Celebrating our Community: Thank You for an Incredible Month
Blogs
Recently active
Introduction IPv6 adoption has matured significantly over the past decade. In 2010, the RIPE community published RIPE-554, a procurement guide designed to ensure new ICT equipment could handle IPv6. Five years later, RIPE replaced it with RIPE-772, an updated document that reflected real-world IPv6 deployments and operational lessons learned. Today, technologies like FortiADC, Fortinet’s Application Delivery Controller, not only comply with RIPE-772 but also provide the advanced performance and security needed to support modern IPv6 environments. From RIPE-554 to RIPE-772: FortiADC’s IPv6 Compliance When RIPE-554 was introduced in 2010, its purpose was to help organizations take their first steps beyond IPv4 by requiring that new ICT equipment support the basics of IPv6. It outlined fundamental capabilities such as IPv6 routing, tunneling mechanisms like 6to4 and ISATAP, operating system readiness, and firewall filtering. This checklist was critical for early adoption, even thou
Fortinet has officially renamed FortiToken Cloud to FortiIdentity Cloud, a change that represents more than just a new label. The update signals a strategic shift to expand beyond token-based authentication and position identity as a central pillar of modern cybersecurity. Originally designed to deliver simple two-factor authentication (2FA) through tokens, FortiToken Cloud met an essential need for organizations securing remote workers and sensitive applications. However, as enterprises embraced digital transformation, hybrid work, and cloud adoption, the demand for more advanced and comprehensive identity services grew rapidly. With FortiIdentity Cloud, Fortinet has expanded the service into a full identity and access management (IAM) platform. The solution now supports federated identity standards such as SAML and OIDC, enabling single sign-on across cloud and on-premises applications to simplify access for users and administrators alike. It incorporates adaptive and risk-based auth
As more organizations accelerate their digital transformation, cloud-native architectures and containerized workloads have become the foundation for innovation and scalability. Yet, with this evolution comes a shifting security landscape—one that is more dynamic, distributed, and complex than ever before. Protecting these modern environments demands not just traditional safeguards, but an adaptive, layered security strategy capable of keeping pace with rapid change. Fortinet brings a robust portfolio of security solutions tailored for these challenges, empowering teams with deep visibility, granular control, and unified protection from code to cloud. In this article, we’ll explore essential pillars and proven best practices for Google Kubernetes Engine (GKE), including the use of private clusters to limit exposure, Workload Identity to securely map Kubernetes workloads to Google Cloud IAM, Binary Authorization to ensure only trusted container images are deployed, and Shielded GKE Nodes
With the rise of cloud adoption and the pace of technological change, building a holistic security architecture has never been more critical to protecting an organization’s assets in the cloud. In this blog post, we will explore the top five security principles for safeguarding your cloud applications, which we shared in the webinar “The Top 5 Principles for Successful Cloud Security”. At Fortinet, we are committed to helping our customers stay up to date with a comprehensive security strategy and the right tools to ensure their hybrid environment remains secure. Image 1 illustrates the five cloud security principles designed to guide your current strategy and deepen your understanding of the rapidly evolving cloud risks. Image 1 – 5 Cloud Security pillar 1. Identity and Access Management In today's cloud-centric environment, identities have become the new security perimeter. When you register with a cloud provider, a username and password are t
An in-depth look at how Fortinet’s FortiSOAR automation framework performs comprehensive security validation for newly deployed virtual machines—integrating with FortiEDR, FortiSIEM, FortiEMS, FortiPAM, NetBox/IPAM for asset assurance, and Nessus for vulnerability and compliance verification—to enforce enterprise-grade security hygiene and visibility. A. Introduction In modern cybersecurity operations, VM deployment is merely an initiation point. The critical focus is on enforcing defense-in-depth and zero trust principles ensuring every new asset is seamlessly onboarded into the enterprise's security control plane across EDR, SIEM, PAM, asset inventory, and vulnerability scanning. Manual validation creates security drift, expands the attack surface, and weakens compliance posture. To mitigate this, I developed an automated post-onboarding security control validation pipeline using FortiSOAR, orchestrating cross-platform integration with FortiEDR, FortiSIEM, FortiEM
