This document describes how to reset a Cisco Email Security Appliance (ESA), Cisco Security Management Appliance (SMA), or Cisco Web Security Appliance (WSA) to the factory default configuration.
Reset the ESA/SMA/WSA to the Factory Default Configuration
At times, a customer might request to have an appliance reset back to the factory default configuration. Usually, this is requested after an appliance evaluation is complete, or a customer returns a replaced appliance for Return Material Authorization (RMA) or upgrade reasons. Thus, the need to reset the appliance back to the factory default configuration might be requested in order to remove any customer information.
Caution: The commands that are described in this document return all of the network settings to the factory defaults, which potentially disconnects you from the CLI, disables services that you used in order to connect to the appliance (such as File Transfer Protocol (FTP), Telnet, Secure Shell (SSH), HTTP, and HTTPS), and even removes the additional user accounts that you created with the userconfig command. Do not use these commands if you are not able to reconnect to the CLI via the Serial interface or the default settings on the Management port through the default Admin user account.
The use of these commands also removes all of the available versions of AsyncOS that might still be accessible via the revert command. The only version of AsyncOS that remains is the revision that currently runs. IMPORTANT: The revert command wipes everything from the appliance: The ESA's REVERT command reverts the appliance to a previous version of AsyncOS.
WARNING: It is extremely destructive to revert the appliance. This data is destroyed in the process: - all configuration settings (includes listeners) - all log files - all databases (includes messages in Virus Outbreak and Policy quarantines) - all reporting data (includes saved scheduled reports) - all message tracking data - all IronPort Spam Quarantine message and end-user safelist/blocklist data
Only the network settings are preserved.
Before you run this command, be sure you have: - saved the configuration file of this appliance (with passwords unmasked) - exported the IronPort Spam Quarantine safelist/blocklist database to another machine (if applicable) - waited for the mail queue to empty
If you revert the device, an immediate reboot takes place. After a reboot, the appliance reinitializes itself and reboots again to the desired version.
Caution: WSA Revert Command
This command reverts the appliance to a previous version of AsyncOS.
WARNING: It is extremely destructive to revert the appliance. This data is destroyed in the process and should be backed up: - current system configuration file - all log files - all reporting data (includes saved scheduled and archived reports) - any custom end user notification pages This command tries to preserve the current network settings.
If you revert the device, an immediate reboot takes place. After a reboot, the appliance reinitializes itself and reboots again to the desired version, with the earlier system configuration.
Tip: Before you continue, Cisco recommends that you run the saveconfig or mailconfig command in order to retain a copy of the current appliance configuration, if needed. The appliance configuration is removed upon a successful reset and cannot be recovered.
Complete these steps in order to return a Cisco ESA or SMA to the original factory default configuration:
Note: Cisco recommends that you have console access to the appliance before you run the systemsetup command in order to remove any network configuration.
Enter the diagnostic command on the ESA or SMA, and then choose the RELOAD operation.
Enter Y when prompted whether you would like to continue, and then enter Y again in order to complete the process.
This process resets the appliance configuration, and all of the customer data (such as the configuration, logs, reporting, and user information) is removed. At this time, the admin password is reverted to the default ironport:
Choose the operation you want to perform: - RAID - Disk Verify Utility. - DISK_USAGE - Check Disk Usage. - NETWORK - Network Utilities. - REPORTING - Reporting Utilities. - TRACKING - Tracking Utilities. - RELOAD - Reset configuration to the initial manufacturer values. > RELOAD
This command will remove all user settings and reset the entire device.
If this is a Virtual Appliance, all feature keys will be removed, and the license must be reapplied. Are you sure you want to continue? [N]> y Are you *really* sure you want to continue? [N]> y Reverting to "testing" preconfigure install mode.
The appliance closes the current connection at this time and reboots.
In order to remove the network configuration, you must run the system setup wizard once again with the systemsetup command. Move through the wizard, and enter generic information as needed (such as 192.168.42.42 for the management IP address, a generic hostname, and a generic email@example.com for the email address).
At the completion of the setup wizard, enter Y when prompted in order to commit the changes:
Would you like to commit these changes at this time? [Y]> Y
Congratulations! System setup is complete.
At this point, your appliance is cleared of the configuration values that were previously set, and the customer data should be removed from the appliance.
When the configuration is reset back to the initial manufacturer values, the feature keys are removed and set back to the 30-day demo key for Incoming Mail Handling. The ESA hardware appliance feature keys are tied directly to an appliance serial number. If the appliance communicates to the update service, it recalls any valid feature keys assigned. For the ESA virtual appliances, the feature keys are removed, as these are tied to the Virtual License Number (VLN) that is embedded in the configuration itself. The virtual appliances require that the loadlicense option be run again, and that the VLN be reloaded.
Note: If this process must be completed for a demo appliance, and more time is required, you must contact Cisco Global Licensing Operations (GLO) in order to request an extension or new feature keys.
Complete these steps in order to return a Cisco WSA to the original factory default configuration:
Note: Cisco recommends that you have console access to the appliance before you run the resetconfig or reload command in order to remove any network configuration.
From the appliance CLI, enter the diagnostic command and choose REPORTING > DELETEDB.
Enter the resetconfig command into the CLI.
This process performs a complete reinstall of the configuration, which means that all of the settings are lost. The management IP is reset back to 192.168.42.42, and the admin password reverts to the default ironport:
Are you sure you want to reset all configuration values? [N]> y
All settings have been restored to the factory defaults. Please run System Setup Wizard at http://192.168.42.42:8080
An advanced command can also be entered on the ESA. Enter the hidden reload command into the ESA CLI, enter Y, and then enter YES in order to complete. This command deletes all of the customer data (such as all of the configuration and network settings, logs, archived scheduled reports, and users information):
This command will erase customer data, reporting and log files, erase proxy cache, reset to factory configuration (shipping mode), including network settings and IP addresses and reboot the machine.
This command does NOT extend the feature keys. Those must be applied separately.
If this is a Virtual Appliance, all feature keys will be removed, and the license must be reapplied.
This command is primarily intended for Cisco IronPort Field Engineers and may delete valuable data. Administrators should normally use 'resetconfig' instead.
Are you sure you want to continue? [y|n] y Are you *really* sure you want to continue? If so, type 'YES': yes