FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
kkhushdeep
Staff
Staff
Article Id 241679
Description This article describes the offset missing warning for http_post –flow during the boot sequence of FortiGate. 
Scope FortiGate.
Solution

The following warning indicates that some custom signature on the firewall is missing a semicolon ';'. It should be like http_post; --flow instead of http_post --flow 

 
Warning:

Warning: 
Line 3 offset 128 missing ';' 
http_post --flow 
Warning: 
Line 3 offset 128 missing ';' 
http_post --flow 
Warning: 
Line 3 offset 128 missing ';' 
http_post --flow 

 

It is necessary to check the configuration for all the signatures. 

 

Example: 

 

edit "NATSlipStream1_SIP"  
set signature "F-SBID(--attack_id 9000; --name NATSlipStream2_H323; --protocol tcp; --dst_port 1720; --service http; --parsed_type http_post --flow from_client; )"  
set comment "NAT SlipStreaming detection for SIP/TCP Port 5060"  
next 

 

In this signature ‘;’ is missing after http_post. 

 

It is necessary to manually add the missing semicolon in this signature from CLI. 

 

In this example, it is necessary to make the following change from CLI:

 

# config ips custom 
    edit "NATSlipStream1_SIP"  
        set signature "F-SBID (--attack_id 9000; --name NATSlipStream2_H323; --protocol tcp; --dst_port 1720; --service http; --parsed_type http_post; --flow from_client; )"  
        set comment "NAT SlipStreaming detection for SIP/TCP Port 5060"  
end 

Contributors