ConfigSentry Terms of Use

1. Scope and Acceptance

These terms apply to ConfigSentry and any related collector, sign-up, reporting, support, or account features. If you use ConfigSentry on behalf of an organisation, you confirm that you have authority to bind that organisation to these terms.

2. Service Description

ConfigSentry is a FortiGate firewall configuration auditing and security assessment platform. It can analyse uploaded configuration files, collected configurations, or configurations retrieved over SSH and produce structured audit outputs, findings, and recommendations. It is a security tool intended to help identify potential weaknesses, not a guarantee that any firewall, network, or environment is secure or compliant.

Supported capabilities include:

• Manual uploads - upload a FortiGate configuration backup file through the web interface for on-demand analysis.
• Automated collection - deploy a ConfigSentry Collector in your environment to retrieve configurations on a schedule or on demand.
• Direct SSH auditing - connect to a supported appliance via SSH to retrieve and analyse the running configuration without a local collector.

ConfigSentry currently supports Fortinet FortiGate firewalls running FortiOS 6.4.5 and later. Earlier 6.4.x versions, and any unsupported device or format, may produce inaccurate or incomplete results.

3. Advisory Outputs Only

Audit results, findings, scores, and reports are advisory outputs only. They are intended to help your team identify potential weaknesses and review priorities, but they are not a substitute for human review, professional security advice, penetration testing, or compliance certification.

• The platform only analyses the information available in the supplied or retrieved configuration.
• A passing result does not mean your environment is secure, compliant, or free of vulnerabilities.
• A finding does not automatically mean a weakness is exploitable in your environment.
• Rule definitions, scoring, and report output may change over time, so the same configuration may produce different results later.

You are responsible for validating any finding before relying on it, changing production systems, or making security decisions based on the output. A professional security engineer should review the report and use it to help advise how best to secure your firewall; you should not blindly follow audit output without applying security judgment and context.

4. Customer Responsibilities

• Authorization - only submit configurations or connect to appliances you own or are expressly authorised to audit.
• Data handling - firewall configurations may contain sensitive information such as IP addresses, VPN details, shared secrets, and topology data. You are responsible for deciding what you submit and redacting data where appropriate.
• Credentials - keep your account credentials, MFA codes, collector credentials, SSH credentials, and any report encryption passwords confidential.
• Review before relying - check results carefully before taking action, especially before making production changes.
• Compliance - make sure your use of the platform complies with applicable laws, regulations, and internal policies.

5. Acceptable Use

You may use ConfigSentry only for legitimate security, operational, and business purposes. You must not:

• Upload configurations or connect to appliances without proper authorization.
• Attempt to access, alter, or extract data belonging to other customers.
• Reverse engineer, decompile, probe, or derive the rule library, scoring logic, or proprietary components.
• Bypass access controls, rate limits, authentication, or usage restrictions.
• Use the service to overload, disrupt, or degrade availability for other users.
• Introduce malicious code, malware, or harmful files.
• Scrape reports or platform data outside normal application use.
• Resell, sublicense, or provide third-party access except where we expressly agree in writing.

6. Availability and Changes

secdit may update, modify, suspend, or discontinue any part of ConfigSentry at any time for maintenance, security, legal compliance, service improvement, or operational reasons. We do not guarantee uninterrupted uptime or error-free operation, and we may apply rate limits, maintenance windows, or access restrictions where needed.

7. Disclaimer of Warranties

ConfigSentry is provided "as is" and "as available", without warranties of any kind except where a warranty cannot legally be excluded. To the fullest extent permitted by law, secdit disclaims all implied warranties, including merchantability, fitness for a particular purpose, title, and non-infringement. We do not warrant that the service will meet your needs, operate continuously, or produce complete or perfect results.

8. Limitation of Liability

To the fullest extent permitted by law, secdit is not liable for indirect damages, incidental damages, special damages, consequential damages, punitive damages, or business interruption losses arising from or related to the use of ConfigSentry, including reliance on audit outputs or changes you make in response to them.

Where liability cannot be excluded, secdit's total aggregate liability to you for all claims arising out of or relating to ConfigSentry will not exceed the total amount actually paid by you for the ConfigSentry service during the 12 months before the event giving rise to the claim.

9. Data and Retention

Where the platform stores reports or account data, those records may remain in your account until you delete them or your account is removed, subject to our operational and legal requirements. If you enable report encryption, you are responsible for the password and we cannot recover encrypted output for you.

10. Suspension and Termination

secdit may suspend or terminate your access where required for security, non-payment, breach of these terms, misuse, or legal compliance. You may stop using the service at any time.

11. Changes to These Terms

secdit may update these terms from time to time. Continued use of ConfigSentry after revised terms are published means you accept the revised version.

12. Contact

For questions about these terms or the service, contact secdit through the main website contact page.