We have two old devices: Fortigate 111C and FortiAnalyzer 100B. They are currently offline (as they have been replaced by other models). We are going to try sell them via auction (being a public organization we have such rules). But we need to safely remove our data and yet have it still usable, so it is worth a purchase for someone. I have read about Factory reset command, but i'm not sure it will wipe all the data. Is it only resetting a configuration? Should i still wipe the logs and other stuff somehow? I have also read in the forums about running format on FortiAnalyzer to get rid of logs, but won't it render the device unusable after that?
With personal computers we are just wiping out HDDs securely as installing OS is a trivial task. Probably not so trivial with Fortigate. Or is it possible to completely wipe its memory and then install fresh FortiOS?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi
one hint more.....if you point to low level format you can use based on 5.2 as 5.4 following command:
# execute erase-disk
This will overwrite the disk block 3 X with rubish so that the data available whatever it is "based on normale status" will gone! After that you can stage from scratch the device again over Bios by TFTP formating the boot device and staging by new FortiOS image.
hope this helps
have fun
Andrea
Hi
For FAZ use following:
# execute erase-disk flash <erase-times>
Overwrite the flash (boot device) with random data a specified number of times. When you run this command,
you will be prompted to confirm the request. Executing this command will overwrite all information on the FortiAnalyzer system’s flash drive. The FortiAnalyzer system will no longer be able to boot up.
# execute format <disk | disk-ext3 | disk-ext4> <RAID level> deep-erase <erase-times>
deep-erase --> Overwrite the hard disk with random data. Selecting this option will take
longer than a standard format.
The CLI of FAZ is your friend :) Search for "erase"
hope this helps
have fun
Andrea
Hi
You friend is your CLI Refrence means the Handbook for CLI which can be donwloaded over following link:
http://docs.fortinet.com/fortianalyzer/reference
Look that you get the CLI for your corresponding product meaning version or FortiOS.
hope this helps
have fun
Andrea
Provided format and erase-disk commands do not work on our FAZ. It either gives me "ambiguous command" or "input not as expected" errors. How do i "search" for erase command in CLI?
what i have tried:
execute erase-disk flash 3
execute format disk deep-erase 3
execute format disk-ext3 deep-erase 3
execute format disk-ext4 deep-erase 3
and various other combinations
Hi
You friend is your CLI Refrence means the Handbook for CLI which can be donwloaded over following link:
http://docs.fortinet.com/fortianalyzer/reference
Look that you get the CLI for your corresponding product meaning version or FortiOS.
hope this helps
have fun
Andrea
So, after running 'get system status' it showed me:
Version: FortiAnalyzer-100B v4.0,build0705,130411 (MR3 Patch 7)
I've found 4.0.0 documentation and it only has factoryreset (which i did already) and formatlogdisk commands. I have ran formatlogdisk and it has erased the data, though it may be that it just formats the disk without overwriting the data with random data, so not secure enough. But i probably don't have any other options.
Created on 11-22-2023 07:15 AM Edited on 11-27-2023 05:33 AM
The Fortigard settings will still retain the email account if you only use the factory reset command. If that info is left on there, who know what other info is still on the device as well. Not sure why they call it factory reset if it doesn't clear all setting but is doesn't surprise me because just about every manufacture leaves some kind of data or log or preboot setting or something of that sort if you just do the factory reset according to there documentation. With that being said I would definitely recommend using the execute erase command followed by the appropriate option for the boot flash. You can also format it in the pre-boot option menu. The log disk can be formatted or erased depending on the level of security you are comfortable with.
Hi esfa101,
Config is stored on the boot partitions and the logs are stored either as a partition on the same flash or separate.
There is also the shared data partition for IPS and AV.
You can check beforehand from the CLI with
execute disk list - Shows disks & partitions.
diagnose sys flash list - Shows boot partitions.
Best way to clear it all off is as follows.
From GUI under [System].[Dashboard].[Status] in the [System information] dialog click [Revisions] in the system configuration line. Clear any revision backups.
From CLI
execute formatlogdisk Formats the Log disks and reboots.execute factoryreset Restores to factory settings on current firmware version and reboots. http://kb.fortinet.com/kb/documentLink.do?externalID=FD37052 diagnose sys flash format Formats shared data partition(IPS/AV) and reboots Lastly interrupt the boot sequence and TFTP a clean firmware version to both the default and backup partitions. http://kb.fortinet.com/kb/viewContent.do?externalId=10338 I have seen units stop booting during some of these commands before but in all cases I managed to recover with TFTP of clean firmware. Use at own risk though. I'm fairly certain there is overlap between these commands that is removing the same thing but prefer to be safe. Regards, Craig
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1558 | |
1033 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.