How to Securely Erase a Hard Disk with Factory Reset—DoD and NNSA Compliant

Palo Alto Networks devices offer two variations of securely wiping the internal hard drive, both of which can be found within maintenance mode. 

1. Enter maintenance mode from either method below
   1. Type 'maint' when prompted during the boot sequence. (Console connection) How to Enter Maintenance Mode for Factory Reset.
   2. Reboot the system into maintenance mode and connect via SSH. How to SSH into Maintenance Mode.

NOTE: PA-400 you will need to first select boot partition

2. Assuming we have successfully entered maintenance mode on your Palo Alto appliance, we can proceed by selecting 'Continue,' then the 'Factory Reset' option from the main menu

3. Choose 'Advanced', as seen below. 

4. At this point, you will be prompted for the 'Advanced' password, which is MA1NT
   1. FIPS Maintenance Mode password is: paloalto
5. After submitting the 'Advanced' password, you should see a 'Factory Reset' screen, but with more options than before, as seen below:

6. In the above example, I have selected to 'Factory Reset' the appliance with PAN-OS version 7.0.1 with the option to scrub with dod scrub type. Please select the options that apply to you.

NOTE: As mentioned in the WARNING above, the scrub process can take up to forty eight hours. Please take this into account when selecting these options.