While AWS provides a strong foundation of native security tools, organizations often seek additional layers of protection to meet specific compliance, visibility, or threat prevention needs. This is where FortiGate and FortiWeb solutions come into play. FortiGate is Fortinet’s flagship Next-Generation Firewall (NGFW) solution, designed to provide comprehensive, intelligent, and high-performance security for network whether on-premises, in the cloud, or across hybrid environments like AWS, offers advanced threat protection, secure VPN access, and deep traffic inspection, making it ideal for securing VPCs and hybrid cloud environments, for this scenario securing network traffic to and from fargate tasks by inspecting traffic at the VPC level, enforcing segmentation, and blocking malicious activity through deep packet inspection and threat intelligence. Meanwhile, FortiWeb is a specialized web application firewall (WAF) designed to protect web applications such as Fargate-hos
In today's digitally connected world, data protection is no longer just a technical requirement—it’s a business imperative, a legal necessity, and a cornerstone of customer trust. As privacy regulations like the European Union General Data Protection Regulation (GDPR) continue to shape global data practices, organizations are looking for secure, scalable solutions that not only meet compliance needs but enhance operational confidence. Enter FortiToken Cloud: Fortinet’s identity and access management service that now proudly offers enhanced GDPR support, including region-based deployment and dedicated European Union (EU) data centers. Let’s explore what this means—and why it matters. A Clear Path to GDPR Compliance The GDPR is widely considered the gold standard for data privacy regulation. Enforced since May 2018, it sets strict rules on how organizations collect, process, store, and protect personal data of individuals within the EU. For any business—whether based in Europe or simply
As more organizations transition to cloud-native architectures and container-based deployments, maintaining strong security becomes a critical priority. The dynamic and distributed nature of these environments brings unique risks that demand a comprehensive and adaptive security approach. Fortinet delivers a robust portfolio of tools tailored to meet these challenges offering deep visibility, granular control, and end-to-end protection across your cloud ecosystem. In this article, we’ll highlight essential areas of cloud security, such as source code and container vulnerability scanning, security best practices for Oracle Kubernetes Engine (OKE), and advanced FortiCNAPP features for Kubernetes workloads. We’ll also examine the role of FortiGate in monitoring outbound traffic and how FortiWeb Ingress Controller safeguards external-facing services. By implementing these strategies and leveraging Fortinet’s integrated solutions, organizations can significantly improve the security and res
As organizations increasingly adopt cloud-native applications and containerized environments, ensuring robust security becomes paramount. The dynamic nature of these environments introduces unique challenges that require comprehensive security strategies. Fortinet offers a suite of solutions designed to address these challenges, providing visibility, control, and protection across your cloud infrastructure. In this article, we will explore key aspects of cloud security, including code and container scanning, best practices for Azure Kubernetes Service (AKS), and advanced capabilities of FortiCNAPP for Kubernetes. We will also delve into the importance of monitoring egress traffic with FortiGate and securing ingress traffic with FortiWeb. By following these guidelines and leveraging Fortinet's solutions, organizations can enhance the security and efficiency of their cloud-native applications. AKS Benchmark Best Practices Azure Kubernetes Service (AKS) provides a managed Ku
In an era where networks are growing more complex and downtime is costlier than ever, traditional monitoring tools are no longer enough. IT teams are overwhelmed—not just by alerts, but by the sheer scale of infrastructure, they are expected to manage. That’s why the release of FortiAIOps 3.0 marks a pivotal moment for IT operations. Blending advanced machine learning, deeper real-time analytics and predictive intelligence, this new release goes further—it delivers true operational intelligence offering context-aware insights across wired, wireless and SD-WAN infrastructure. Whether you're troubleshooting intermittent performance issues or preventing outages before they occur, FortiAIOps 3.0 is built to help IT teams move from reactive to proactive, from monitoring to autonomous remediation. Let’s dive into what makes this release a game-changer! FortiAI agent – The virtual network expert. FortiAIOps 3.0 introduces a powerful new feature: the FortiAI Agent—a
What is FortiAppSec Cloud? FortiAppSec Cloud is Fortinet’s advanced Web Application and API Protection (WAAP) platform, designed to deliver enterprise-grade security in a cloud-native, scalable package. It provides a unified solution for protecting your web apps and APIs, combining AI-driven threat detection, DDoS mitigation, bot defense, and API security into one streamlined service—with global deployment capabilities. Whether you're protecting a public-facing website, internal portals, or APIs powering mobile apps, FortiAppSec Cloud offers layered protection without added complexity. Why Choose FortiAppSec Cloud on AWS Marketplace? Now available as a Pay-As-You-Go (PAYG) solution, FortiAppSec Cloud on AWS Marketplace gives you flexibility and simplicity: Faster Time to Value – Deploy instantly from AWS Marketplace and start securing your apps in minutes. Flexible Consumption – Scale up or down based on demand with usage-based billing. Integrated with Your Cloud Strategy – Ali
Introducing FortiAppSec Cloud: Unified, Cloud-Agnostic Application Security FortiAppSec Cloud stands out as a unique solution that’s designed to secure modern, cloud-hosted applications—regardless of where they live. Whether you're using AWS, Azure, Google Cloud, or multiple cloud providers, FortiAppSec Cloud offers consistent security enforcement and centralized management. Even if you purchase it through a cloud marketplace, it can be deployed seamlessly across various environments. Here’s what makes FortiAppSec Cloud a game-changer: Cloud Agnostic by DesignProtect applications across any cloud with a unified approach to management and enforcement. FortiAppSec Cloud works across hybrid and multi-cloud environments. AI-Powered Threat DetectionWith advanced machine learning capabilities, FortiAppSec Cloud can detect and block unknown threats and zero-day exploits with high accuracy—staying ahead of evolving threats. Flexible Consumption with FortiFlexFortinet’s FortiFlex program
In today’s hybrid environments, secure and seamless access is no longer a luxury—it’s a necessity. That’s why FortiToken Cloud 25.2.a is such a game-changer. With a suite of powerful new features, this latest release empowers organizations to take control of user authentication, streamline integration, and offer a branded experience—all without sacrificing security. Whether you're managing access for internal apps, enforcing mobile compliance, or simplifying user logins, FortiToken Cloud 25.2.a delivers practical tools that meet real-world needs. Local Identity Provider (IdP): Own Your User Authentication Tired of relying on third-party identity providers like Google or Azure AD? FortiToken Cloud now supports Local IdP, enabling user authentication directly within the platform using locally stored credentials. This reduces dependency on external systems, cuts integration complexity, and gives organizations tighter control over their authentication flow—all while maintaining ente
Background We are migrating existing Lacework customers from our current Lacework support portal (Zendesk) to the FortiCare support portal to service all support requests for the Lacework FortiCNAPP product. This migration doesn’t change how you access the Lacework platform—it only affects how support tickets are submitted. While the existing users of the Lacework support portal have been migrated to FortiCare, they remain inactive by default. To enable support access in FortiCare, the "Master Account Owner" must complete the steps outlined below. A Master Account Owner account is the administrator for an organization in FortiCare. This account was created for all Lacework customers who had an existing Lacework instance as of February 15, 2025. The Master Account Owner’s email address was provided to Lacework when the subscription was activated. An Identity & Access Management (IAM) User is an individual identity created within the organization that
Azure virtual network terminal access point (TAP) provides the capability to encapsulate and mirror traffic to a network interface of an appliance or a load balancer fronting an appliance. For workloads deployed in Azure, where traffic inspection via a stateful device like an NGFW (Next-Generation Firewall) isn’t in place or isn’t feasible, leveraging the virtual network TAP solution provides visibility into network traffic without the need to rearchitect or reroute production traffic. Leveraging virtual network TAP with FortiGate VM enables the following use cases: Network visibility into the traffic that is sent and received by your workloads in Azure. Leveraging the IDS (intrusion detection system) capability on FortiGate VM helps detect network-based attacks such as DoS, DDoS, and port scanning, as well as malware and virus detection, ransomware, and data exfiltration. The capability to send these traffic logs to a centralized place, like FortiAnalyzer, t
