Scrub the Swap Memory on Firewalls or Appliances Running in FIPS-CC Mode
Table of Contents
Scrub the Swap Memory on Firewalls or Appliances Running in FIPS-CC Mode
Use the following procedure to remove sensitive information
from the swap partition(s) on a firewall or appliance in FIPS-CC
mode.
If you send a firewall that is managed by Panorama
in for repair, see Before Starting RMA Firewall
Replacement.
- Open an SSH management session to the firewall or appliance.
- Run the following operational command:request [restart | shutdown] system with-swap-scrub [dod | nnsa]For example, to shut down the firewall or appliance and perform a Department of Defense (DoD) scrub, run the following command:request shutdown system with-swap-scrub dod
- Press Y at the warning prompt to start the scrub.
- Verify that the scrub completed successfully. View the System log
and filter on the word swap. The System log
indicates the scrub status for each swap partition (either one or
two partitions depending on the model) and also displays a log entry
that indicates the overall status of the scrub. If the scrub completed
successfully on all swap partitions, the System log
shows Swap space scrub was successful.If the scrub failed on one or more swap partitions, the System log shows Swap space scrub was unsuccessful. The following screen capture shows the log results for a firewall that has two partitions.
![]()
To view the scrub logs using the CLI, run the show log system | match swap command.If you initiate the scrub using the shutdown command, the firewall or appliance will power off after the scrub completes. Before you can power on the firewall or appliance, you must first disconnect and reconnect the power source.
