Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

CVE-2021-44228 Apache LOG4J vulnerability

Would appreciate a response from Fortinet regarding the Apache log4 vulnerability if any Fortinet product

is affected.


Any information regarding updated IPS signature for CVE-2021-44228?

1 Solution

PSIRT advisory on impacted products can be found here:

Dr. Carl Windsor Field Chief Technology Officer Fortinet

View solution in original post


where are you finding the signature ? "Then search the log4j signature and click add to signature." I cannot find the syntax for this ? 



make sure your IPS version is updated to the latest version:


If not, perform the update first



- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -

Run exec update-now and verify if the IPS attack definition is on 19.00215. This will include the signature and then have to set the action to 'block' manually.

Since this was the emergency release, default action is still pass.

Jay Patel

Make sure you've updated your signatures. Edit the sensor (ex all_default), under IPS signatures and filters, +Create New, click "Signature", action drop down Block, Enable, and then in the search type Log4. Click on it and add selected. Did I do that right?


Thank you that did the trick!

New Contributor III

I've already done that. You need to click the "Add Signatures" button in the "Security profiles" section and in the "Instruction Protection" tab, then a window opens with a list of all signatures and you search for "log4j" in the search, click on its line and then add it with the "Use Selected Signatures" button. After that, it will appear in your table of added signatures and by right-clicking on its row you will open a list of applicable functions, including blocking.

With respect,

Daniil Dubosarskij

With respect, Daniil Dubosarskij

Just like shown here:

- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -

Running Fortigate fortiOS 6.2.9 and IPS engine Version 5.00245 and definitions Version 19.00215, the signature is there. As previously stated,  I had to set the action to block as the default is default and the default for the signature is pass. It was not greyed our for me.


Does anybody (...from FTNT) know whether FortiADC is affected? If so, is any firmware version patched? In, FortiADC is mentioned neither in "affected" nor in "not affected" section.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
New Contributor

i noticed handful CVEs are set to pass in default including log4j. Aren't CVEs especially critical supposed to be blocked in default? 

i just set all above medium to be blocked. what is the impact if i set all CVEs blocked?


Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors