05-19-2022 02:24 AM
Currently we have a pair of ASA5525 with SFR setup in High Availability mode but have forgotten what the SRF password is.
We understand that in order to reset the password on the SFR you login to the ASA and then run the command session sfr do password-reset. My question is, if you do this on the Primary ASA, will it copy the new password over to the secondary or does this have to be performed manually on each device? Also, does changing the password affect any other operations on the device itself that we need to be aware of?
Thx in Advance.
Solved! Go to Solution.
05-24-2022 11:03 AM
@manofsteel03 the sfr (Firepower) modules have no awareness of each other and operate as independent devices. That applies whether the ASAs are in an HA pair, cluster or otherwise.
So you have to run the command on each ASA for which you need to reset the password. No data plane or other user traffic will be affected by doing this.
05-19-2022 02:49 AM
I do not recollect correctly, doing primary should be replicated to secondary i guess.
05-24-2022 11:03 AM
@manofsteel03 the sfr (Firepower) modules have no awareness of each other and operate as independent devices. That applies whether the ASAs are in an HA pair, cluster or otherwise.
So you have to run the command on each ASA for which you need to reset the password. No data plane or other user traffic will be affected by doing this.
06-23-2022 10:14 AM
I decided to run the command session sfr do password-reset on the appliance. Got no error messages after hitting the Enter key. Now when I run session sfr console it then asks for login. I enter admin (as well as Admin) as the username but I get a response Login Incorrect. This is a ASA5555-X unit. Any other username it would default to?
Thx in advance for any help given.
06-23-2022 11:44 AM
The default is username admin with password Admin123. The admin username is built-in and cannot be deleted. I suppose somebody could have went into the expert (OS level) prompt and really performed unsupported command to change that but under normal operations it should always be available. If all else fails, you can reimage the module.
06-22-2022 10:13 PM
Thx for the info. Greatly appreciated.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide