We get dozens of FortiGates back from evaluations and the standard way of factory reseting the configuration is by running the command execute factoryreset.
This will reset the full configuration back to factory default.
The problem is that it does nothing to the flash, and sometimes clients make revision configuration saves to the flash.
To confirm if you have configuration files saved to flash click on the 'Revisions' link found under the 'System Information' dashboard.
You can now see all the previously saved configs.
If you forget to delete these then the next customer that trials the unit can look through the previous customers full configuration.
The best way to properly sanitise the box is to either delete these files manually, or by formatting the flash with the diagnose sys flash format command. This will delete all files, and the IPS/AV databases too.
This will reset the full configuration back to factory default.
The problem is that it does nothing to the flash, and sometimes clients make revision configuration saves to the flash.
To confirm if you have configuration files saved to flash click on the 'Revisions' link found under the 'System Information' dashboard.
You can now see all the previously saved configs.
If you forget to delete these then the next customer that trials the unit can look through the previous customers full configuration.
The best way to properly sanitise the box is to either delete these files manually, or by formatting the flash with the diagnose sys flash format command. This will delete all files, and the IPS/AV databases too.
Lastly it's a good idea to format the log disk in-case the customer used it to store logs. Use the execute formatlogdisk command for this.
Please be aware that for all the above three commands, the firewall will reboot.
So the three steps I take to sanitise a FortiGate once it's come back from a customer site is:
execute factoryreset
<firewall reboots>
diagnose sys flash format
<firewall reboots>
execute formatlogdisk
<firewall reboots>
1 comment:
Very helpful, thanks.
Post a Comment