Windows Imaging in FileWave: Secure Imaging Option (15.5+)

What 
 In FileWave version 15.5.0 , significant changes have been made to the Windows Imaging process using the Imaging Virtual Server (IVS). Previously, when imaging or capturing a Windows system, the device would mount NFS (Network File System) volumes directly over TCP/UDP port 2049 . Starting with FileWave 15.5, the imaging process has been enhanced for security and reliability by allowing the creation of a VPN tunnel over TCP/UDP port 20490 . Over this secure VPN tunnel, the system accesses the NFS mounts, providing a more secure and efficient imaging environment. This secure functionality was initially enabled by default, but from 16.2.0 onward it is disabled by default and can be enabled or disabled via a command. 
 When/Why 
 When to Use 
 Secure imaging is something you want to consider if you frequently capture images of devices that have user data on them. Secure imaging will prevent someone from grabbing an image from the IVS server. If you don't typically do this, and typically use the IVS to simply capture base images and deploy them then there is better performance if Secure Imaging is disabled. If you setup your IVS on version 16.2.0 then it will be disabled by default. If you were running an older IVS you may see it enabled but can easily toggle it off or on in 16.2.0. 
 How 
 Enabling Secure Imaging 
 You can enable it with this command on FileWave 16.2.0 or beyond: 
 sudo imaging-control enable secure-mount
sudo reboot 
 Disabling Secure Imaging 
 You can disable it with this command on FileWave 16.2.0 or beyond: 
 sudo imaging-control disable secure-mount
sudo reboot 
 Important Considerations 
 Firewall Configuration : Make sure that your network’s firewalls allow traffic over the necessary ports: 
 
 Port 20490 for Secure Imaging. 
 Port 2049 for Standard Imaging. 
 
 Related Content 
 
 Setting up the IVS (Imaging Virtual Server) 
 Imaging Speed Test for IVS Performance Verification 
 
 Digging Deeper 
 Secure Imaging Flag File 
 On FileWave versions older than 16.2.0, you can delete the flag file to enable Secure Imaging: 
 sudo rm /etc/fw_insecure_nfs_mount
sudo reboot 
 On FileWave versions older than 16.2.0, you can create the flag file to disable Secure Imaging: 
 
 sudo touch /etc/fw_insecure_nfs_mount
sudo ufw allow 2049/tcp
sudo ufw allow 2049/udp
sudo reboot