FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
DPadula
Staff
Staff
Article Id 354989
Description This article explains why users should not backup the FortiGate config files using the encrypt option when sending them to TAC.
Scope FortiGate.
Solution

FortiGate allows to encrypt of the configuration file using a password when a backup is taken.

 

Backup File with pass.PNG

This adds an extra layer of security, not allowing the file to be read on a simple Txt program like Notepad++.

 

encrypted file.PNG

 

This is useful from the security point of view, allowing the backup to be restored only with the same device model and password. If one of both requirements is not fulfilled the backup cannot be restored.

 

If the file will be used to compare with an old config backup or it will be sent to TAC it cannot be encrypted.

The reason why is that Fortinet TAC uses mostly virtual machines to test users configuration, so the file needs to be edited before it can be restored.

 

Not all the configs are necessary to reproduce an issue, so they will be removed from the file before it can be used. 

 

Note:

Fortinet LAB has also physical devices but a limited number if compared to the number of virtual machines, which can be almost countless.  

Contributors