On May 3rd, 2025, when you log in to http://support.fortinet.com, you will be greeted by a redesigned landing page, crafted to streamline your access to essential support resources. Welcome to Our New Support Page! We are excited to introduce a brand-new landing page designed with you in mind. After listening to your feedback, we have simplified and streamlined the experience so you can easily find everything you need - whether it’s troubleshooting tips, guides, or answers to common questions. This page is focused purely on the resources that help you get the answers you need, faster. No more hunting around, we have organized everything for a smoother, more intuitive experience. Smarter Support for You When you need help, we have got your back. For some of you in the UK and France, you will see that we have revamped the ticket submission page so that when you open a ticket, you will be presented with relevant solutions right away. These suggestions can help
The Benefits of FortiClient for Educational Institutions Web Filtering For primary educational institutions child safety is paramount, including on-line safety, with the necessity for managing and controlling the types of content accessible to students. FortiClient offers web filtering profiles that allow administrators to block or allow access to websites based on categories and keywords. The web filter profiles can be applied to student grades or age groups through integration with directory services from Microsoft and Google. This helps create a safer online environment and prevents students from accessing inappropriate or distracting content. Extensive reporting, analytics, and alerting are available through fabric-connected FortiAnalyzer. This allows administrators or educators to obtain reports on web content visited and blocked, as well as insight into possible student cyberbullying and the risk of self-harm. Zero Trust Network Access In a school environment
FortiAIOps 500G: Boosting Network Performance with Cutting-Edge AI-Powered Insights In the ever-evolving landscape of network management, the integration of Artificial Intelligence for IT Operations (AIOps) has become a pivotal strategy for organizations aiming to enhance operational efficiency and proactive issue resolution. Fortinet, a leader in cybersecurity solutions, has taken a significant leap forward with the introduction of the FortiAIOps 500G (FAO-500G) appliance. This on-premises hardware solution is engineered to deliver unparalleled performance, seamlessly integrating AI-driven analytics into your network infrastructure. Unveiling the FortiAIOps 500G Hardware The FAO-500G is a dedicated hardware appliance designed to enhance network operations by leveraging artificial intelligence and machine learning. This appliance offers comprehensive monitoring, robust troubleshooting tools, and AI-powered insights to ensure optimal network performanc
Overview One of Fortinet customers, a tele-communication (telco) company in the Spain, has a large fleet of EC2 instances across multiple regions in Europe to meet customers’ demands and GDPR regulation. The telco company deploys application in to auto-scaling EC2 spot instances to save on cloud cost which makes it challenging to deploy persistent workload protection tool. They also use FortiGate-VM on AWS to deliver advanced threat protection and secure connectivity for EC2 instances, including antivirus capabilities through FortiGuard. It provides features like application control, malware protection, web filtering, and IPS. FortiGate-VM forwarded events to AWS Security Hub via FortiGate API integration. The telco company’s FortiGate-VM detected a wave of attack by un-authorized users using Rhysida ransomware. FortiGate-VM was able to block all of the traffic with Rhysida ransomware. Incident Summary Attack Vector: Ransomware attack Impact: Non-critical peer-to-peer appl
Overview One of Fortinet customers, a large fintech organization, leverages TeamCity to deploy auto-scaling EC2 workload in their AWS environment. The customer builds new resources by automatically starting and stopping cloud-hosted agents on-demand, depending on the current build queue workload. They also use FortiCNAPP (Lacework) to protect their cloud native applications and resources. During periodic scan, FortiCNAPP discovered 10% of the EC2 workload from certain AMI images expose to CVE-2023-42793 which has the score of 9.8 where attackers had already deployed the publicly available exploit without authentication supporting remote code execution on the victim server using a basic web request to any accessible web server hosting the vulnerable application. Incident Summary Attack Vector: CVE exploitation on AWS workloads Impact: Remote code execution for unauthenticated users, enabling access to critical applications running on EC2 Initial Entry Point: Application accessed
