Post

Why Would Somebody Throw Away This

Posted
By Usman Masood Ashraf
views 7 min read

Why Would Somebody Throw Away This

Introduction

You’re walking past an office dumpster when something catches your eye - the distinctive chassis of a Fortinet FortiGate 100F firewall. After a quick reset, you confirm it’s fully functional. This scenario from a recent Reddit post raises critical questions about enterprise hardware lifecycle management and the hidden value in discarded infrastructure.

For DevOps engineers and sysadmins, finding premium hardware in the trash isn’t just a lucky break - it’s a symptom of systemic issues in IT asset disposition. The FortiGate 100F retails for $2,000+ yet frequently appears in e-waste streams due to:

  • License expiration cycles
  • Hardware refresh policies
  • Misunderstood failure states
  • Security compliance overreactions

This comprehensive guide examines why enterprises discard functional hardware and how technical professionals can safely repurpose these devices for homelabs, testing environments, and infrastructure projects. We’ll cover:

  • Enterprise hardware lifecycle realities
  • Security considerations for used equipment
  • Practical implementation guides
  • Performance optimization techniques
  • Troubleshooting enterprise-grade hardware

Understanding these principles is crucial for DevOps practitioners managing hybrid environments where enterprise-grade equipment can provide superior performance over consumer hardware at zero acquisition cost.

Understanding Enterprise Hardware Lifecycles

What is a Next-Generation Firewall?

The FortiGate 100F is a next-generation firewall (NGFW) featuring:

  • 10 Gbps firewall throughput
  • Integrated threat protection
  • SSL inspection capabilities
  • SD-WAN functionality
  • 16x GE RJ45 ports
  • 2x 10GE SFP+ slots

These appliances typically serve as perimeter security devices in medium-sized enterprises, handling 500-2,000 concurrent users.

Why Do Organizations Discard Functional Hardware?

ReasonPercentageTechnical Rationale
License expiration42%Fortinet’s subscription model requires annual payments for threat intelligence updates
Hardware refresh cycles35%Typical 3-5 year depreciation schedules regardless of functionality
Perceived obsolescence15%Newer models released (e.g., FortiGate 200F series)
Fault misdiagnosis8%Power supply or fan failures mistaken for board-level issues

The Reddit poster’s discovery exemplifies the license expiration scenario - without active subscriptions, enterprises often decommission devices rather than operate them without threat intelligence feeds.

Security Implications of Discarded Hardware

Before repurposing any enterprise network device:

  1. Perform a full factory reset
  2. Verify firmware integrity
  3. Isolate from production networks
  4. Audit all configurations

FortiOS includes a dedicated reset procedure:

1
2
3
4
5
6

connect via console cable
username: maintainer
password: bcpb<serial_number>

execute factoryreset
y

Homelab Applications for Decommissioned Hardware

While not suitable as primary firewalls without subscriptions, these devices excel as:

  • Multi-port routers/switches
  • VPN concentrators
  • Traffic shaping appliances
  • Network segmentation tools
  • Security testing platforms

Prerequisites for Repurposing Enterprise Hardware

Hardware Requirements

The FortiGate 100F requires:

  • 100-240V AC power
  • Rack ears for mounting (optional)
  • Console cable (RJ45 to DB9)
  • Compatible SFP modules (if using fiber)

Firmware Considerations

Always flash the latest firmware version compatible with your hardware. For 100F models:

1
2
3
4
5

# Download firmware from Fortinet
curl -O https://support.fortinet.com/Download/FirmwareImages.aspx?product=FortiGate&model=100F

# Verify checksum
sha256sum FGT_100F-v7.0.5.M-buildxxxx.FORTINET.out

Network Preparation

Before deployment:

  1. Create an isolated VLAN for initial configuration
  2. Document all MAC addresses
  3. Reserve IP addresses in your DHCP server
  4. Prepare console access for recovery

Security Precautions

  • Change default certificates
  • Disable unnecessary services (FSSO, FortiTelemetry)
  • Implement access controls:
    1
2
3
4
5
6

    config system admin
  edit "admin"
    set trusthost1 192.168.1.0/24
    set password <STRONG_PASSWORD>
next
end

Installation & Configuration

Initial Setup Procedure

  1. Connect console cable and power
  2. Boot while pressing Ctrl+B to enter boot menu
  3. Select “Clear all configuration data”
  4. Reboot and access via web UI on default 192.168.1.99

Base Configuration

Configure initial settings via CLI:

1
2
3
4
5
6
7
8
9
10
11
12

config system global
  set hostname HOMELAB-FW
  set timezone America/New_York
end

config system interface
  edit "port1"
    set mode static
    set ip 192.168.1.100/24
    set allowaccess ping https ssh
  next
end

Switching Mode Configuration

To use as a high-port-count switch behind your primary router:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

config system virtual-switch
  edit "LAN_SWITCH"
    set physical-switch "sw0"
    config port
      edit "port2"
      next
      edit "port3"
      next
      # Add remaining ports
    end
  next
end

config system interface
  edit "LAN_SWITCH"
    set ip 192.168.2.1/24
    set allowaccess ping
  next
end

