Surplus old IronPort appliances

Jason Meyer · ‎11-19-2013

Does the resetconfig wipe all of my data off of the appliances? Getting ready to send some appliances to surplus and need to wipe all data. Just wondering if it's hidden in an old partition or anything.

Robert Sherwin · ‎11-19-2013

Jason -

The best practices procedure for wiping the data off the appliance before returning would be 'diagnostic' and 'reload'.

I would suggest FTP into the IronPort appliance and go into the following directories and delete all the logs:

mail_logs

configuration

error_logs

ldap_logs, etc

The mail_logs directory may take a bit to clear, depending on how the mail_logs is configured in 'logconfig'.

'reload' does a COMPLETE reinstall of the system back to pre-SSW state. It means that all settings are lost and the Management IP is changed back to 192.168.42.42 and the admin password is changed back to default as well. Customers need to run SSW again.

Therefore, the command deletes all customer data (all configuration and network settings, logs, archived scheduled reports, users info, etc.), except Feature Keys.

Note:

Before you run this command, please run saveconfig, and ftp the config file off of the appliance, as it will be deleted on reset.

Hope this helps!

-Robert

Cheers,
Robert Sherwin

Ken Stieers · ‎11-19-2013

Robert, is it a WIPE, or just a delete?

I'm betting that its recoverable if someone wanted to dig hard on those drives.

Jason is also a government... so they may have higher requirements....

That said, what are your requirements Jason? Since they're Dell boxes, you can open them up and really get the drives completely wiped if need be...

Robert Sherwin · ‎11-19-2013

*IF* a customer requests - they can keep the hard drives from the appliances - so that they can degauss, wipe, shred, etc., on their own - and they can fulfill any security/policy as so directed from their company.

This can be requested through your Cisco Account Manager (CAM) or Account Manger (AM) responsible for the RMA. They have the full steps and documents needed in order to have this completed.

-Robert

Cheers,
Robert Sherwin

Jason Meyer · ‎11-19-2013

So, reset the configuration back to factory, then FTP'd into the appliance and found all kinds of directories containing logs, reports,etc. Deleted everything but get permission denied on a few folders that contain old reports of ours. Could not find a way to delete them.

Is there a way to boot a C series or M series off of USB so we can run a wipe utility?

Our requirements are to remove all or our data. If there isn't a way to boot off of USB so we can run a wipe utility then we will likely shred the disks. Don't have another server of this disk sled type readily available to put into a different machine.

Appreciate the input,

Jason

Nasir Abbas · ‎11-19-2013

Hello Jason,

Try following:

SSH to appliance

Diagnostic -> reload

Second option is to use "revert" command which will basically revert back to one or two version with blank setting. The current version partition will be wiped out. The revet command will only retain (some time it does not) netowork setting which can used wither using reload for factory reset.

Hope that helps.

-Nasir

Nasir Abbas · ‎11-19-2013

Hello Jason,

Just for you informaiton:

Q: How does IronPort handle customers HIPPA laws on data privacy and data destruction?

A: All returned system will go through our burn-in test which will wipe out all the data on disk drives similar to DOD 5220-22-M spec.

-Nasir

Jason Meyer · ‎12-03-2013

Do most customers return old appliances? I've never heard of this option, do I get any value from returning them?

Robert Sherwin · ‎12-03-2013

That is probably best answered from a Account/Sales Ops, or re-seller side. I am not aware of the process and retribution for the return of appliances. I do know they had in the past offered discounts on the newer hardware when purchased. You would be better served to check w/ them.

-Robert

Cheers,
Robert Sherwin

Ken Stieers · ‎12-03-2013

I never have... I have parted them out, or reflashed the BIOS and reused the box for lab/test purposes...