Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Holiday badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiGuest
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiVoice
- FortiToken
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Support Forum
- RE: IPS recommendations
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Not applicable
Created on 02-27-2007 05:45 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
IPS recommendations
OK - I am another " surprised" and overwhelmed new user by the IPS section on my FortiGate 60' s.
I have scoured the forum archives but I do not see a " best practices" use of the IPS section.
Is there such a thing?
I am looking for how others are setting up their FortiGate 60' s - I have 28 of them at 28 remote branches - and I would like articles or ANYTHING that will guide me on the IPS setup.
why you ask?? Well I am having a huge amount of trouble with my FortiGate 60' s and I see where others have posted that turning off many of the services under IPS may solve some performance issues.
BTW - has anyone had to return any of their FortiGate 60' s because they no longer boot?? I am on my 7th out of 28.
NCRL
30 Fortigate 60' s
2 300A' s
12 REPLIES 12
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I have scoured the forum archives but I do not see a " best practices" use of the IPS section. Is there such a thing?There' s not a general recipe for that because is related with your actual deployment Mostly a good starting point is common sense and IPS guide from http://docs.forticare.com/fgt.html I mean, if you don' t have a Oracle server to protect, why should you enable oracle signatures? If you' ve a old or non-patched IIS server in your DMZ, is good idea to enable and LOG everything to see what happening there; a pen-test may be helpful to probe known exploits against that IIS.
I am looking for how others are setting up their FortiGate 60' s - I have 28 of them at 28 remote branchespossibly -i' m guessing-, you don' t have servers to protect or be worried about internal activity inside every branch office; you could turn off IPS in those situations and begin to enable only strictly necessary.
why you ask?? Well I am having a huge amount of trouble with my FortiGate 60' s and I see where others have posted that turning off many of the services under IPS may solve some performance issues.yes, you can begin with kc article' s tips: http://kc.forticare.com/default.asp?id=1076&SID=&Lang=1 to tune those 60' s and avoid ' conserve mode' messages
has anyone had to return any of their FortiGate 60' s because they no longer boot?? I am on my 7th out of 28.Not with 60s, nor in that proportion, just one or two old 50 models; you' ve a really bad luck with your reseller; after buying them 32 boxes, you' ll deserves better attention. good luck
regards
/ Abel
regards
/ Abel
Not applicable
Created on 03-01-2007 08:02 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I' ve used both Juniper IPS and Fortinet IPS. From my experience IPS is a tough nut to crack no matter whos tool you' re using. It takes some work to manage. One option you have is to apply the default actions and tweak your false positives. That would give you quite a bit of security with relative minimal management.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
BTW - has anyone had to return any of their FortiGate 60' s because they no longer boot?? I am on my 7th out of 28.Its pretty rare that a Fortinet is totally dead. You can wipe them clean and upload a new firmware to fix any booting issues. I' ve never (in the 100s of Fortinet' s we sell and support) had a Fortinet be totally dead to the point where it had to be returned. In every case, a full wipe and reimage repaired any problems. Its pretty easy to reimage a box. See the Knowledge Base. You just need a TFTP server. as for the IPS....