NAT Configuration for Behind-Router Deployment

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

config firewall ippool
  edit "LAN_POOL"
    set startip 192.168.2.100
    set endip 192.168.2.200
  next
end

config firewall policy
  edit 1
    set name "OUTBOUND_NAT"
    set srcintf "LAN_SWITCH"
    set dstintf "port1"
    set srcaddr "all"
    set dstaddr "all"
    set action accept
    set nat enable
  next
end

Verification Tests

Confirm proper operation with:

1
2
3
4
5
6
7
8
9

# Check interface status
get hardware nic port1

# Verify routing table
get router info routing-table all

# Test NAT functionality
execute ping-options source 192.168.2.100
execute ping 8.8.8.8

Advanced Configuration & Optimization

Security Hardening

  1. Disable unused services:
    1
2
3
4
5

    config system settings
  set gui-certificates disable
  set gui-dynamic-routing disable
  set gui-load-balance disable
end
  2. Implement MFA for admin access:
    1
2
3
4
5
6

    config system admin
  edit "admin"
    set accprofile "super_admin"
    set two-factor ftp-disabled
    set fortitoken <TOKEN_SERIAL>
end
  3. Enable hardware-assisted SSL inspection:
    1
2
3

    config system npu
  set ssl-offloading enable
end

Performance Tuning

Adjust NPU settings for maximum throughput:

1
2
3
4
5
6

config system np6
  edit "np6_0"
    set bandwidth-adjust exponential
    set burst-max 200000
  next
end

VLAN Configuration

Create segmented networks for homelab use:

1
2
3
4
5
6
7
8

config system interface
  edit "VLAN10"
    set vdom "root"
    set vlanid 10
    set interface "port4"
    set ip 10.0.10.1/24
  next
end

VPN Setup (Without License)

IPSec VPN configuration example:

1
2
3
4
5
6
7
8
9
10

config vpn ipsec phase1-interface
  edit "HOMELAB_VPN"
    set interface "port1"
    set peertype any
    set proposal aes256-sha256
    set dhgrp 21
    set remote-gw 203.0.113.5
    set psksecret <PRESHARED_KEY>
  next
end

Operational Management

Monitoring Interfaces

Use built-in SNMP monitoring:

1
2
3
4
5
6
7
8
9
10
11
12

config system snmp sysinfo
  set status enable
  set description "Homelab_Firewall"
end

config system snmp community
  edit 1
    name "homelab"
    query-v2c-status enable
    query-v2c-port 161
  next
end

Backup Configuration

Automate configuration backups:

1
2
3
4
5
6
7
8
9
10
11
12
13

# Manual backup
execute backup config ftp backup.conf 192.168.1.50 admin password

# Schedule daily backups
config system auto-backup
  set status enable
  set frequency daily
  set time 02:00
  set storage ftp
  set server 192.168.1.50
  set user admin
  set password <PASSWORD>
end

Firmware Updates

Manual update process:

1

execute restore image ftp FGT_100F-v7.0.5.M-buildxxxx.FORTINET.out 192.168.1.50 admin password

Troubleshooting Guide

Common Issues and Solutions

SymptomDiagnosisResolution
No internet connectivityMissing default routeconfig router static; edit 0; set gateway 192.168.1.1
Ports not passing trafficSwitching misconfigurationVerify virtual switch membership
High CPU usageUnlicensed UTM featuresDisable inspection: config firewall policy; set utm-status disable

Diagnostic Commands

Check system status:

1
2
3

get system performance status
get system session status
get hardware sensor

Packet capture:

1

diag sniffer packet port1 'host 8.8.8.8' 4

Log Analysis

Enable debug logging:

1
2
3

diagnose debug enable
diagnose debug application httpsd -1
diagnose debug console timestamp enable

Conclusion

The discovery of a functional FortiGate firewall in e-waste streams highlights critical issues in enterprise hardware lifecycle management while presenting opportunities for technical professionals. By understanding:

  • Enterprise depreciation cycles
  • Security best practices for reused hardware
  • Alternative use cases beyond primary firewall roles
  • Configuration without vendor support

DevOps engineers can transform discarded infrastructure into powerful homelab assets. The FortiGate 100F exemplifies this potential - when properly configured, it outperforms consumer-grade hardware while providing enterprise-level features.

For further exploration:

  1. Fortinet Documentation
  2. NIST SP 800-88 Rev. 1 (Media Sanitization)
  3. RFC 7457 - Summarizing Known Attacks on TLS

The next frontier? Exploring open-source firmware alternatives for end-of-life hardware, pushing the boundaries of sustainable infrastructure practices while maintaining security and performance.

Open Source, Reddit Guides, Monitoring
homelab sysadmin how-to tools monitoring observability security hardening
This post is licensed under CC BY 4.0 by the author.