PAN-OS® 8.1.2 provides a new feature to scrub swap memory
on FIPS-enabled firewalls and appliances.
New Certifications Feature
Description
FIPS Scrub Option
If you need to decommission
or send in a FIPS-enabled Palo Alto Networks firewall or appliance
for repair, you can now scrub the swap memory to remove all cryptographic
security parameter (CSP) information from the swap partition(s).
Beginning with PAN-OS 8.1.2, you can add the scrub option to the
shutdown or restart CLI command as follows:
> request
[restart | shutdown] system with-swap-scrub [dod | nnsa]
After
the scrub completes, a
System
log is generated
that indicates the status of the scrub.