On Fortigate firewall do we need to take any actions against LOG4J ?

Forum|Forum|4 years ago
December 13, 2021
4 replies
5351 views

FortiGate

Best answer by JWJ

Just in case, another user submitted a quick and dirty "How-To" for changing the default action of "Allow" to "Block" on the log4j signature.

Security Profiles

Intrusion Prevention

Edit Sensor

Add Signature

Type = Signature

Action = Block

Status = enable.

Then search the log4j signature and click add to signature.

[Apache.Log4j.Error.Log.Remote.Code.Execution]

Save.

Move to the top of the signatures list.

Save

Thanks @Anonymous_User for posting.

kitkat09811

Explorer

yes ! you should protect any servers that are internet facing. If your not doing SSL inspection on inbound HTTPS communication and your webservers are vulnerable, this would not be good. IPS Signature database 19.00215 is the updated signature database which has the log4j signature, although you need to setup this IPS signature as block since by default it's set to pass.