Skip to main content
pcosmo
pcosmo
New Member
March 7, 2014
Question

TR-069

  • March 7, 2014
  • 9 replies
  • 8574 views
Do any of the fortigate edge firewalls support the TR-069 specs? If not, is TR-069 support on the roadmap at all? thanks! Patrick Cosmo

    9 replies

    emnoc
    emnoc
    New Member
    March 8, 2014
    I never heard of any Fortinet devices support TR069, but what and why do you want or think you need support for it ? & at a firewall device? And TR069 was not really designed for management of all Lan or layer3 devices. And I almost never heard of any NGFWs supporting TR069 ( cisco , juniper or paloalto ,etc..)
    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    March 8, 2014
    The probable background of the query is a hack which occurred 2 weeks ago in Germany. A suspected 50% of all home routers here are from one vendor. They proved vulnerable to an attack using the TR-069 protocol whereby attackers are able to get the complete cconfiguration from the WAN side, with cleartext passwords. Apparently the vendor overlooked code fragments for TR-069 in the firmware. There are patches available for all newer models. An incredible nightmare.
    emnoc
    emnoc
    New Member
    March 9, 2014
    Thanks for this information, I will mention it our adsl group. They have various livebox modems and probably was not made aware of this.
    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    March 9, 2014
    The vendor I did not mention is AVM, a German company producing the " Fritz!Box" routers. AFAIK the livebox routers are not made by them. Just to add how the security breach is exploited: hackers get in and create virtual phones within the VoIP section of the router. Then calls to faraway special service numbers are placed which cause phone fees in the thousands of Euros per month. Obviously the hackers get their share from these fees.
    Jan_Scholten
    Jan_Scholten
    New Member
    March 10, 2014
    Afaik the AVM Hack was NOT related to TR-069 code but (as in multiple other routers as well) due to the fact that a page exists that accepted shell commands without authentication afaik by using " cgi-bin/webcm?var:lang=%26cat....." AFAIK TR-069 is a " provider-config-method for CPE" e.g for DSL Providers i would not expect (at least per default) that on my firewall..
    pcosmo
    pcosmoAuthor
    New Member
    March 12, 2014
    The probable background of the query is a hack which occurred 2 weeks ago in Germany
    no, I wasn' t aware of this attack, I' m asking because I have a customer who has deployed fortigate 600c edge firewalls among his list of devices, and he is looking for a single software solution for managing and monitoring all of his many types of devices, preferably through TR-069. Best regards, Patrick Cosmo
    pcosmo
    pcosmoAuthor
    New Member
    March 12, 2014
    I never heard of any Fortinet devices support TR069
    I believe that the FortiFone 110 VoIP Phone supports TR-069, but that is obviously a very different type of device.
    pcosmo
    pcosmoAuthor
    New Member
    March 12, 2014
    I almost never heard of any NGFWs supporting TR069 ( cisco
    It appears to at least be supported by the Cisco 891, Cisco 3900, Aruba AP - 135 ...
    emnoc
    emnoc
    New Member
    March 12, 2014
    It appears to at least be supported by the Cisco 891, Cisco 3900, Aruba AP - 135 ...
    All of which are not Next Generation Firewall
    Terms & ConditionsAccessibility statement