# Windows Imaging in FileWave: Secure Imaging Option (15.5+)

## What

In FileWave version **15.5.0**, significant changes have been made to the Windows Imaging process using the Imaging Virtual Server (IVS). Previously, when imaging or capturing a Windows system, the device would mount NFS (Network File System) volumes directly over TCP/UDP port **2049**. Starting with FileWave 15.5, the imaging process has been enhanced for security and reliability by allowing the creation of a **VPN tunnel** over TCP/UDP port **20490**. Over this secure VPN tunnel, the system accesses the NFS mounts, providing a more secure and efficient imaging environment. This secure functionality was initially enabled by default, but from 16.2.0 onward it is disabled by default and can be enabled or disabled via a command.

## When/Why

#### **When to Use**

Secure imaging is something you want to consider if you frequently capture images of devices that have user data on them. Secure imaging will prevent someone from grabbing an image from the IVS server. If you don't typically do this, and typically use the IVS to simply capture base images and deploy them then there is better performance if Secure Imaging is disabled. If you setup your IVS on version 16.2.0 then it will be disabled by default. If you were running an older IVS you may see it enabled but can easily toggle it off or on in 16.2.0.

## How

#### **Enabling Secure Imaging**

You can **enable** it with this command on FileWave 16.2.0 or beyond:

```bash
sudo imaging-control enable secure-mount
sudo reboot
```

#### **Disabling Secure Imaging**

You can **disable** it with this command on FileWave 16.2.0 or beyond:

```bash
sudo imaging-control disable secure-mount
sudo reboot
```

#### **Important Considerations**

**Firewall Configuration**: Make sure that your network’s firewalls allow traffic over the necessary ports:

- **Port 20490** for Secure Imaging.
- **Port 2049** for Standard Imaging.

## Related Content

- [Setting up the IVS (Imaging Virtual Server)](https://kb.filewave.com/books/network-imaging-ivs/page/setting-up-the-ivs-imaging-virtual-server "Setting up the IVS (Imaging Virtual Server)")
- [Imaging Speed Test for IVS Performance Verification](https://kb.filewave.com/books/network-imaging-ivs/page/imaging-speed-test-for-ivs-performance-verification "Imaging Speed Test for IVS Performance Verification")

## Digging Deeper

##### **Secure Imaging Flag File**

On FileWave versions older than 16.2.0, you can delete the flag file to **enable** Secure Imaging:

```bash
sudo rm /etc/fw_insecure_nfs_mount
sudo reboot
```

On FileWave versions older than 16.2.0, you can create the flag file to **disable** Secure Imaging:


```bash
sudo touch /etc/fw_insecure_nfs_mount
sudo ufw allow 2049/tcp
sudo ufw allow 2049/udp
sudo reboot
```