Views:
For vTPS 5.0 (and later) and TPS devices, use the Data Security screen to secure the system keystore with a new master key and to secure the external user disk (CFast or SSD).
(Best Practice) To avoid keystore issues with a TOS rollback, set the master key to a passphrase that you specify. If the keystore in the rollback image is secured with a different master key than the master key that is set on the device, you can set the master key to the correct passphrase.
By default, the external user disk is not encrypted which enables you to easily access the contents of the external user disk from a different device. The external user disk (CFast or SSD) stores all traffic logs, snapshots, ThreatDV URL Reputation Feed, User-defined URL Entries database, and packet capture data.
Before you encrypt the external user disk, keep in mind the following points:
  • To reset the master key using the SMS, you must have superuser capabilities.
  • You cannot change the encryption status of external user disk on the vTPS.
  • When you change the encryption status of the external user disk, the device automatically formats the disk and all data is erased. On large, external CFast disks (32 GB or more), it can take 40 seconds or more to complete disk format and encryption operations.
  • The system master key encrypts and decrypts the external user disk. To access the contents of an
    encrypted external user disk from a different device, for example to restore a snapshot, the same master
    key must also be set on the device.