

set auth-server "Local" id 0

set auth-server "Local" server-name "Local"

set auth default auth server "Local"

set auth radius accounting port 1646

set admin name "netscreen"

set admin password "nKVUM2rwMUzPcrkG5sWIHdCtqkAibn"

set admin auth web timeout 10

set admin auth dial-in timeout 3

set admin auth server "Local"

set admin format dos

set zone "Trust" vrouter "trust-vr"

set zone "Untrust" vrouter "trust-vr"

set zone "DMZ" vrouter "trust-vr"

set zone "VLAN" vrouter "trust-vr"

set zone "Untrust-Tun" vrouter "trust-vr"

set zone "Trust" tcp-rst

set zone "Untrust" block

unset zone "Untrust" tcp-rst

set zone "MGT" block

set zone "DMZ" tcp-rst

set zone "VLAN" block

unset zone "VLAN" tcp-rst

set interface "ethernet0/0" zone "Untrust"

set interface "ethernet0/1" zone "DMZ"

set interface "bgroup0" zone "Trust"

set interface bgroup0 port ethernet0/2

set interface bgroup0 port ethernet0/3

set interface bgroup0 port ethernet0/4

set interface bgroup0 port ethernet0/5

set interface bgroup0 port ethernet0/6

unset interface vlan1 ip

set interface bgroup0 ip 192.168.1.1/24

set interface bgroup0 nat

unset interface vlan1 bypass-others-ipsec

unset interface vlan1 bypass-non-ip

set interface bgroup0 ip manageable

set interface bgroup0 dhcp server service

set interface bgroup0 dhcp server auto

set interface bgroup0 dhcp server option gateway 192.168.1.1

set interface bgroup0 dhcp server option netmask 255.255.255.0

set interface bgroup0 dhcp server ip 192.168.1.33 to 192.168.1.126

unset interface bgroup0 dhcp server config next-server-ip

set flow tcp-mss

unset flow no-tcp-seq-check

set flow tcp-syn-check

unset flow tcp-syn-bit-check

set flow reverse-route clear-text prefer

set flow reverse-route tunnel always

set vrouter "untrust-vr"

exit

set vrouter "trust-vr"

exit

set url protocol websense

exit

set policy id 1 from "Trust" to "Untrust" "Any" "Any" "ANY" permit

set policy id 1

exit

set nsmgmt bulkcli reboot-timeout 60

set ssh version v2

set config lock timeout 5

unset license-key auto-update

set snmp port listen 161

set snmp port trap 162

set vrouter "untrust-vr"

exit

set vrouter "trust-vr"

unset add-default-route

exit

set vrouter "untrust-vr"

exit

set vrouter "trust-vr"

exit

搜尋此網誌

查理王的電腦部落格

Juniper SSG5 忘記登錄密碼！恢復出廠設置!

Juniper SSG5 忘記登錄密碼！恢復出廠設置：

這個網誌中的熱門文章

如何測試網路連線--網路斷線了怎麼辦?

筆記電腦刷BIOS失敗無法開機—用CH341A編程器重刷BIOS教學！

INTEL XTU使用教學以及對筆電應具備的XTU設定概念