- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
07-09-2025 02:51 AM
I’d like to get your input on the following scenario:
We have two standalone firewalls, let’s refer to them as Firewall A and Firewall B. Firewall A has become defective and needs to be replaced. Since Firewall B has already been decommissioned, we plan to repurpose its hardware for Firewall A.
We attempted to restore Firewall A’s configuration backup to load on Firewall B’s hardware. However, it appears that the admin credentials were overwritten during the process.
Could you advise on the best approach to handle this situation, particularly regarding preserving or restoring the correct admin credentials?
Appreciate your guidance thank you!
07-09-2025 07:48 AM
Hi @NickodeAndresACN ,
The simple solution to the problem is for you to edit the administrator and manually type in the correct password after you load FW A configuration and before you commit.
I don't know exactly what you mean by "overwritten." How can the password be changed? The only reason that I can think of is that the master key may be different on both firewalls. https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/certificate-management/configure-the-mast...
The master key encrypts the password. If it is different, the new FW will not be able to decrypt it. In some cases, when I had to restore a FW configuration on new hardware I had to configure the master key 1st in order for OSPF keys and other items to be decrypted correctly.
Thanks,
Tom
07-09-2025 04:25 AM
can you try below few options
Console Access: Connect directly to Firewall B's console port with a serial cable and a terminal emulator.
Password Recovery: Consult Firewall B's specific vendor documentation for the exact password recovery or reset procedure. This typically involves interrupting the boot process (e.g., pressing Esc
, Ctrl+C
) to enter a maintenance mode and then resetting or changing the admin password.
Login and Reconfigure: Once you've regained access, log in.
Option 1 (Recommended): If parts of Firewall A's config are visible, manually re-create the admin users on Firewall B. Then, import or paste only the necessary network/security configurations (excluding user accounts) from Firewall A's backup.
Option 2 (If Option 1 fails): Perform a factory reset on Firewall B. Then, attempt a full restore of Firewall A's backup, being ready to re-do the console password reset if credentials are lost again.
07-09-2025 07:48 AM
Hi @NickodeAndresACN ,
The simple solution to the problem is for you to edit the administrator and manually type in the correct password after you load FW A configuration and before you commit.
I don't know exactly what you mean by "overwritten." How can the password be changed? The only reason that I can think of is that the master key may be different on both firewalls. https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/certificate-management/configure-the-mast...
The master key encrypts the password. If it is different, the new FW will not be able to decrypt it. In some cases, when I had to restore a FW configuration on new hardware I had to configure the master key 1st in order for OSPF keys and other items to be decrypted correctly.
Thanks,
Tom
07-09-2025 08:38 PM
Thanks Sir! I will try this solution
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!