Professional Documents
Culture Documents
Bluecoat Proxy SG - Password Recovery
Bluecoat Proxy SG - Password Recovery
1 of 7
https://kb.bluecoat.com/index?page=content&id=KB3377&pmv=p...
Solutions
How do I reset the console user or enable password on the ProxySG?
Solutions
ID:
Version:
Status:
Published
date:
Updated:
KB3377
8.0
Published
09/09/2009
06/10/2011
Problem Description
How do I reset the enable password on the ProxySG?
I forgot my enable password. How do I reset the enable password.
How do I recover from a forgotten enable password?
How do I reset the console user password?
Resolution
In order to reset the enable password on the ProxySG, you will need to have
physical access to the ProxySG itself. Depending on the model of the ProxySG, you
may have an LCD screen where you can make changes. If you do not have an LCD
screen, you will need a null modem cable to make your changes. This document will
describe the changes necessary for both methods.
LCD SCREEN METHOD:
05/23/2013 2:45 PM
2 of 7
https://kb.bluecoat.com/index?page=content&id=KB3377&pmv=p...
You can use Hyperterminal, PuTTY, or any other third-party terminal emulation
software that can connect via the serial port.
Once connected via the serial port, press the "Enter" key three times to activate the
05/23/2013 2:45 PM
3 of 7
https://kb.bluecoat.com/index?page=content&id=KB3377&pmv=p...
Please select option 2) Setup Console and follow the steps to setup the console.
There will be an option to setup the console user and the enable password. That is
where you will enter the new password to replace the unknown or forgotten
password. Please see the ADDITIONAL INFORMATION section below to see an
example of what this will look like. NOTE: The menu may change with
SGOS versions. Your screens may differ depending on what version of SGOS you
are running.
NOTE: Blue Coat recommends that the ProxySG be located in a secure
environment so unauthorized access does not occur. If the ProxySG is not able to
be located in a secure location, it is possible to place a password on the serial
console so the unauthorized access risk can be mitigated. However, if the serial
console password is forgotten, it may be necessary to RMA the ProxySG in order to
restore serial console access. So be careful about placing a password on your serial
console.
05/23/2013 2:45 PM
4 of 7
https://kb.bluecoat.com/index?page=content&id=KB3377&pmv=p...
With SSH access restored, you can restore the box to factory defaults, and then
push the configuration again with Director.
ADDITIONAL INFORMATION:
Here is what the output looks like when running SGOS 5.4.4.1 and you are changing
the enable password. You menu may change depending on what version of SGOS
you are running. Please note that the section regarding the admin and enable
passwords is marked in red below.
--------------------------------------------------------------------You can get field help by entering a question mark ? in the fields.
You can move backwards through the steps by pressing the UP arrow.
You can exit the wizard without saving your entries by pressing
ESC.
--------------------------------------------------------------------Step 1: How do you plan to configure this appliance?
05/23/2013 2:45 PM
5 of 7
https://kb.bluecoat.com/index?page=content&id=KB3377&pmv=p...
DIRECTIONS:
Please enter the IP addresses for the SG Appliance.
The following interface will be configured:
1. Bridge passthru-0 (WAN: link, LAN: link)
05/23/2013 2:45 PM
6 of 7
https://kb.bluecoat.com/index?page=content&id=KB3377&pmv=p...
---------------------- (page 3 of 4) --------------------Press <ESC> at any time to return to the main menu
DIRECTIONS:
The console username and password are special:
they can be used to log in to the CLI or Web Management interface
even in circumstances where this is denied by VPM or CPL policy.
This makes the console account useful in emergencies,
as a way to log in when policy is broken,
but it may also create a security hole.
To close the security hole, we recommend that you restrict the use
of the console account to specific workstations,
identified by their IP address.
This dialog allows you to add one IP address to the list of
05/23/2013 2:45 PM
7 of 7
https://kb.bluecoat.com/index?page=content&id=KB3377&pmv=p...
05/23/2013 2:45 PM