Disable Factory Reset Button

I am managing a fleet of MAX BR1 via InControl2 and do to unforeseen events desire to have the option via incontrol of each individual BR1 to disable the factory reset button on the router. I have not discovered a GUI option to do this, so is there a CLI command that will perform this task or I would like to make a request to add this option in the next firmware release. Thanks

Hello @rnort,
The factory reset feature is extremely useful and if you are managing the fleet via InControl2 it gives incredible recovery options over all other brands we’ve worked with.

Disabling the reset button does not make your device more secure nor does it reduce the potential that someone may attempt to take the device or change the settings.

Here is the biggest reason to keep the reset button functional, Support.

The Peplink & Pepwave range is well designed for Support remotely, including recovery for accidental miss configuration.

Here is a situation that many have seen. Changes are pushed out to a router and something goes amiss (normally due to human error having changed a setting and not getting the results expected). Now that router is looked out and not accessible remotely and the client’s site is offline. Ops. what to do now? Well, a paper clip is all that is needed and someone able to use that paperclip for you, you simply get the unit factory reset and hey presto (like magic) it will reboot back to InContro2 (with its default settings) and you can restore the last known good working configuration. No need to send your most expensive staff to the site.

There is no way we’d want to see Peplink allowing the disabling of the reset feature and we will actively promote that it remains functional at all times.

There are much better ways to secure your systems and equipment than disabling the reset button.

By the way, we do work with a brand of Security Camera that whenever these units get locked out (such as a lost password), they have to go back to the factor to have the NVRAM replaced, the cost is almost as much as getting a replacement.

Happy to Help,
Marcus :slight_smile:

Thanks Marcus appreciate the feedback. But for my purposes and uses for this product line, it is not a priority that the unit can be reset locally. If the router became bricked and unrecoverable, then a new unit would
be purchased and the old destroyed, budget is not a concern.

What I am asking for as an update to the firmware so an option can made available to disable the reset button, its an option that each person can elect to use or not. I have been evaluating this product for company’s
needs’ and so far I am happy for what I need to accomplish, but I am looking at purchasing another 200+ units, but without this option I will have to find another solution.

1 Like

@rnort

There are 3 ways to factory reset the device:

  1. Via device level Reset Button or LCD panels:

Lower end models:
image

Higher end models:
image

Maintenance
Reboot > Reboot? (Yes/No) (to reboot the unit)
Factory default > Factory default? (Yes/No) (to restore factory defaults)

  1. Via WebAdmin :slight_smile:

  2. Via IC2:

Your request is more on item 1 above for the physical reset button ? Would you able to share more for the concerns and the use case ? More on the physical security concerns ?

1 Like

At the very least, there should be an option to disable the shorter reset process that allows one to reset the password and port to gain access by holding the button for 5-10 seconds. This is a security concern.

2 Likes

Good point made.

This is similar to a thermostat in an building that is contained within a clear key cover box so people cannot change the temperature who have physical access to the device.

A crude way to enforce security one could put the PepLink in a case of some sort with hole cut outs for the various external components to prevent access to the actual reset button?

My 2 cents worth.

Have a strap made of stainless steel with two tabs with holes for a small lock.
Measure the unit… height, depth, times two, and one inch times two for the tabs. Have it made by someone with skills, then wrap it around device covering the reset hole and lock it.
It needs to be made so it clamps tightly when locked.
A small amount of double sided sticky tape between the strap and device will assure it can’t slide.

Dang! Sorry just realized you have lots of devices. Never mind.