1) Connect to the console and power off the firewall. When it starts to boot up, wait for the autoboot prompt and enter maint
Autoboot to default partition in 5 seconds. Enter 'maint' to boot to maint partition. INIT: version 2.86 booting Welcome to PanOS Setting clock (utc): Fri Jul 12 00:40:17 PDT 2013 [ OK ] Starting udev: [ OK ] Setting hostname PA-500: [ OK ] Checking filesystems: Running filesystem check on pancfg: [ OK ] Running filesystem check on panrepo: [ OK ] [ OK ] Remounting root filesystem in read-write mode: [ OK ] mount: can't find / in /etc/fstab or /etc/mtab Enabling /etc/fstab swaps: [ OK ] INIT: Entering runlevel: 3 Entering non-interactive startup Starting Networking: [ OK ] Starting system logger: [ OK ] Starting kernel logger: [ OK ] Starting portmap: [ OK ] Starting NFS statd: [ OK ] Starting panhttpd: [ OK ] Starting sshd: [ OK ] Starting ha-sshd: [ OK ] Starting xinetd: [ OK ] Starting ntpd: [ OK ] Starting NFS services: [ OK ] Starting NFS daemon: [ OK ] Starting NFS mountd: [ OK ] Starting PAN Software: [ OK ]
2) Select Factory Reset option
Welcome to the Maintenance Recovery Tool Welcome to maintenance mode. For support please contact Palo Alto Networks. 866-898-9087 or support@paloaltonetworks.com Welcome to the Maintenance Recovery Tool Factory Reset WARNING: Performing a factory reset will remove all logs and configuration. Using Image: (X) panos-4.1.6 < Factory Reset > < Advanced >
3) Factory reset starts
(X) panos-4.1.6 Percent Complete 0 % Factory Reset Status Factory Reset Status: Success
4) Reboot and login using admin admin
Bootstrapping [panos ] into partition "sysroot0" Installing packages into /mnt/swm/sysroot0/... Installing: glibc-2.9-4.pan Installing: zlib-1.2.3-3.pan Installing: libgcc-4.3.3-4.pan Installing: libstdc++-4.3.3-5.pan Installing: popt-1.12-1.pan Installing: chkconfig-1.3.30.1-2.pan Installing: mktemp-1.5-23.2.2 Installing: bzip2-libs-1.0.3-3.pan Installing: sed-4.1.5-5.pan INIT: Sending processes the TERM signal Stopping PAN Software: [ OK ] Shutting down NFS mountd: [ OK ] Shutting down NFS daemon: nfsd: last server has exited, flushing export cache [ OK ] Shutting down NFS services: [ OK ] Stopping ha-sshd: [ OK ] Stopping sshd: [ OK ] Stopping xinetd: [ OK ] Shutting down ntpd: [ OK ] Stopping NFS statd: [ OK ] Stopping portmap: [ OK ] Shutting down kernel logger: [ OK ] Shutting down system logger: [ OK ] Stopping Networking: SIOCGIFFLAGS: No such device [ OK ] Starting killall: [ OK ] Sending all processes the TERM signal... Sending all processes the KILL signal... Saving random seed: Syncing hardware clock to system time Unmounting pipe file systems: Unmounting file systems: Please stand by while rebooting the system... sd 0:0:0:0: [sda] Synchronizing SCSI cache Restarting system. Welcome to the PanOS Bootloader. U-Boot 4.1.6.0-7 (Build time: Apr 18 2012 - 22:20:45) BIST check passed. PEREGRINE board revision major:2, minor:1, serial #: 0006C112377 OCTEON CN5220-CP pass 2.0, Core clock: 500 MHz, DDR clock: 265 MHz (530 Mhz data rate) DRAM: 1024 MB Clearing DRAM........ done Using default environment Flash: 32 MB PCIe: Port 0 link active, 1 lanes Net: octeth0, octeth1, octeth2, octeth3 Bus 0 (CF Card): not available ata0: SATA max UDMA/133: lba 48 mode Model: WDC WD2503ABYX-01WERA1 Firm: 01.01S02 Ser#: WD-WMAYP4400518 Type: Hard Disk Supports 48-bit addressing Capacity: 239429.0 MB = 233.8 GB (490350672 x 512) USB: (port 1) No USB devices found. Autoboot to default partition in 5 seconds. Enter 'maint' to boot to maint partition. Allocating memory for ELF segment: addr: 0xffffffff81100000 (adjusted