Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
esfa101
New Contributor

How to wipe personal data, but still have a usable device?

We have two old devices: Fortigate 111C and FortiAnalyzer 100B. They are currently offline (as they have been replaced by other models). We are going to try sell them via auction (being a public organization we have such rules). But we need to safely remove our data and yet have it still usable, so it is worth a purchase for someone. I have read about Factory reset command, but i'm not sure it will wipe all the data. Is it only resetting a configuration? Should i still wipe the logs and other stuff somehow? I have also read in the forums about running format on FortiAnalyzer to get rid of logs, but won't it render the device unusable after that?

 

With personal computers we are just wiping out HDDs securely as installing OS is a trivial task. Probably not so trivial with Fortigate. Or is it possible to completely wipe its memory and then install fresh FortiOS?

3 Solutions
AndreaSoliva

Hi

 

one hint more.....if you point to low level format you can use based on 5.2 as 5.4 following command:

 

# execute erase-disk

 

This will overwrite the disk block 3 X with rubish so that the data available whatever it is "based on normale status" will gone! After that you can stage from scratch the device again over Bios by TFTP formating the boot device and staging by new FortiOS image.

 

hope this helps

 

have fun

 

Andrea

View solution in original post

AndreaSoliva

Hi

 

For FAZ use following:

 

# execute erase-disk flash <erase-times>

 

Overwrite the flash (boot device) with random data a specified number of times. When you run this command,

you will be prompted to confirm the request. Executing this command will overwrite all information on the FortiAnalyzer system’s flash drive. The FortiAnalyzer system will no longer be able to boot up.

 

# execute format <disk | disk-ext3 | disk-ext4> <RAID level> deep-erase <erase-times>

 

deep-erase --> Overwrite the hard disk with random data. Selecting this option will take

longer than a standard format.

 

The CLI of FAZ is your friend :) Search for "erase"

 

hope this helps

 

have fun

 

Andrea

View solution in original post

AndreaSoliva

Hi

 

You friend is your CLI Refrence means the Handbook for CLI which can be donwloaded over following link:

 

http://docs.fortinet.com/fortianalyzer/reference

 

Look that you get the CLI for your corresponding product meaning version or FortiOS.

 

hope this helps

 

have fun

 

Andrea

View solution in original post

14 REPLIES 14
esfa101

Provided format and erase-disk commands do not work on our FAZ. It either gives me "ambiguous command" or "input not as expected" errors. How do i "search" for erase command in CLI?

 

what i have tried:

execute erase-disk flash 3

execute format disk deep-erase 3

execute format disk-ext3 deep-erase 3

execute format disk-ext4 deep-erase 3

and various other combinations

 

AndreaSoliva

Hi

 

You friend is your CLI Refrence means the Handbook for CLI which can be donwloaded over following link:

 

http://docs.fortinet.com/fortianalyzer/reference

 

Look that you get the CLI for your corresponding product meaning version or FortiOS.

 

hope this helps

 

have fun

 

Andrea

esfa101

So, after running 'get system status' it showed me:

Version: FortiAnalyzer-100B v4.0,build0705,130411 (MR3 Patch 7)

 

I've found 4.0.0 documentation and it only has factoryreset (which i did already) and formatlogdisk commands. I have ran formatlogdisk and it has erased the data, though it may be that it just formats the disk without overwriting the data with random data, so not secure enough. But i probably don't have any other options.

epctest

The Fortigard settings will still retain the email account if you only use the factory reset command. If that info is left on there, who know what other info is still on the device as well. Not sure why they call it factory reset if it doesn't clear all setting but is doesn't surprise me because just about every manufacture leaves some kind of data or log or preboot setting or something of that sort if you just do the factory reset according to there documentation. With that being said I would definitely recommend using the execute erase command followed by the appropriate option for the boot flash. You can also format it in the pre-boot option menu. The log disk can be formatted or erased depending on the level of security you are comfortable with. 

craigusza
New Contributor

Hi esfa101,

 

Config is stored on the boot partitions and the logs are stored either as a partition on the same flash or separate. 

There is also the shared data partition for IPS and AV.

 

You can check beforehand from the CLI with

execute disk list     -     Shows disks & partitions.

http://docs-legacy.fortinet.com/fgt/handbook/40mr2/cli_html/wwhelp/wwhimpl/common/html/wwhelp.htm?co...

diagnose sys flash list     -     Shows boot partitions.

 

Best way to clear it all off is as follows.

 

From GUI under [System].[Dashboard].[Status] in the [System information] dialog click [Revisions] in the system configuration line.  Clear any revision backups.

 

From CLI

execute formatlogdisk Formats the Log disks and reboots.

 

execute factoryreset Restores to factory settings on current firmware version and reboots. http://kb.fortinet.com/kb/documentLink.do?externalID=FD37052   diagnose sys flash format Formats shared data partition(IPS/AV) and reboots   Lastly interrupt the boot sequence and TFTP a clean firmware version to both the default and backup partitions. http://kb.fortinet.com/kb/viewContent.do?externalId=10338   I have seen units stop booting during some of these commands before but in all cases I managed to recover with TFTP of clean firmware.  Use at own risk though.   I'm fairly certain there is overlap between these commands that is removing the same thing but prefer to be safe.   Regards, Craig
Labels
Top Kudoed Authors