Bluecoat Knowledge Base

1 of 7

https://kb.bluecoat.com/index?page=content&id=KB3377&pmv=p...

Solutions
How do I reset the console user or enable password on the ProxySG?
Solutions
ID:
Version:
Status:
Published
date:
Updated:

KB3377
8.0
Published
09/09/2009
06/10/2011

Applies Configuration / WUI / CLI (index?page=content&channel=SOLUTIONS&cat=CONFIGURATION_WUI_CLI) ,

To: Hardware (index?page=content&channel=SOLUTIONS&cat=HARDWARE) , Installation / Configuration
(index?page=content&channel=SOLUTIONS&cat=INSTALLATION_CONFIGURATION) , Upgrade / Maintenance
(index?page=content&channel=SOLUTIONS&cat=MAINTENANCE) , Operating System (index?page=content&
channel=SOLUTIONS&cat=OPERATING_SYSTEM) , Usability (index?page=content&channel=SOLUTIONS&cat=USABILITY) ,
SGOS 5 (index?page=content&channel=SOLUTIONS&cat=SGOS_5) , SGOS 4 (index?page=content&channel=SOLUTIONS&
cat=SGOS_4) , ProxySG (index?page=content&channel=SOLUTIONS&cat=PROXYSG)

Problem Description
How do I reset the enable password on the ProxySG?
I forgot my enable password. How do I reset the enable password.
How do I recover from a forgotten enable password?
How do I reset the console user password?

Resolution
In order to reset the enable password on the ProxySG, you will need to have
physical access to the ProxySG itself. Depending on the model of the ProxySG, you
may have an LCD screen where you can make changes. If you do not have an LCD
screen, you will need a null modem cable to make your changes. This document will
describe the changes necessary for both methods.
LCD SCREEN METHOD:

05/23/2013 2:45 PM

Bluecoat Knowledge Base

2 of 7

https://kb.bluecoat.com/index?page=content&id=KB3377&pmv=p...

To configure the ProxySG using the front panel:

1.) Connect the ProxySG to power and toggle the power switch (on models without
power switches, the appliance will power on immediately).
2.) When the boot cycle finishes, the LCD displays IP address not configured. Press
any button to display configuration options and enter Configure mode (the
LCD displays "Setup Mode? Manual").
3.) Press the Down button to display the IP address.
4.) Press the Enter button to enter Edit mode (cursor changes to a blinking box).
5.) Using the right and left buttons, position the cursor over the characters and
press the up or down buttons to change them.
6.) When finished, press the Enter button to save changes and return to Configure
mode.
7.) Repeat steps 4 through 6 to specify the subnet mask, gateway address,
DNS address, console password, and enable password.
8.) When the LCD reads "Console Password: Push to set", press the Enter button to
display an auto-generated password. Either write down this password (you can
change it later in the Management Console), or press the Enter button again to
change it now. You will need this password to log on to the appliance.
NOTE: Please write down the password.
9.) Optional: Secure the serial console port with a password.

SERIAL PORT METHOD:

You will need a nine (9) pin null modem cable to connect to the serial console on
the ProxySG. Make sure the cable is connected to the ProxySG and to your laptop
or desktop. Make sure your serial connection has the following settings:
Bits per second (bps): 9600
Data bit: 8
Parity: None
Stop bits: 1
Flow control: None
Emulation: VT100

You can use Hyperterminal, PuTTY, or any other third-party terminal emulation
software that can connect via the serial port.
Once connected via the serial port, press the "Enter" key three times to activate the

05/23/2013 2:45 PM

Bluecoat Knowledge Base

3 of 7

https://kb.bluecoat.com/index?page=content&id=KB3377&pmv=p...

serial console. A menu similar to the following will appear:

Welcome to the SG Appliance Serial Console
Version: SGOS 5.4.2.2, Release id: 41580
------------------------- MENU ----------------------------1) Command Line Interface
2) Setup Console
-----------------------------------------------------------Enter option:

Please select option 2) Setup Console and follow the steps to setup the console.
There will be an option to setup the console user and the enable password. That is
where you will enter the new password to replace the unknown or forgotten
password. Please see the ADDITIONAL INFORMATION section below to see an
example of what this will look like. NOTE: The menu may change with
SGOS versions. Your screens may differ depending on what version of SGOS you
are running.
NOTE: Blue Coat recommends that the ProxySG be located in a secure
environment so unauthorized access does not occur. If the ProxySG is not able to
be located in a secure location, it is possible to place a password on the serial
console so the unauthorized access risk can be mitigated. However, if the serial
console password is forgotten, it may be necessary to RMA the ProxySG in order to
restore serial console access. So be careful about placing a password on your serial
console.

BLUE COAT DIRECTOR METHOD :

Via director, via the Configure tab, Right click on the device and then select "Set
passwords"
From there you will be able to change the enable password.