I have scoured the forum archives but I do not see a " best practices" use of the IPS section. Is there such a thing? I am looking for how others are setting up their FortiGate 60' s - I have 28 of them at 28 remote branches - and I would like articles or ANYTHING that will guide me on the IPS setup.There probably isn' t any such document. I would reccomend the following: Set the following categories to block: Worm, Backdoor, Web_Client As for the rest. Pick off the " high" ones in Web_Server, Application, email, smtp, web_apps and set them to drop. I' d set up one FG60 the way you want and let it run for 1-2 weeks. Make sure your users can do their work and access whatever they need to. When you have the IPS signatures tuned the way you want, save the configuration and then get the CLI commands for the IPS out of the configuration file. That way you can use the Bulk CLI commands to upload your configuraiton to the other systems. On an FG 60. I' d leave off all the low and informational IPS signatures. The 60s don' t have much power and there is no point monitoring for them. Here is a list of ones I manually set to drop. Note most of them are worms & back doors - hence you would get them with that category. AMPII.3D.Game.Engine.UDP.DoS Apache.IPv6ParsingFlaw.DoS.A Apache.IPv6ParsingFlaw.DosS.B Apple.Safari.Large.JavaScript.Array.Handling.DoS.A Apple.Safari.Large.JavaScript.Array.Handling.DoS.B Arnudp Cisco.ssh.Overflow.DoS Cisco.VoIP.Phone.StreamingStatistics.DoS EchoChargen.UDP.DoS Echok.DoS FreeRADIUS.Ascend.Receive.Secret.DoS FreeRADIUS.Ascend.Send.Secret.DoS Gewse Icecast.Base.64.Authorization.DoS ICMP12 ICQ.Message.Session.Window.DoS Kerio.Personal.Firewall.DoS LibPNG.iCCP.NULL.Dereference.DoS Lithtech.Game.Engine.UDP.DoS.A Lithtech.Game.Engine.UDP.DoS.B Mstream.Agent.Pong2Handler Mstream.Agent2Handler Mstream.Handler.Ping2Agent Mstream.Handler2Agent Mstream.Handler2Client Mstream.Handler2Client.15104 Nb.Isakmp.DoS Newtear Oracle.Intermedia.ORDDoc.DoS Oracle.Intermedia.ORGImage.DoS Oracle.Net.Services.Listener.DoS Oracle9i.Application.Server.Web.Cache.Administration.DoS.B Oracle9i.TNS.OneByte.DoS Polycom.ViaVideo.DoS Project1.TCP.epmap.DoS Quake.Dcd3c.26000.DoS Quake.Dcd3c.26001.DoS Quake.Dcd3c.26002.DoS Qualcomm.Eudora.MIME.Nesting.DoS RAS.PPTP.Malformed.Control.Packet.DoS Real.Networks.Helix.Universal.Server.DoS.A Real.Networks.Helix.Universal.Server.DoS.B RealNetworks.Helix.Server.Content.Length.DoS Shaft.Agent2Handler Shaft.Handler2Agent Snork.UDP SSLBomb.Binary SSLBomb.Hello Stacheldraht.Client.Check Stacheldraht.Client.Check.Gag Stacheldraht.Client.Spoof Stacheldraht.Server.Response Stacheldraht.Server.Response.Gag Stacheldraht.Sever.Spoof Sun.Cobalt.RAQ4Server.DoS SurgeLDAP.HTTP.GET.DoS Symantec.DoS TCPDump.L2TP.Parser.Remote.DoS.A TCPDump.L2TP.Parser.Remote.DoS.B TearDrop.Bonk TFN.Client.Command.BE TFN.Client.Command.LE TFN.Probe TFN.Server.Response TFN2K Trin00.Daemon2Master Trin00.HELLO Trin00.Master2Daemon.Password.Default Trin00.Password.Default Trin00.Password.Mdie.Default Trin00.Password.Startup Trin00.PONG VERITAS.Backup.Exec.Agent.Invalid.Error.Status.DoS WapServ.DoS.A WapServ.DoS.B WapServ.DoS.C Web.Browser.Infinite.Array.Sort.DoS Windows.Ani.File.DoS.A Windows.Ani.File.DoS.B Windows.Ani.File.DoS.C Windows.IGMP.Header.Invalid.C.DoS Windows.IGMP.Header.Invalid.D.DoS Windows.IGMP.Header.Invalid.E.DoS Windows.IGMP.Header.Invalid.F.DoS Windows.LANMAN.TCP.DoS Windows.Printing.Service.DoS Windows.XP.WAV.File.Handler.DoS Winnuke.Windows.Out.Of.Band.DoS Wnewk Working.Resources.Badblue.Malformed.HTTP.DoS