When your Cisco router goes down or your FortiGate firewall starts dropping traffic at 2 AM, the first call is to vendor support. They’ll ask for your running config. It’s the fastest way to diagnose the problem.
The catch: your config contains active credentials. VPN pre-shared keys, admin passwords, API tokens, SNMP community strings — all of them live, all of them in production, all of them in your configuration file.
You don’t want those in a support database. ScrubForge solves exactly this: sanitize the credentials locally before attaching to a support ticket or email.
Why Raw Configs in Support Tickets Are a Risk
When you email a config file or attach it to a Cisco TAC case, FortiGate support portal, or Jira ticket, that file goes into a system you don’t fully control. Depending on the vendor’s security practices and data retention policy, your credentials may be:
- Logged in support system databases
- Accessible to support staff during troubleshooting
- Retained longer than you expect
- Shared internally with other teams for knowledge building
Most enterprise support systems are reasonably secure. But a production firewall config containing live VPN keys and admin passwords does not need to be in a support database at all. The vendor’s support engineer doesn’t need your credentials to troubleshoot your configuration. They need the structure.
The ScrubForge + Support Ticket Workflow
- Export your config — On Cisco IOS:
show running-config. On FortiGate: System > Configuration > Download. Other vendors have similar CLI or web UI export options. - Open ScrubForge — Click the icon in your Chrome toolbar. It opens as a local panel in your browser — no upload, no external servers.
- Paste and sanitize — Paste your raw config. ScrubForge detects passwords, pre-shared keys, API tokens, and SNMP strings, replacing each unique value with a consistent placeholder like
[PSK_1]or[ADMIN_PASS_1]. - Review — Scan the output for anything that looks like a live credential. A 30-second review before sharing is good practice.
- Attach to ticket — Copy the sanitized output into your support ticket email, or save it as a text file and upload to the support portal.
What to Include in Your Support Ticket
When attaching the sanitized config, add a one-line note to the ticket:
This tells the support engineer what they’re looking at and why they won’t see live values. Most engineers will understand immediately. They know the structure is what matters for troubleshooting — routing protocols, VPN peer IPs, firewall policies, interface configurations. None of those are credentials.
Before and After: What ScrubForge Replaces
--- BEFORE (raw) --- crypto isakmp key T@nn3lS3cr3t address 198.51.100.10 username admin password cisco123 snmp-server community public RO --- AFTER (sanitized) --- crypto isakmp key [PSK_1] address 198.51.100.10 username admin password [ADMIN_PASS_1] snmp-server community [SNMP_RO_1] RO
The peer IP, interface names, and policies stay. The live credentials don’t. Your support engineer sees the same logical structure with zero live values in the support system.
This Works with Any Vendor
Whether it’s Cisco, FortiGate, Palo Alto, Juniper, Arista, Cumulus, pfSense, or any other vendor, the principle is the same: sanitize text-based configs before sharing with external systems. ScrubForge detects common credential patterns in any text-based format.
How Support Engineers Troubleshoot from Sanitized Configs
Once you send a sanitized config, support engineers can troubleshoot:
- Routing and BGP — checking peer configs and policy configs
- IPsec/VPN — reviewing IKE phase 1/phase 2 settings and DPD timers
- Firewall policies — finding missing allow rules, NAT order issues, policy shadowing
- VLAN configuration — STP issues, native VLAN mismatches, trunk misconfigurations
- Interface errors — speed/duplex mismatches, cable diagnostics, jumbo frame configs
All of this depends on configuration logic and structure. None of it depends on seeing the actual credential values.
Sanitize before you share
ScrubForge is free. Paste your config, strip the credentials locally, then attach to support tickets or emails safely — no account, no upload required.
Install ScrubForge — Free