Hello.
Fortigate can't pass in http evader tests from noxxi.de, using SSL Deep Inspection, AV, IPS etc. Running last FortiOS 5.6.
Have some recommendation or best pratice for attacks like this?
Test: https://noxxi.de/research/http-evader-testsite.html
Hey there,
yes fortios 5.6 can pass this test.
update to the latest 5.6 (5.6.5) and then
you have to enable av heuristics and most important use the extendet ips database and then set Action to block
in the security profiles.
if you use "default" instead of "block" in the ips profile, the eicar Virus will not be blocked.
run the test again
sudo apt-get-rekt
Hi, I followed the steps mentioned but I still don't pass the evader test, I´m running FortiOS 6.0.8 version
Hey there,
please have a look at you ips logs, are there any eicar virus test file messages and are they blocked?
Regards
sudo apt-get-rekt
today i did another test from the http evader site, all eicar.zip files were blocked by our fortigate alongside
with other ips attacks.
We're currently on FortiOS 6.0.7
Regards from the Alps
sudo apt-get-rekt
Your logs tell me that you are using the default ips profile.
please check if you enabled all signature severenitys and set the action to block.
run the test again.
Regards
sudo apt-get-rekt
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1738 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.