Overview One large cooperative bank is tackling modern cloud security challenges head-on through a comprehensive digital transformation, migrating workloads from on-premises data centers to AWS. The bank is reinventing its digital and customer experiences through innovative new services, while enabling its remote workforce to securely and efficiently access private applications. During this transition, the bank experienced a security incident involving a Server-Side Request Forgery (SSRF) attack in its AWS environment. The breach highlighted the risks of cloud-native architectures when combined with misconfigurations and legacy service settings. To contain the incident and strengthen their security posture, the bank engaged the Fortinet Incident Response (IR) Team, which conducted a full investigation using the Fortinet FortiCNAPP platform and delivered a comprehensive cloud security remediation plan. Incident Summary Attack Vector: SSRF vulnerability in a
Author: @kcheung DNS: Overview & Threats DNS (Domain Name System) is integral to enterprise IT infrastructure, providing services for name resolution. Without DNS, an IT infrastructure is unable to look up a domain’s IP address. Since DNS is available in many IT infrastructures, its role makes it a target for malicious activity. Enterprises must adopt layered defenses and monitor DNS activity to mitigate threats effectively. DNS C2 commands can appear like normal DNS requests and thus make DNS based threats difficult to detect. Enterprise with firewalls that typically allow DNS traffic (port 53), hence use of a multi layered detection and response systems (Ex: EDR, NDR) is crucial in identifying threats. FortiNDR Cloud offers multiple levels of network-based DNS threats detections and response. This blog will go deeper into how you can leverage them to understand, respond and mitigate any such threats and secure your organization’s network. DN
What is CVE-2014-100005? CVE-2014-100005 is a critical vulnerability identified in older D-Link DIR-600 routers. This Cross-Site Request Forgery (CSRF) vulnerability allows remote attackers to hijack the authentication of administrators. By crafting malicious requests, attackers can alter router settings without the administrator’s knowledge, potentially leading to unauthorized account creation or remote management activation. The vulnerability is specifically noted in firmware versions before 2.17b02. How the Vulnerability Works: In the case of D-Link DIR-600 routers, the CSRF vulnerability allows an attacker to send a specially crafted HTTP request to the router's administrative interface, effectively causing the router to perform actions that would normally require administrator-level access. This could include: Changing router settings: For example, modifying network configurations or security settings. Creating unauthorized accounts:
What is CVE-2022-37055? CVE-2022-37055 is a critical buffer overflow vulnerability in D-Link Go-RT-AC750 models GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02. It allows remote code execution due to insufficient buffer size checks in the device's web interface, affecting the CGI and HNAP main components. The Significance of CVE-2022-37055 Buffer overflow vulnerabilities like CVE-2022-37055 are particularly severe because they enable attackers to overwrite memory beyond its allocated limits, potentially injecting and executing malicious code on the affected device. This can grant unauthorized control to attackers, allowing them to manipulate device settings, intercept sensitive data, or use the compromised device as a foothold for further attacks. Additionally, such vulnerabilities can lead to data leakage, service disruptions, or even complete system failure, posing significant threats to network security and data integrity. If exploited, attackers could
What is CVE-2024-1708? CVE-2024-1708 is a critical path traversal vulnerability impacting ConnectWise ScreenConnect versions up to 23.9.7. This flaw enables attackers to manipulate file paths, potentially gaining unauthorized access to files or directories located outside the intended restricted directory. Exploitation of this vulnerability could lead to remote code execution or compromise sensitive data and critical systems. The Importance of CVE-2024-1708 Path traversal vulnerabilities pose a significant threat because they allow attackers to navigate beyond the intended directory restrictions within web applications. By exploiting these vulnerabilities, attackers can access sensitive system files that are typically inaccessible through normal application usage. This could result in the disclosure of confidential information, compromise of system integrity, or facilitate subsequent attacks targeting other areas within the network infrastructure. Such exploits
Already have an account? Login
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.