Solutions

How do I reset the console user or enable password on the ProxySG?

Solutions ID:    KB3377
Version:    8.0
Status:    Published
Published date:    09/09/2009
Updated:    06/10/2011
 

Problem Description

How do I reset the enable password on the ProxySG?
I forgot my enable password.  How do I reset the enable password.
How do I recover from a forgotten enable password?
How do I reset the console user password?

Resolution

In order to reset the enable password on the ProxySG, you will need to have physical access to the ProxySG itself.  Depending on the model of the ProxySG, you may have an LCD screen where you can make changes.  If you do not have an LCD screen, you will need a null modem cable to make your changes.  This document will describe the changes necessary for both methods.

LCD SCREEN METHOD:

To configure the ProxySG using the front panel:

1.)  Connect the ProxySG to power and toggle the power switch (on models without power switches, the appliance will power on immediately).
2.)  When the boot cycle finishes, the LCD displays IP address not configured.  Press any button to display configuration options and enter Configure mode (the LCD displays "Setup Mode?  Manual").
3.)  Press the Down button to display the IP address.
4.)  Press the Enter button to enter Edit mode (cursor changes to a blinking box).
5.)  Using the right and left buttons, position the cursor over the characters and press the up or down buttons to change them.
6.)  When finished, press the Enter button to save changes and return to Configure mode.
7.)  Repeat steps 4 through 6 to specify the subnet mask, gateway address, DNS address, console password, and enable password.
8.)  When the LCD reads "Console Password: Push to set", press the Enter button to display an auto-generated password.  Either write down this password (you can change it later in the Management Console), or press the Enter button again to change it now.  You will need this password to log on to the appliance.  NOTE:  Please write down the password.
9.)  Optional:  Secure the serial console port with a password.

 

SERIAL PORT METHOD:

You will need a nine (9) pin null modem cable to connect to the serial console on the ProxySG.  Make sure the cable is connected to the ProxySG and to your laptop or desktop.  Make sure your serial connection has the following settings:

  • Bits per second (bps):  9600
  • Data bit:  8
  • Parity:  None
  • Stop bits:  1
  • Flow control:  None
  • Emulation:  VT100


You can use Hyperterminal, PuTTY, or any other third-party terminal emulation software that can connect via the serial port.

Once connected via the serial port, press the "Enter" key three times to activate the serial console.  A menu similar to the following will appear:
 

       Welcome to the SG Appliance Serial Console

         Version: SGOS 5.4.2.2, Release id: 41580

------------------------- MENU -----------------------------

1) Command Line Interface
2) Setup Console

------------------------------------------------------------

Enter option:

 

Please select option 2) Setup Console and follow the steps to setup the console.  There will be an option to setup the console user and the enable password.  That is where you will enter the new password to replace the unknown or forgotten password.  Please see the ADDITIONAL INFORMATION section below to see an example of what this will look like.  NOTE:  The menu may change with SGOS versions.  Your screens may differ depending on what version of SGOS you are running.

NOTE:  Blue Coat recommends that the ProxySG be located in a secure environment so unauthorized access does not occur.  If the ProxySG is not able to be located in a secure location, it is possible to place a password on the serial console so the unauthorized access risk can be mitigated.  However, if the serial console password is forgotten, it may be necessary to RMA the ProxySG in order to restore serial console access.  So be careful about placing a password on your serial console.

 

 

BLUE COAT DIRECTOR METHOD :

Via director, via the Configure tab, Right click on the device and then select "Set passwords"
From there you will be able to change the enable password.

With SSH access restored, you can restore the box to factory defaults, and then push the configuration again with Director.
 

 

 

ADDITIONAL INFORMATION:

Here is what the output looks like when running SGOS 5.4.4.1 and you are changing the enable password.  You menu may change depending on what version of SGOS you are running.  Please note that the section regarding the admin and enable passwords is marked in red below.

 

Management Console started

       Welcome to the SG Appliance Serial Console

         Version: SGOS 5.4.4.1, Release id: 45872

------------------------- MENU -----------------------------

1) Command Line Interface
2) Setup Console

------------------------------------------------------------

Enter option:    (Select Option 2 here - Setup Console)

 

Welcome to the Blue Coat ProxySG 210-25 configuration wizard.
This appliance's serial number: XxXxXxXxXx

     ---------------------------------------------------------------------
     You can get field help by entering a question mark ? in the fields.
     You can move backwards through the steps by pressing the UP arrow.
     You can exit the wizard without saving your entries by pressing ESC.
     ---------------------------------------------------------------------

Step 1: How do you plan to configure this appliance?
     a) Through a manual setup
     b) Through a Director-managed setup
        Your choice: [a] a

Step 2: Which solution would you like to implement?
     a) Acceleration
     b) Other solution
        Your choice: [b] b

 

Welcome to the SG Appliance Setup Console

---------------------- (page 1 of 4) ---------------------

    Press <ESC> at any time to return to the main menu


Setup mode: Manual

 

DIRECTIONS:

    Please enter the IP addresses for the SG Appliance.
    The following interface will be configured:
        1. Bridge passthru-0 (WAN: link, LAN: link)


Is the IP address to be configured on a non-native VLAN? (Y/N) [No] No
IP address [xx.xx.xx.xx]:
IP subnet mask [yy.yy.yy.yy]:
IP gateway [zz.zz.zz.zz]:
DNS server [dd.dd.dd.dd]:

You have entered the following IP addresses:

IP address: xx.xx.xx.xx
IP subnet mask: yy.yy.yy.yy
IP gateway: zz.zz.zz.zz
DNS server: dd.dd.dd.dd

Would you like to change any of them? Y/N [No]

 


---------------------- (page 2 of 4) ---------------------

    Press <ESC> at any time to return to the main menu

DIRECTIONS:

    The console username, password and enable password
    are special administrative credentials which can be used to log in
    to the command line interface or web management interface.

Would you like to change the console user account now? Y/N [No] Yes


Enter console username [admin]:
Enter console password:
Verify console password:
Enter enable password:
Verify enable password:

DIRECTIONS:

    When the serial port is secured, access via the serial port must be authenticated.
    A setup password is required to gain access to the Setup Console and
    administrative credentials are required to access the command line interface.


Do you want to secure the serial port? Y/N [Yes] N

 


---------------------- (page 3 of 4) ---------------------

    Press <ESC> at any time to return to the main menu

DIRECTIONS:

    The console username and password are special:
    they can be used to log in to the CLI or Web Management interface
    even in circumstances where this is denied by VPM or CPL policy.
    This makes the console account useful in emergencies,
    as a way to log in when policy is broken,
    but it may also create a security hole.

    To close the security hole, we recommend that you restrict the use
    of the console account to specific workstations,
    identified by their IP address.

    This dialog allows you to add one IP address to the list of
    workstations that are authorized to use the console account.
    (This same list is also used to restrict
    which workstations can use SSH with RSA authentication.)
    Additional workstations may be configured later,
    from the command line interface or the Web interface.

        The console account can currently be used only from
        authorized workstations.

Would you like to add another authorized workstation? Y/N [No]

 


---------------------- (page 4 of 4) ---------------------

DIRECTIONS:

        The SG Appliance has been successfully configured
        to use IP address: "xx.xx.xx.xx"

        You can connect to the command line interface or
        Web interface to perform additional management tasks.

        To connect to the command line interface, open the
        following location from your SSH application:
        xx.xx.xx.xx

        To connect to the Web management interface,
        go to the following location with your web browser:
        https://xx.xx.xx.xx:8082/

---------------- CONFIGURATION COMPLETE ------------------

Press "enter" three times to activate the serial console

 


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question