For security reasons, can a firewall only be bootstrapped when it is in factory default state?

The assertion that a firewall can only be bootstrapped when it is in a factory default state is indeed true. Bootstrapping a firewall refers to the initial configuration and setup process, which often involves establishing the essential settings and policies necessary for its operation.

When a firewall is in its factory default state, it has not been customized or configured with specific rules or policies that could interfere with the bootstrapping process. This clean slate environment allows for the secure initiation of the firewall's operations, ensuring that any vulnerabilities or risks associated with residual configurations are mitigated.

Moreover, in a factory default state, the firewall is typically set up with basic security parameters and its default credentials, making it a predictable and standardized environment for initial setup. This is significant for security because it minimizes the risk of misconfiguration during the bootstrapping phase, which could expose the firewall to threats if it were to proceed with a preconfigured, potentially insecure setup.

As a result, bootstrapping a firewall during its factory default state is a best practice that enhances security and ensures that the firewall operates as intended right from the start.