You run the request system zeroize command to zeroize the router. This command erases all configuration information on the Routing Engines and resets all key values. The entire request system zeroize command process can be time-consuming (for example, it requires about 20 minutes for a 20-gigabyte Routing Engine hard drive), but all critical security parameters (CSPs) are removed within a few seconds. The physical environment must remain secure until the zeroization process completes.
 |
Note: System zeroization should be performed with care. After the zeroization process completes, there is no data left on the Routing Engine hard drive. The router is essentially left in the factory default state, without any configured users or configuration files. |
Operating the router at FIPS Level 2 requires the use of tamper-evident labels to seal the Routing Engines into the chassis. Removal of either Routing Engine requires entering the FIPS maintenance role. For strict compliance, the module should be zeroized on entry to and exit from the FIPS maintenance role.
Run the request system zeroize command before loading non-JUNOS-FIPS JUNOS software packages. Juniper Networks does not support downgrades to non-JUNOS-FIPS software packages, but this might be necessary in certain test environments. You can install non-JUNOS-FIPS JUNOS software from PCMCIA media.
 | Copyright © 2008, Juniper Networks, Inc. All Rights Reserved. Trademark Notice. | |