Security and Trust

Built for security-sensitive firewall review

FortiGate configurations are sensitive. This page explains the read-only model, handling approach, and trust details that matter during evaluation.

Start Free Audit View Pricing

At a glance

The trust points buyers usually ask first

Shield charm representing the read-only access model.

Read-only access model

The platform is designed for analysis and reporting, not for pushing production changes.

Configuration charm representing audit processing.

Raw configs processed for audit

Raw configuration data is used for the audit workflow rather than positioned as a generic document store.

Shield charm representing temporary encrypted queue storage.

Queued payloads are temporary and encrypted

If an audit waits for worker capacity, the queued payload may be stored temporarily in encrypted form until processing starts or the queued item expires.

Risk finding charm representing retained findings.

Derived findings may be retained

Findings, scores, report metadata, and audit history can remain until deleted.

MFA charm representing protected account access.

MFA-supported account access

Multi-factor authentication helps protect access to audit history and findings.

Collector charm representing local secret storage.

Collector secrets can stay local

Collector-based collections can be configured so appliance credentials remain on the collector host rather than being stored in the website.

Report output charm representing export protection.

Download and report protection options

Export protection applies to downloaded reports and should be considered separately from platform-side controls.

Handling flow

A practical view of the review path

01

Read-only access

Manual upload or least-privilege collector retrieval.

02

Processed or queued securely

Raw configs are used to build the audit view for that run, and queued payloads may be stored temporarily in encrypted form until processing begins.

03

Derived findings retained

Findings, scores, and history may remain until deleted.

04

Reports and export options

Engineer, executive, and download-oriented outputs.

Direct answers

Direct answers to the handling questions buyers ask first

Capability
Answer
Is ConfigSentry read-only?
Yes. It is designed for review, not change deployment.
Does it push changes to FortiGate?
No. Remediation remains under customer change control.
Where are appliance and collector credentials stored?
Website-managed appliance credentials may be stored in the account for hosted retrieval workflows. Collector-based collections can be configured so appliance credentials remain only on the collector host.
How are queued audits handled?
If an audit is queued, the submitted configuration or prepared payload may be stored temporarily in encrypted form. The database stores encrypted queue payloads and operational metadata only, while decrypt keys are stored separately from the database on temporary backend storage.
What may be retained?
Findings, scores, report metadata, audit history, and limited operational metadata may remain until deleted. Temporary queued payloads and key files are deleted when processing starts or when expired items are cleaned up.
How can customers delete audits?
Delete audits and related account data through the normal account workflow.
Is MFA supported?
Yes. MFA-supported account access helps protect sensitive audit output.

Data handling matrix

What each workflow means in practice

Capability
Primary handling
What may remain
Customer control
Manual upload
Raw configuration is processed for the audit run, or stored temporarily in encrypted form if the audit is queued before execution.
Derived findings, scores, report metadata, audit history, and limited queue metadata may remain until deleted. Temporary queued payloads and key files are removed when processing starts or when cleanup expires them.
Delete audits, manage membership, and choose report-export options.
Collector / monitoring
Collector retrieves config using the customer-approved access model, and queued collector submissions may be stored temporarily in encrypted form before processing starts.
Derived findings, appliance metadata, schedule details, audit history, and limited queue metadata may remain. Local secrets stay on the collector host.
Control host placement, disable monitoring, and remove appliances or audits.
Download-only report
Report package is generated for download as the main retained artefact for that workflow.
Downloaded files remain wherever the customer stores them after export.
Choose storage location, access controls, and optional report protection.
Account metadata
User profile, account membership, purchases, and operating metadata support the service.
Remains while the account is active and follows normal account-cleanup flows.
Manage members, settings, and account deletion requests.
Support tickets
Ticket content and attachments support troubleshooting and customer follow-up.
Remains as part of support history until cleaned up through account processes.
Choose what to submit and avoid unnecessary sensitive material.

Collector security

How to think about the collector workflow

Shield charm representing read-only least-privilege collection.

Read-only and least privilege

Use the lowest practical privilege that still allows full configuration retrieval.

Collector charm representing credential locality.

Credential locality

Collector-side credentials stay a customer host concern, not a website-managed secret store.

Report output charm representing outbound communication.

Outbound communication

Website communication is designed around outbound HTTPS from the collector host.

Configuration charm representing rollout planning.

Rollout planning

Host placement, network policy, and read-only access still need normal internal approval.

Account access roles

Role-based access within the account

MFA charm representing administrator access.

Administrator

Full account administration, including configuration of collection workflows, credential handling, audits, users, and account-level settings.

Risk finding charm representing standard user access.

Standard User

Operational access for running audits, reviewing findings, and working with report output without full account-administration scope.

Report output charm representing report viewer access.

Report Viewer

Read-focused access for viewing findings and reports without broader configuration or account-management permissions.

Buyer review notes

Short answers for trust review

Configuration charm representing raw config handling.

Raw config handling

Raw configurations are processed for the audit workflow, and queued submissions may be stored temporarily in encrypted form until processing begins or the queued item expires.

Collector charm representing credential storage.

Credential storage model

Storage expectations differ by workflow: hosted retrieval may involve website-managed appliance credentials, while collector-based retrieval can keep those credentials only on the collector host.

Shield charm representing hosting and encryption detail.

Encryption and hosting detail

Contact secdit if your review needs current hosting region, jurisdiction, or implementation details for encryption in transit and at rest.

Report output charm representing support and deletion expectations.

Support and deletion expectations

Support access, backup/log retention, queue expiry handling, and customer-controlled deletion should be reviewed against your internal handling requirements.

Shield charm representing honest assurance scope.

Honest assurance scope

ConfigSentry is not presented here as independently certified. The controls described support customer review.

Next step

Review pricing or start with a real audit

If the trust model fits your needs, the next step is usually to run a real FortiGate audit and review the output.

Start Free AuditView Pricing