Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
846
Views
0
Helpful
0
Comments

How to clear the configuration on a PIX Firewall

TCC_2
Level 10
Level 10

‎06-22-2009 05:08 PM - edited ‎03-08-2019 06:22 PM

Core issue

There are circumstances that administrators face where an out-of-the-box PIX Firewall is necessary.  At these times, administrators may need to remove the existing configuration from a pre-configured PIX.

Resolution

Sometimes it is necessary to clear an existing configuration on a PIX to either move it to a new location for a different use or to make it perform properly. In either case, it is important to understand the command necessary to do this and the impact that it has on performance.

Before you begin this process on an active network, save the existing configuration on your PIX to a TFTP server. This allows you to retrieve the configuration file if needed.

When the write erase command is issued to the PIX, the existing configuration that is saved to memory, NVRAM, is deleted. However, until the PIX is reloaded, it continues to perform using that configuration. Once the PIX is reloaded, the configuration returns to this set of default commands:

  • nameif ethernet0 outside security0
  • nameif ethernet1 inside security100
  • enable password 8Ry2YjIyt7RRXU24 encrypted
  • passwd 2KFQnbNIdI.2KYOU encrypted
  • hostname pixfirewall
  • fixup protocol ftp 21
  • fixup protocol http 80
  • fixup protocol h323 h225 1720
  • fixup protocol h323 ras 1718-1719
  • fixup protocol ils 389
  • fixup protocol rsh 514
  • fixup protocol rtsp 554
  • fixup protocol smtp 25
  • fixup protocol sqlnet 1521
  • fixup protocol sip 5060
  • fixup protocol skinny 2000
  • names
  • no pager
  • interface ethernet0 10full
  • interface ethernet1 10full
  • mtu outside 1500
  • mtu inside 1500
  • ip address outside 127.0.0.1 255.255.255.255
  • ip address inside 127.0.0.1 255.255.255.255
  • ip audit info action alarm
  • ip audit attack action alarm
  • pdm history enable
  • arp timeout 14400
  • timeout xlate 3:00:00
  • timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323
  • 0:05:00 si
  • p 0:30:00 sip_media 0:02:00
  • timeout uauth 0:05:00 absolute
  • aaa-server TACACS+ protocol tacacs+
  • aaa-server RADIUS protocol radius
  • aaa-server LOCAL protocol local
  • no snmp-server location
  • no snmp-server contact
  • snmp-server community public
  • no snmp-server enable traps
  • floodguard enable
  • no sysopt route dnat
  • telnet timeout 5
  • ssh timeout 5
  • terminal width 80

Only the password commands remain. This allows you continued access into the device. If the passwords are unknown, a password recovery is necessary. At this point, a specific configuration can be made.

Use the PIX Password Utility to reset the password in the configuration. For details and step-by-step instructions, refer to Password Recovery and AAA Configuration Recovery Procedure for the PIX.

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents