| Description | This article describes how to change the security level on a G series FortiGate. |
| Scope | FortiGate G series. |
| Solution | BIOS Security Level can be changed from CLI on the other FortiGate hardware models: BIOS-level signature and file integrity On FortiGate G series, a physical switch button in front or behind the device can be found to switch from Low to High:
 Some FortiGate G series will have 3 different BIOS Security levels, such as level 0,1, or 2. Refer to this document to see the difference between those levels: Enhance BIOS-level signature and file integrity checking The lights on the front panel will show the current security level in operation, as shown in this example. 
There is also a FortiGate G series model that only shows the security level light on the Front panel, but the control switch is set in the back panel as per 71G in the following example. The next step to change the security level is to reboot the device and break the booting sequence. The picture below shows the set of actions that are supposed to be taken so the security level can be changed. These are the steps to be chosen from the boot menu:
The result should be as in the 'get system status' output below. The important outputs are on the lines 'Current Security Level' and 'Physical Switch Security Level'. Once these parameters are 'low', the parameters of the FortiGate are successfully changed and ready for the needed operations (for example, installing an interim build).
For more details on where the controlled BIOS security level switch is located.
|
