Description | This article explains why users should not backup the FortiGate config files using the encrypt option when sending them to TAC. |
Scope | FortiGate. |
Solution |
FortiGate allows to encrypt of the configuration file using a password when a backup is taken.
This adds an extra layer of security, not allowing the file to be read on a simple Txt program like Notepad++.
This is useful from the security point of view, allowing the backup to be restored only with the same device model and password. If one of both requirements is not fulfilled the backup cannot be restored.
If the file will be used to compare with an old config backup or it will be sent to TAC it cannot be encrypted. The reason why is that Fortinet TAC uses mostly virtual machines to test users configuration, so the file needs to be edited before it can be restored.
Not all the configs are necessary to reproduce an issue, so they will be removed from the file before it can be used.
Note: Fortinet LAB has also physical devices but a limited number if compared to the number of virtual machines, which can be almost countless. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.