05/23/2013 2:45 PM

Bluecoat Knowledge Base

4 of 7

https://kb.bluecoat.com/index?page=content&id=KB3377&pmv=p...

With SSH access restored, you can restore the box to factory defaults, and then
push the configuration again with Director.

ADDITIONAL INFORMATION:
Here is what the output looks like when running SGOS 5.4.4.1 and you are changing
the enable password. You menu may change depending on what version of SGOS
you are running. Please note that the section regarding the admin and enable
passwords is marked in red below.

Management Console started

Welcome to the SG Appliance Serial Console
Version: SGOS 5.4.4.1, Release id: 45872
------------------------- MENU ----------------------------1) Command Line Interface
2) Setup Console
-----------------------------------------------------------Enter option:

(Select Option 2 here - Setup Console)

Welcome to the Blue Coat ProxySG 210-25 configuration wizard.

This appliance's serial number: XxXxXxXxXx

--------------------------------------------------------------------You can get field help by entering a question mark ? in the fields.
You can move backwards through the steps by pressing the UP arrow.
You can exit the wizard without saving your entries by pressing
ESC.
--------------------------------------------------------------------Step 1: How do you plan to configure this appliance?

05/23/2013 2:45 PM

Bluecoat Knowledge Base

5 of 7

https://kb.bluecoat.com/index?page=content&id=KB3377&pmv=p...

a) Through a manual setup

b) Through a Director-managed setup
Your choice: [a] a
Step 2: Which solution would you like to implement?
a) Acceleration
b) Other solution
Your choice: [b] b

Welcome to the SG Appliance Setup Console

---------------------- (page 1 of 4) --------------------Press <ESC> at any time to return to the main menu

Setup mode: Manual

DIRECTIONS:
Please enter the IP addresses for the SG Appliance.
The following interface will be configured:
1. Bridge passthru-0 (WAN: link, LAN: link)

Is the IP address to be configured on a non-native VLAN? (Y/N) [No] No

IP address [xx.xx.xx.xx]:
IP subnet mask [yy.yy.yy.yy]:
IP gateway [zz.zz.zz.zz]:
DNS server [dd.dd.dd.dd]:
You have entered the following IP addresses:
IP address: xx.xx.xx.xx
IP subnet mask: yy.yy.yy.yy
IP gateway: zz.zz.zz.zz
DNS server: dd.dd.dd.dd
Would you like to change any of them? Y/N [No]

---------------------- (page 2 of 4) ---------------------

05/23/2013 2:45 PM

Bluecoat Knowledge Base

6 of 7

https://kb.bluecoat.com/index?page=content&id=KB3377&pmv=p...

Press <ESC> at any time to return to the main menu

DIRECTIONS:
The console username, password and enable password
are special administrative credentials which can be used to log in
to the command line interface or web management interface.
Would you like to change the console user account now? Y/N [No] Yes

Enter console username [admin]:

Enter console password:
Verify console password:
Enter enable password:
Verify enable password:
DIRECTIONS:
When the serial port is secured, access via the serial port must be
authenticated.
A setup password is required to gain access to the Setup Console and
administrative credentials are required to access the command line
interface.

Do you want to secure the serial port? Y/N [Yes] N

---------------------- (page 3 of 4) --------------------Press <ESC> at any time to return to the main menu
DIRECTIONS:
The console username and password are special:
they can be used to log in to the CLI or Web Management interface
even in circumstances where this is denied by VPM or CPL policy.
This makes the console account useful in emergencies,
as a way to log in when policy is broken,
but it may also create a security hole.
To close the security hole, we recommend that you restrict the use
of the console account to specific workstations,
identified by their IP address.
This dialog allows you to add one IP address to the list of

05/23/2013 2:45 PM

Bluecoat Knowledge Base

7 of 7

https://kb.bluecoat.com/index?page=content&id=KB3377&pmv=p...

workstations that are authorized to use the console account.

(This same list is also used to restrict
which workstations can use SSH with RSA authentication.)
Additional workstations may be configured later,
from the command line interface or the Web interface.
The console account can currently be used only from
authorized workstations.
Would you like to add another authorized workstation? Y/N [No]

---------------------- (page 4 of 4) --------------------DIRECTIONS:

The SG Appliance has been successfully configured
to use IP address: "xx.xx.xx.xx"
You can connect to the command line interface or
Web interface to perform additional management tasks.
To connect to the command line interface, open the
following location from your SSH application:
xx.xx.xx.xx
To connect to the Web management interface,
go to the following location with your web browser:
https://xx.xx.xx.xx:8082/
---------------- CONFIGURATION COMPLETE -----------------Press "enter" three times to activate the serial console

Copyright 2013 Blue Coat Systems, Inc.

05/23/2013 2:45 PM