Recovering ASA Sourcefire Module Password

By now we have completed several steps with regard to our Sourcefire deployment. We have Defense Center up and running, our modules are installed, set up and connected to Defense Center. We did lots of work in order to make all of this happen. But, we have other things on our mind and under our fingers. So, after a while, we came to a realization that we forgot our SFR module password. It happens. We have to make passwords complex, change them often, never write them down, make them different among systems we are in charge of, … So the outcome is what it is. Not to worry, the solution is pretty straight forward.

First we need to access our ASA box that hosts the module. If we are able to log in to the ASA box and obtain the privilege level fifteen, then the module will trust us and let us reset its password to the defaults, which are admin/Sourcefire, as we recall.

So, from the ASA command prompt, we issue:

asa/pri/act#
asa/pri/act# session sfr do password-reset
asa/pri/act#

No return message or anything, but that’s all that takes. For hardware module in 5585-Xs, instead of “session sfr do password-reset” we use “session 1 do password-reset”.

Now we can log in to our SFR module:

asa/pri/act#
asa/pri/act# session sfr console
Opening console session with module sfr.
Connected to module sfr. Escape character sequence is ‘CTRL-^X’.

sfr-bl-1 login: admin
Password: Sourcefire
Last login: Mon Apr 20 00:58:59 on ttyS1
>

And now we should change this default password:

>
> configure password
Enter current password:
Enter new password:
Confirm new password:

>

Believe it or not, it’s that simple.

 

Thanks for reading!

 

Advertisements
This entry was posted in ASA, Cisco, Security, Sourcefire and tagged , , , , . Bookmark the permalink.

2 Responses to Recovering ASA Sourcefire Module Password

  1. oat says:

    Hi thanks for your sharing but just curious that how to switch back to normal console?

  2. herb says:

    …..CTRL-^X

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s