Getting started

This technical note explains how to enable and disable the Secure Boot feature in the UEFI on SNS firewalls.

Secure Boot increases the security of the system, in particular by verifying the signature of the system loaded when the SNS starts up.

SNS firewall models that are compatible with Secure Boot

This table lists the SNS firewall models that are compatible with Secure Boot, and specifies whether the feature is enabled by default in factory settings.

SNS firewall model	Default activation status of Secure Boot in factory settings
SN-XS-Series-170 SN-S-Series-220 and SN-S-Series-320 SN-M-Series-520 SN-L-Series-2200 and SN-L-Series-3200 SN-XL-Series-5200 and SN-XL-Series-6200 SNi10	Enabled by default
SN-M-Series-720 and SN-M-Series-920	Enabled by default as of BIOS version R1.03
SN1100 and SN3100 SNi20 SNxr1200	Disabled by default

SNS firewall model

Default activation status of Secure Boot in factory settings

SN-XS-Series-170

SN-S-Series-220 and SN-S-Series-320

SN-M-Series-520

SN-L-Series-2200 and SN-L-Series-3200

SN-XL-Series-5200 and SN-XL-Series-6200

SNi10

Enabled by default

SN-M-Series-720 and SN-M-Series-920

Enabled by default as of BIOS version R1.03

SN1100 and SN3100

SNi20

SNxr1200

Disabled by default

TIP
To check whether Secure Boot is enabled on the SNS firewall, run the following command in a CLI console:

SYSTEM PROPERTY

If SecureBoot=1 appears in the result, this means that the feature is enabled, while SecureBoot=0 means it is disabled.

Explanations on the use of Secure Boot

When Secure Boot is enabled, you can no longer perform the following operations on the SNS firewall:
- Reset the administrator password in single user mode,
- Start the SNS firewall on a backup partition in a version of SNS lower than 4.2.1,
- Start the SNS firewall on a USB drive, for example when restoring the program from a USB drive (USB Recovery),
- Install a version of SNS lower than 4.2.1.
For security reasons, you are advised to protect access to the SNS firewall's UEFI control panel with a password. If Secure Boot is enabled by default on the SNS firewall, we recommend protecting access to the UEFI's control panel as soon as possible. For more information, refer to the technical note Protecting access to the configuration panel of the UEFI on SNS firewalls.
As of version 4.8.7, Secure Boot monitors the integrity of the UEFI binaries in the boot sequence of the SNS firewall. You are therefore strongly advised to enable Secure Boot to guarantee the integrity of the sequence, especially if the TPM on the SNS firewall has been initialized. For more information, refer to the technical note Configuring the TPM and protecting private keys in SNS firewall certificates.

Date	Description
February 19, 2026	- Document modified to present a single procedure
August 07, 2025	- SNxr1200 firewall added
May 21, 2025	- Paragraph "Explanations on the use of the Secure Boot feature" added to the section "Getting started" - Tip added to check whether the Secure Boot feature is enabled, and a requirement regarding the installation of a driver was added to the "Requirements" section
December 03, 2024	- SN-XS-Series-170, SN-L-Series-2200, SN-L-Series-3200, SN-XL-Series-5200, SN-XL-Series-6200 and SNi10 firewall models added
May 25, 2023	- SN-S-Series-220, SN-S-Series-320, SN-M-Series-520, SN-M-Series-720 and SN-M-Series-920 firewall models added - Addition of sections Disabling Secure Boot in the SNS firewall’s UEFI
June 13, 2022	- New document