Not sure if this is the right area but I figured since it is the Vulnerability scan that is built into the Fortigate I might as well post it. Scheduled some weekly vulnerability scans on my home network using the integrated vulnerability scanner on the Fortigate.
Well, I was in the restroom just now (12:30 at night my time) and I heard a printer kick off...I didn't know it was my printer at first so I ran in there ready to go toe to toe with an intruder.
Saw it was the printer and took a look. My Samsung printer was printing out random jibberish pages and one of them said "Rand-Test-User-Fortinet" a bunch of jibberish and then Squelda
After some digging into the firewall I realized it was running a scan.
I then remember that my main office experienced the same thing last week when the scan was going off at HQ (HQ also uses a Samsung printer). Needless to say, don't freak out if you run a Samsung style printer and your fortigate vulnerability scans your network and causes it to print some jibberish etc. You will be wasting paper but don't be alarmed haha.
Mike Pruett
Interesting. Thanks for the heads up Mike!
Thanks,
jb
Interesting. Has anyone else experienced similar issues? I will keep a heads up for this. Thanks.
Just a heads up but I tested at another client's office. Does it to HP printers too haha
Mike Pruett
Our Kyocera printers (different models) print the same thing.
But vulnerability scan is turned off on our Fortigate..
Good afternoon,
same problem with Lexmark printers and vulnerability scan off.. Have you find any solutions?
In our case, prints start at 0:00 and often trigger the alarm in the office
many thanks in advance for your reply
Mirco Palandri
No solution for me yet.. Updated to the latest Firmware but didn't change anything.
It only happens on the internal Network where the fortigate is located too, routed subnets are not affected
Hi,
in firmware 5.2.3 i found the solution.
We notice that if you disable the vulnerability scan feature, the scan remains enabled.
to definitively disable it, from console use device-netscan command:
config system interface
edit "internal interface"
set device-netscan disable
end
end
> We notice that if you disable the vulnerability scan feature
I don't believe it's possible to disable this feature (setting system global's 'gui-vulnerability-scan' to "disable" only removes "Vunerability Scan" menu from the GUI).
This is what I observe: Vulnerability Scan of 'assets' (see "config netscan assets") is initiated in any of these 3 ways:
1. on-demand (ie. manually), using "execute netscan start scan";
2. per schedule (see "config netscan settings") IF asset's 'scheduled' is "enable";
3. per schedule (see "config netscan settings") IF an asset's address is within the subnet of the interface whose interface (see "config system interface") has both 'device-identification' and 'device-netscan' set to "enable".
So, to practically disable the scanning, either: (i) remove all assets whose address is within the interface's subnet (with netscan) or (ii) disable netscan on the interface whose subnet contains assets' address.
Hi,
Does anyone have an update on this ?
Seems that I have this issue too, I have a FortiGate-100D v5.2.8
Is there any possibility to disable this only for a host or port number ?
Thanks
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.