Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1641
Views
5
Helpful
5
Replies

Question about running sfr do password-reset

Go to solution
manofsteel03
Level 1
Level 1

‎05-19-2022 02:24 AM

Currently we have a pair of ASA5525 with SFR setup in High Availability mode but have forgotten what the SRF password is.
We understand that in order to reset the password on the SFR you login to the ASA and then run the command session sfr do password-reset. My question is, if you do this on the Primary ASA, will it copy the new password over to the secondary or does this have to be performed manually on each device? Also, does changing the password affect any other operations on the device itself that we need to be aware of?

 

Thx in Advance.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-24-2022 11:03 AM

@manofsteel03 the sfr (Firepower) modules have no awareness of each other and operate as independent devices. That applies whether the ASAs are in an HA pair, cluster or otherwise.

So you have to run the command on each ASA for which you need to reset the password. No data plane or other user traffic will be affected by doing this.

View solution in original post

5 Replies 5

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎05-19-2022 02:49 AM

I do not recollect correctly, doing primary should be replicated to secondary i guess.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-24-2022 11:03 AM

@manofsteel03 the sfr (Firepower) modules have no awareness of each other and operate as independent devices. That applies whether the ASAs are in an HA pair, cluster or otherwise.

So you have to run the command on each ASA for which you need to reset the password. No data plane or other user traffic will be affected by doing this.

Go to solution
manofsteel03
Level 1
Level 1
In response to Marvin Rhoads

‎06-23-2022 10:14 AM

I decided to run the command session sfr do password-reset on the appliance. Got no error messages after hitting the Enter key. Now when I run session sfr console it then asks for login. I enter admin (as well as Admin) as the username but I get a response Login Incorrect. This is a ASA5555-X unit. Any other username it would default to?

 

Thx in advance for any help given.

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to manofsteel03

‎06-23-2022 11:44 AM

The default is username admin with password Admin123. The admin username is built-in and cannot be deleted. I suppose somebody could have went into the expert (OS level) prompt and really performed unsupported command to change that but under normal operations it should always be available. If all else fails, you can reimage the module.

0 Helpful

Go to solution
manofsteel03
Level 1
Level 1

‎06-22-2022 10:13 PM

Thx for the info. Greatly appreciated.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card