Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
RickySpanish
New Contributor

Created on ‎01-23-2025 11:25 AM

FortiWiFi v7.4.3(F) build2573 Local-In Policy for ANY Interface Issue

On January 19th, we started to receive SOC alerts for failed logins to a FortiWiFi 60E running 7.4.3 (Feature). Normally we don't push out Feature version firmware so why it is installed is another story unrelated to the current issue. I do not have a date on when this Firmware was loaded so I am unsure if this has been an issue since loading 7.4.3 or recent issue. We did have SSLVPN enabled for 443 up until January 1st at which point it was reassigned to port 4444 and disabled in favor of Remote Access IPSec.

 

We found that there is a Local In policy for HTTPS listening on ANY interface rather than just the LAN interface where HTTPS is enabled on the interface. We cannot remove this listing. The FortiWiFi is without subscription and stuck on 7.4.3 using Automatic Upgrade. The downside is that Automatic Upgrade is failing to download the image for the next mature image available. I really loathe 7.4 introduction of blocking manual upgrades when there have been a number of critical CVEs by Fortinet.

 

We will likely reformat this FortiWiFi in an effort to place on a Mature version firmware, or force the client to purchase a license (SMB budgets are tough). I just wanted to get this information out in the wild.

 

 

FortiOS-NoWANManagement.png

Local-In PolicyLocal-In Policy

PasswordSpray.png

Labels:
541
0 Kudos
4 REPLIES 4
Anthony_E
Community Manager
Community Manager

Created on ‎01-26-2025 09:23 PM

Hello Ricky,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
487
0 Kudos
Anthony_E
Community Manager
Community Manager

Created on ‎01-28-2025 11:13 PM

Hello Ricky,

 

We are still looking for someone to help you.

We will come back to you ASAP.


Regards,

Anthony-Fortinet Community Team.
466
0 Kudos
Anthony_E
Community Manager
Community Manager

Created on ‎02-06-2025 04:55 AM

Hello Ricky,

 

May I invite you to open a ticket with our support?:

https://support.fortinet.com/welcome/#/

 

Regards,

Anthony-Fortinet Community Team.
417
0 Kudos
RickySpanish
New Contributor

Created on ‎02-06-2025 10:28 AM

Unfortunately the device is without Support. I was able to resolve the issue by creating an additional Local In policy to block connections on all interfaces, and then to allow connections from our internal interface.

 

However, with FortiOS 7.4 devices without subscription are forced to update ONLY through Automatic Updates. These updates have been failing to download

 

logdesc="A federated upgrade could not be completed by the root FortiGate" msg="Federated upgrade failed after reaching state downloading" reason="download failed" version="7.4.5"

 

So we will close out this Post as the underlying issue is patched. I will look into how to fix the failed Automatic Updates.

413
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.