Wipe a Fortinet FortiGate Firewall – Delete All Logs and Configuration – Script

FortiGate, Fortinet, Scripting, Security

On occasion, I have found that I have the need to not only wipe a Fortinet Fortigate Firewall’s configuration, settings, and logs, but to actually verify that the contents of the logs were wiped out. The script below will allow you to do this.

I would recommend using PuTTY with logging enabled to document your progress. With some modification this may work on other Fortinet devices. Note that you will have to modify the script to add any custom VDOMs you may have on your device.

I would highly recommend backing up your configuration and any logs that you need to retain, as I know of no way to undo this. Use the following script at your own risk!

#-------------------------------#
#Fortinet Device wipe - Supports CTAP Units
#Version: 1.02
#Update: 2018-11-06
#Notes: For systems without VDOMs enabled,
#the config lines will produce an error, however



#the end result is the same
#Written by Mike Yurick
#-------------------------------#

#-------------------------------#
#Disk Info
#-------------------------------#
config global
diag hardware deviceinfo disk
end
#-------------------------------#

#-------------------------------#
#Per-VDOM Log PRE-Check
#-------------------------------#
config vdom
edit Monitor
execute log filter category 0
execute log display
execute log filter category 1
execute log display
execute log filter category 2
execute log display
execute log filter category 3
execute log display
execute log filter category 4
execute log display
execute log filter category 5
execute log display
execute log filter category 6
execute log display
execute log filter category 7
execute log display
execute log filter category 8
execute log display
execute log filter category 9
execute log display
execute log filter category 10
execute log display
execute log filter category 11
execute log display
execute log filter category 12
execute log display
execute log filter category 13
execute log display
execute log filter category 14
execute log display
execute log filter category 15
execute log display
execute log filter category 16
execute log display
end

config vdom
edit CTAP
execute log filter category 0
execute log display
execute log filter category 1
execute log display
execute log filter category 2
execute log display
execute log filter category 3
execute log display
execute log filter category 4
execute log display
execute log filter category 5
execute log display
execute log filter category 6
execute log display
execute log filter category 7
execute log display
execute log filter category 8
execute log display
execute log filter category 9
execute log display
execute log filter category 10
execute log display
execute log filter category 11
execute log display
execute log filter category 12
execute log display
execute log filter category 13
execute log display
execute log filter category 14
execute log display
execute log filter category 15
execute log display
execute log filter category 16
execute log display
end

config vdom
edit root
execute log filter category 0
execute log display
execute log filter category 1
execute log display
execute log filter category 2
execute log display
execute log filter category 3
execute log display
execute log filter category 4
execute log display
execute log filter category 5
execute log display
execute log filter category 6
execute log display
execute log filter category 7
execute log display
execute log filter category 8
execute log display
execute log filter category 9
execute log display
execute log filter category 10
execute log display
execute log filter category 11
execute log display
execute log filter category 12
execute log display
execute log filter category 13
execute log display
execute log filter category 14
execute log display
execute log filter category 15
execute log display
execute log filter category 16
execute log display
end
#-------------------------------#

#-------------------------------#
#Disk Info
#-------------------------------#
config global
diag hardware deviceinfo disk
end
#-------------------------------#

#-------------------------------#
#Per-VDOM Log Wipe
#You can comment out all 
#but one of the 
#execute log delete-all
#commands for systems
#without VDOMs enabled
#or just let it run
#-------------------------------#
config vdom
edit Monitor
execute log delete-all
y
next
edit CTAP
execute log delete-all
y
next
edit root
execute log delete-all
y
end
#-------------------------------#

#-------------------------------#
#Compare Disk Info
#-------------------------------#
config global
diag hardware deviceinfo disk
end
#-------------------------------#

#-------------------------------#
#Per-VDOM Log POST-Check
#-------------------------------#
config vdom
edit Monitor
execute log filter category 0
execute log display
execute log filter category 1
execute log display
execute log filter category 2
execute log display
execute log filter category 3
execute log display
execute log filter category 4
execute log display
execute log filter category 5
execute log display
execute log filter category 6
execute log display
execute log filter category 7
execute log display
execute log filter category 8
execute log display
execute log filter category 9
execute log display
execute log filter category 10
execute log display
execute log filter category 11
execute log display
execute log filter category 12
execute log display
execute log filter category 13
execute log display
execute log filter category 14
execute log display
execute log filter category 15
execute log display
execute log filter category 16
execute log display
end

config vdom
edit CTAP
execute log filter category 0
execute log display
execute log filter category 1
execute log display
execute log filter category 2
execute log display
execute log filter category 3
execute log display
execute log filter category 4
execute log display
execute log filter category 5
execute log display
execute log filter category 6
execute log display
execute log filter category 7
execute log display
execute log filter category 8
execute log display
execute log filter category 9
execute log display
execute log filter category 10
execute log display
execute log filter category 11
execute log display
execute log filter category 12
execute log display
execute log filter category 13
execute log display
execute log filter category 14
execute log display
execute log filter category 15
execute log display
execute log filter category 16
execute log display
end

config vdom
edit root
execute log filter category 0
execute log display
execute log filter category 1
execute log display
execute log filter category 2
execute log display
execute log filter category 3
execute log display
execute log filter category 4
execute log display
execute log filter category 5
execute log display
execute log filter category 6
execute log display
execute log filter category 7
execute log display
execute log filter category 8
execute log display
execute log filter category 9
execute log display
execute log filter category 10
execute log display
execute log filter category 11
execute log display
execute log filter category 12
execute log display
execute log filter category 13
execute log display
execute log filter category 14
execute log display
execute log filter category 15
execute log display
execute log filter category 16
execute log display
end
#-------------------------------#

#-------------------------------#
#Verify that no logs exist
#by comparing output before
#and after the wipe
#-------------------------------#

#-------------------------------#
#Check Disks
#-------------------------------#
config global
diag hardware deviceinfo disk
end
#-------------------------------#

#-------------------------------#
#Wipe the log disk
#-------------------------------#
config global
execute formatlogdisk
y
#-------------------------------#

#-------------------------------#
#Wait for unit to reboot
#-------------------------------#

#-------------------------------#
#Compare Disk Info
#-------------------------------#
config global
diag hardware deviceinfo disk
end
#-------------------------------#

#-------------------------------#
#finally do a factory reset
#-------------------------------#
config global
#This one should be sufficient for physical units
execute factoryreset
y
#Use this one for VM Versions:
#execute factoryreset keepvmlicense
#y
#-------------------------------#

#-------------------------------#
#Disk Info
#-------------------------------#
config global
diag hardware deviceinfo disk
end
#-------------------------------#

#-------------------------------#
#Written by Mike Yurick
#-------------------------------#

^^^Script to completely wipe a Fortinet Fortigate Firewall’s configuration, settings, and logs and verify the deletion was successful.

Leave a Reply

Your email address will not be published. Required fields are marked *