Reset the console user or enable password on Edge SWG (ProxySG)
search cancel

Reset the console user or enable password on Edge SWG (ProxySG)

book

Article ID: 166160

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

You need to reset the console user or enable password on Edge SWG (ProxySG) or Advanced Secure Gateway (ASG).

Resolution

To reset the enable password on the Edge SWG (ProxySG), you need physical access to the proxy appliance itself and will need a null modem cable to make changes.

Serial port method

You need a 9-pin null modem cable to connect to the serial console on the Edge SWG (ProxySG) appliance. Make sure the cable is connected to the Edge SWG (ProxySG) and to your laptop or desktop.

Make sure your serial connection has the following settings:

  • Bits per second (bps):  9600
  • Data bit:  8
  • Parity:  None
  • Stop bits:  1
  • Flow control:  None
  • Emulation:  VT100

You can use Hyperterminal, PuTTY, or any other third-party terminal emulation software that can connect via the serial port.

Once connected via the serial port, press the Enter button three times to activate the serial console. A menu similar to the following appears:

       Welcome to the SG Appliance Serial Console

------------------------- MENU -----------------------------

1) Command Line Interface
2) Setup Console

------------------------------------------------------------

Enter option:

Select "2 Setup Console" and follow the steps to set up the console. There is an option to set up the console user and the enable password.  This is where you enter the new password to replace the unknown or forgotten password.

See the Additional information section below for an example of what this looks like.

Notes:

  • The menu may change with SGOS versions.  Your screens may differ depending on what version of SGOS you are running.
  • Symantec recommends that you locate the Edge SWG (ProxySG) appliance in a secure environment so that unauthorized access does not occur.  If you cannot locate the Edge SWG (ProxySG) appliance in a secure location, it is possible to place a password on the serial console so the unauthorized access risk can be mitigated.  However, if the serial console password is forgotten, it may be necessary to RMA the Edge SWG (ProxySG) in order to restore serial console access.  So be careful about placing a password on your serial console.

Additional information

Here is what the output looks like when running SGOS and you are changing the enable password. Your menu may change depending on what version of SGOS you are running.

Note: The section regarding the admin and enable passwords is marked in the color red below.

Management Console started

       Welcome to the SG Appliance Serial Console

------------------------- MENU -----------------------------

1) Command Line Interface
2) Setup Console

------------------------------------------------------------

Enter option:    (Select Option 2 here - Setup Console)

Welcome to the Blue Coat ProxySG 210-25 configuration wizard.
This appliance's serial number: XxXxXxXxXx

     ---------------------------------------------------------------------
     You can get field help by entering a question mark ? in the fields.
     You can move backwards through the steps by pressing the UP arrow.
     You can exit the wizard without saving your entries by pressing ESC.
     ---------------------------------------------------------------------

Step 1: How do you plan to configure this appliance?
     a) Through a manual setup
     b) Through a Director-managed setup
        Your choice: [a] a

Step 2: Which solution would you like to implement?
     a) Acceleration
     b) Other solution
        Your choice: [b] b

Welcome to the SG Appliance Setup Console

---------------------- (page 1 of 4) ---------------------

    Press <ESC> at any time to return to the main menu

Setup mode: Manual

DIRECTIONS:

    Please enter the IP addresses for the SG Appliance.
    The following interface will be configured:
        1. Bridge passthru-0 (WAN: link, LAN: link)

Is the IP address to be configured on a non-native VLAN? (Y/N) [No] No
IP address [xx.xx.xx.xx]:
IP subnet mask [yy.yy.yy.yy]:
IP gateway [zz.zz.zz.zz]:
DNS server [dd.dd.dd.dd]:

You have entered the following IP addresses:

IP address: xx.xx.xx.xx
IP subnet mask: yy.yy.yy.yy
IP gateway: zz.zz.zz.zz
DNS server: dd.dd.dd.dd

Would you like to change any of them? Y/N [No]


---------------------- (page 2 of 4) ---------------------

    Press <ESC> at any time to return to the main menu

DIRECTIONS:

    The console username, password and enable password
    are special administrative credentials which can be used to log in
    to the command line interface or web management interface.

Would you like to change the console user account now? Y/N [No] Yes


Enter console username [admin]:
Enter console password:
Verify console password:
Enter enable password:
Verify enable password:

DIRECTIONS:

    When the serial port is secured, access via the serial port must be authenticated.
    A setup password is required to gain access to the Setup Console and
    administrative credentials are required to access the command line interface.


Do you want to secure the serial port? Y/N [Yes] N


---------------------- (page 3 of 4) ---------------------

    Press <ESC> at any time to return to the main menu

DIRECTIONS:

    The console username and password are special:
    they can be used to log in to the CLI or Web Management interface
    even in circumstances where this is denied by VPM or CPL policy.
    This makes the console account useful in emergencies,
    as a way to log in when policy is broken,
    but it may also create a security hole.

    To close the security hole, we recommend that you restrict the use
    of the console account to specific workstations,
    identified by their IP address.

    This dialog allows you to add one IP address to the list of
    workstations that are authorized to use the console account.
    (This same list is also used to restrict
    which workstations can use SSH with RSA authentication.)
    Additional workstations may be configured later,
    from the command line interface or the Web interface.

        The console account can currently be used only from
        authorized workstations.

Would you like to add another authorized workstation? Y/N [No]


---------------------- (page 4 of 4) ---------------------

DIRECTIONS:

        The SG Appliance has been successfully configured
        to use IP address: "xx.xx.xx.xx"

        You can connect to the command line interface or
        Web interface to perform additional management tasks.

        To connect to the command line interface, open the
        following location from your SSH application:
        xx.xx.xx.xx

        To connect to the Web management interface,
        go to the following location with your web browser:
        https://xx.xx.xx.xx:8082/

---------------- CONFIGURATION COMPLETE ------------------

Press "enter" three times to activate the serial console