to: 0x1100000), size 0x984d80 ## Loading Linux kernel with entry point: 0xffffffff81105cd0 ... Bootloader: Done loading app on coremask: 0x3 Linux version 2.6.32.13-mp-4.1.6.0.7 (build@cobalt.paloaltonetworks.local) (gcc version 4.3.3 (Cavium Networks Version: 2_0_0 build 99) ) #2 SMP Wed Apr 18 23:09:37 PDT 2012 CVMSEG size: 2 cache lines (256 bytes) Cavium Networks SDK-2.0 bootconsole [early0] enabled CPU revision is: 000d0708 (Cavium Octeon+) Checking for the multiply/shift bug... no. Checking for the daddiu bug... no. Determined physical RAM map: memory: 0000000000046000 @ 00000000019da000 (usable after init) memory: 0000000006400000 @ 0000000001b00000 (usable) memory: 0000000007c00000 @ 0000000008200000 (usable) memory: 0000000020000000 @ 0000000020000000 (usable) memory: 000000000fc00000 @ 0000000410000000 (usable) INIT: version 2.86 booting Welcome to PanOS Setting clock (utc): Fri Jul 12 00:47:25 PDT 2013 [ OK ] Starting udev: [ OK ] Setting hostname 500: [ OK ] Checking filesystems: Running filesystem check on sysroot0: [ OK ] Running filesystem check on pancfg: [ OK ] Running filesystem check on panrepo: [ OK ] [ OK ] Remounting root filesystem in read-write mode: [ OK ] Enabling /etc/fstab swaps: [ OK ] INIT: Entering runlevel: 3 Entering non-interactive startup Starting Networking: [ OK ] Starting system logger: [ OK ] Starting kernel logger: [ OK ] Starting portmap: [ OK ] Starting NFS statd: [ OK ] Starting sshd: [ OK ] Starting ha-sshd: [ OK ] Starting xinetd: [ OK ] Starting ntpd: [ OK ] Starting NFS services: [ OK ] Starting NFS daemon: [ OK ] Starting NFS mountd: [ OK ] Starting PAN Software: [ OK ] 500 login: admin
6) I couldnt get the default password correct several times – don’t know why…but finally it worked
Login incorrect
login: admin
Password:
Login incorrect
login: Login timed out after 60 seconds
PA-HDF login: admin
Password:
Login incorrect
login: Login timed out after 60 seconds
PA-HDF login: admin
Password:
Warning: Your device is still configured with the default admin account credentials. Please change your password prior to deployment.
7) Enter configuration mode
admin@PA-500> configure
Entering configuration mode
[edit]
8) Set the devices management IP address
admin@PA-500# set deviceconfig system ip-address 10.2.232.3 netmask 255.255.255.0 default-gateway 10.2.232.1 dns-setting servers primary 10.1.200.3 secondary 10.1.200.5 [edit] admin@PA-500# commit .............55%...75%...98%..........100% Configuration committed successfully [edit]
9) Confirm connectivity
admin@PA-500> ping host 10.2.232.1 PING 10.2.232.1 (10.2.232.1) 56(84) bytes of data. 64 bytes from 10.2.232.1: icmp_seq=1 ttl=255 time=0.505 ms 64 bytes from 10.2.232.1: icmp_seq=2 ttl=255 time=0.465 ms 64 bytes from 10.2.232.1: icmp_seq=3 ttl=255 time=0.475 ms 64 bytes from 10.2.232.1: icmp_seq=4 ttl=255 time=0.472 ms 64 bytes from 10.2.232.1: icmp_seq=5 ttl=255 time=0.470 ms 64 bytes from 10.2.232.1: icmp_seq=6 ttl=255 time=0.477 ms 64 bytes from 10.2.232.1: icmp_seq=7 ttl=255 time=0.518 ms 64 bytes from 10.2.232.1: icmp_seq=8 ttl=255 time=0.458 ms ^C --- 10.2.232.1 ping statistics --- 8 packets transmitted, 8 received, 0% packet loss, time 6995ms rtt min/avg/max/mdev = 0.458/0.480/0.518/0.019 ms
CyberSecFaith 
After a factory reset, the CLI console prompt transitions through following prompts on a PA-500 before it is ready to accept admin/admin login:
1. 500 login:
2. PA-HDF login:
3. PA-500 login:
It is at prompt #3 (need to hit enter to check if the prompt changed), that the device is ready to accept the admin/admin username/password to allow login.
LikeLike