Resetting admin password on Cisco Sourcefire module

If we forgot a password for the user admin on our SFR module, we will find ourselves in a problem, sooner or later. We don’t have to know this password in a regular operations, but for troubleshooting purposes, we cannot live without it. So, as long as we have access to our ASA firewall, the procedure is straight forward.

From the ASA we issue a command:

session sfr do password-reset

It is as simple as this.

Now, some articles say that this does not work. Well, it does, but we have to have in mind that this sets admin password to the platform default, which on 6.2.0 is Admin123. For other platforms it could be something else, so this is something we have to have in mind. What is the default password can be found in the documentation.

Once we have a password set to the default, we need to set something that works for us. We need to connect to the SFR console session and change the password:

webvpn-BN-DR/sec/actNoFailover#
webvpn-BN-DR/sec/actNoFailover# session sfr console
Opening console session with module sfr.
Connected to module sfr. Escape character sequence is ‘CTRL-^X’.

Authorized users only! Any access to this system is monitored!
sfr-bn-DR login: admin
Password: Admin123 (not displayed while typing)
>

> configure password

Enter current password: Admin123
Enter new password:
Confirm new password:

>

And now we can log in to the module through the ASA or directly via SSH.

If this does not work for some reason, we can re-image the module. Here we can find out how.

 

Thanks for reading.

 

 

Advertisements
This entry was posted in ASA, Cisco, FirePOWER, FireSight, Security, Sourcefire and tagged , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s