Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
TC_Hessen
New Contributor

Heartbleed-Bug and Fortinet products

Hi, have a look at http://heartbleed.com/ - I made a test with some of our own Fortigates and with some of our customers and found, that they are affected. I tried to test the public ssl portals where valid ssl certificates have been installed. Can anyone check this please? A good site to run a test is http://possible.lv/tools/hb/
best regards, TC
best regards, TC
34 REPLIES 34
billp
Contributor

I just found this IPS signature on a Fortinet blog: http://firewallguru.blogspot.com/2014/04/heartbleed-openssl-vulnerability.html Signature here: F-SBID( --name " OpenSSL.TLS.Heartbeat.Information.Disclosure" ; --protocol tcp; --flow from_client; --service SSL; --pattern " |18|" ; --context packet; --within 1,context; --byte_test 2,>,255,2,relative; ) I haven' t had a chance to test it out yet.

Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1

Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1
TC_Hessen
New Contributor

Thanks. But I have no idea where to add such a sensor. I tried to add it into the ssl-portal-policies, but that does not work. In other words, which policy protects the login-screen https://<firewall ip>/remote/login ?
best regards, TC
best regards, TC
billp
Contributor

I can' t get it to work either. They just announced 5.0.7 for release tomorrow, so there' s probably no simple IPS patch that can handle this.

Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1

Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1
KNAW
New Contributor

Hello Bill, Where did you find the announcement for 5.0.7? And do you know whether it is just a fix for the Heartbleed bug or " full" patch release? Arjan
mhe
Contributor II

From Fortinet: " A firmware update for FortiOS will be available Wednesday April 9, at 5PM Pacific Daylight Time (1AM GMT Thursday April 10). Firmware updates for FortiAuthenticator and FortiMail will be available on Friday April 11th. Firmware release dates for other products are pending." martin
Carl_Wallmark
Valued Contributor

More info: http://www.fortiguard.com/advisory/FG-IR-14-011/

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
200B
New Contributor

I implemented the fix using an interface-policy. Seems to have worked based upon the testing sites that are available. The Fortinet announcement is a bit vague - it doesn' t specify exactly that the Fortigates are vulnerable, yet a patch is coming in a hurry so they must be?
mhe
Contributor II

Affected Products: FortiGate (FortiOS) 5.0 and higher, FortiAuthenticator 3.0 and higher, FortiMail 5.0 and higher, FortiVoice, and FortiRecorder. For me thats a clear statement. martin
AndreaSoliva
Contributor III

Hi official statement and Cert comunication you will find here: http://www.fortiguard.com/advisory/FG-IR-14-011/ In this comunication is also mentioned the IPS custom sig as how to configure it. also there will be some new releases: A firmware update for FortiOS will be available Wednesday April 9, at 5PM Pacific Daylight Time (1AM GMT Thursday April 10). Firmware updates for FortiAuthenticator and FortiMail will be available on Friday April 11th. Firmware release dates for other products are pending. Hope this helps have fun Andrea
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors