PDA

View Full Version : How to wipe appliance HDD



slowfood27
2014-04-08, 04:37
The policy of a customer in the financial environment requires to wipe the HDD of any device which leaves the company.
Due to an RMA, we have to return the faulty appliance to Check Point. Of course, the policy requires the HDD to be wiped.
Are there any standard procedures available?

sdawkiins
2014-04-08, 07:25
Hi there,

Are the HDDs in the appliance faulty or does the fault lie somewhere else?

If you are sending the appliance back due to some sort of hardware fault, in theory I cannot see any reason why you should not be allowed to either keep the HDDs (i.e. when the replacement box arrives, swap the new ones out for the old ones).

Or alternatively you could take the drives out and run DBAN on them, which will write a series of random 0's and 1's I believe. It is quite configurable on the number of passes required.

With the first option I would obviously recommend a reinstall when booting up the new appliance with the original HDDs as there may be some hardware specific settings in the OS.

This is purely from my experience with RMA'ing hardware with other manufacturers, I have never personally dealt with a Check Point RMA.

Hope this helps!

Sam

slowfood27
2014-04-08, 07:47
Thanks for your Input

Praise the Lord that you never had to deal with Check Point RMA!

mcnallym
2014-04-08, 10:11
Only thing I can think of that is a slight spanner in the works is that Check Point treats the appliances as Closed Units, and have a Warranty sticker on them. To take the disk out you need to break the sticker and void your warranty

If you do this make sure you agree with TAC first as depending on how the person that gets the Appliance back may decide to " you have broken the sticker and your warranty is invalid " your box.

When I had a faulty UTM-1 Appliance then I couldn't just swap the disk over even though the HDD itself was fine. It would have saved work just swapping the HDD from one to the other box, but would have broken the sticker.
Even if is just a Faulty HDD the TAC RMA's the whole unit not just the HDD and you swap yourself in general.

I believe that some people here have arranged with TAC around this and been supplied with there own supply of stickers so can just replace broken parts etc, but was arranged prior to doing this.

marklar
2014-04-10, 01:05
The approach I've seen elsewhere is disks get wiped in situ if possible, otherwise removed and wiped.
If the disk is completely dead and unable to be wiped it gets physically destroyed.

The ways around this are either procedural (have a service agreement with your vendor that they guarantee to safely wipe any RMAs)
or financial (you buy the returned device from the vendor and destroy it yourself).

serlud
2014-04-10, 01:54
In this case customer just need to use open server platform and do not have any problem with wipe any HDDs in CP appliance..

PhoneBoy
2014-04-14, 09:16
Some Check Point appliances are "sealed units" and are not meant to be serviced by non-Check Point certified personnel.
If you require the ability to "physically destroy" the hard drive therein, you should work with your Check Point Sales team to see what options are available.

That said, if you don't need to physically destroy the drive (and just need to wipe it with random data many times), the well-known DBAN utility is available on Emergendisk, which is something added to R77.
You can boot off the recovery USB key created by Emergendisk and run DBAN to wipe the hard drive.

jflemingeds
2014-04-14, 12:16
I forgot about this thread, i know the 2012 appliances support PXE boot. You should be able to find something on how to pxe boot and run dban with a few good searches. I think the key is to hit the L key on boot up (well and setting up the pxe env) which should make the box try to boot off the network.

side note, you can also use this for reimaging, but i haven't tried that in a while.

ljulian
2014-04-14, 15:44
Or he could try using dban from an Emergendisk USB stick as sugested by PhoneBoy.


I forgot about this thread, i know the 2012 appliances support PXE boot. You should be able to find something on how to pxe boot and run dban with a few good searches. I think the key is to hit the L key on boot up (well and setting up the pxe env) which should make the box try to boot off the network.

side note, you can also use this for reimaging, but i haven't tried that in a while.

slowfood27
2014-04-15, 02:26
Thanks for all the helpful replies guys
Since it's a 9070 appliance I will go with the DBAN utility

jflemingeds
2014-04-15, 21:19
Or he could try using dban from an Emergendisk USB stick as sugested by PhoneBoy.

I for one am not too proud to admit when i didn't fully read a posting by phoneboy and i can tell you that this is not one of those cases!


... no... really...um... look over there!

PhoneBoy
2014-04-22, 16:51
And that wasn't one of my longer postings, either :P