wu-ftpd.Wildcard.DoS Apple.QuickTime.Content-Type.Remote.Buffer.Overflow Apple.Quicktime.Movie.File.Component.Name.Integer.Overflow Apsis.Pound.logmsg.Format.String Arkeia.Agent.Access.Default.Root.Password Arkeia.Agent.Access.Get.System.Info Arkeia.Type.77.Request.Stack.Overflow AV.Software.Zip.Files.Detection.Evasion.A AV.Software.Zip.Files.Detection.Evasion.B Axis.StorPoint.CD.Authentication.Bypass BadBlue.Ext.DLL.Command.Execution BadBlue.MFCISAPICommand.Remote.Buffer.Overflow BakBone.NetVault.Computer.Name.Buffer.Overflow BrightStor.ARCserve.Backup.Default.Account BrightStor.ARCserve.Discovery.SERVICEPC.Buffer.Overflow.A BrightStor.ARCserve.Discovery.SERVICEPC.Buffer.Overflow.B BrightStor.ARCserve.UDP.Probe.Buffer.Overflow BrightStor.ARCserve.UniversalAgent.BOF.big.endian BrightStor.ARCserve.UniversalAgent.BOF.little.endian CA.iGateway.HTTP.Request.Remote.Buffer.Overflow CA.License.Manager.Stack.Overflow CA.Unicenter.Awservices.Stack.Overflow CA.Unicenter.Message.Queuing.Buffer.Overflow Cfengine.Authentication.Dialogue.Buffer.Overflow Cisco.CiscoWorks2000.CsAuthServlet.Privilege.Escalation Compaq.Web.management.Authentication.CIM_XML ISS.PAM.SMB.Parsing.Buffer.Overflow Agobot.Phatbot.Infection Akak.Response Akak.Setup Amanda.Connected CDK Dagger.1.4.0.Drives DeepThroat.Client DeepThroat.Mouse.Frozen DeepThroat.Mouse.Unfrozen DeepThroat.Server Dolly.2.Client.DTOK Dolly.2.Client.GURL Dolly.2.Client.HVTC Dolly.2.Client.RUNA Dolly.2.Client.SVTC Dolly.2.Client.UIPC Dolly.2.Server G_Door.ICMP HidePak.StoogR HideSource.wank MyDoom.Client MyDoom.Server NetBus.Client.D NetBus.Client.GetInfo.A NetBus.Client.GetInfo.B NetBus.Server PhaseZero Phatbot.P2P.Connection QAZ.Client.Login RHTools.ASP.Access Rootkit.d13hh Rootkit.lrkr0x Rootkit.r00t Rootkit.rewt Rootkit.satori Rootkit.w00w00 Rootkit.wh00t! Sm4ck.hax0r SubSeven.2.1.Command SubSeven.2.1.Connected SubSeven.2.2.SA SubSeven.Defcon8.2.1 WinRAT.1.2.Client.A WinRAT.1.2.Server IBM.DB2.Universal.Database.Generate_distfile.Buffer.Overflow 3CDaemon.FTP.Server.Information.Disclosure ArGoSoft.Upload.Windows.Shortcut BSD.Ftpd.Glob.Buffer.Overflow CooolSoft.PowerFTP.Drive.Content.Disclose CooolSoft.PowerFTP.PWD.Path.Disclose FTP.ADM.User.W0rm FTP.ADMhack.Password.Attempt FTP.Backdoor.Password.h0tb0x.Attempt FTP.Command.authorized_keys.file.Transfer FTP.Command.CWD.BS.WAREZ FTP.Command.CWD.DoS FTP.Command.CWD.Root FTP.Command.CWD.WAREZ FTP.Command.DELE.Overflow FTP.Command.MKD.BS.WAREZ FTP.Command.MKD.Dot.WAREZ FTP.Command.MKD.Overflow FTP.Command.MKD.WAREZ FTP.Command.PASS.Overflow FTP.Command.REST.Overflow FTP.Command.RETR.2xBSDot FTP.Command.RETR.Conversion FTP.Command.RETR.passwd.File.Transfer FTP.Command.RETR.shadow.File.Transfer FTP.Command.RMD.Overflow FTP.Command.RMDIR.Overflow FTP.Command.SITE.CHOWN.A.Overflow FTP.Command.SITE.EXEC.Overflow FTP.Command.SITE.ZIPCHK.Overflow FTP.Command.STAT.Overflow FTP.Command.USER.Overflow FTP.file_id.diz.Transfer FTP.ISS.Password.iss@iss.Attempt FTP.LIST.Directory.Traversal FTP.MODE.Invalid FTPD.Created.Pathname.Buffer.Overflow FTPLocate.flsearch.pl.Remote.Command.Execution.A1 FTPLocate.flsearch.pl.Remote.Command.Execution.A2 FTPLocate.flsearch.pl.Remote.Command.Execution.B1 FTPLocate.flsearch.pl.Remote.Command.Execution.B2 FutureSoft.TFTP.Directory.Traversal.A FutureSoft.TFTP.filename.Buffer.Overflow FutureSoft.TFTP.transfer-mode.Buffer.Overflow glFtdD.SITE.ZIPCHK.Command.Execution glFTPd.Zip.Plugin.Directory.Traversal.nfo glFTPd.Zip.Plugin.Directory.Traversal.zipchk glFTPd.Zip.Plugin.Directory.Traversal.ziplist Golden.FTPD.APPE.Stack.Overflow Gzip.FTP.Get.Buffer.Overflow Gzip.FTP.Put.Buffer.Overflow HP-UX.FTP.Server.Directory.Listing.A HP-UX.FTP.Server.Directory.Listing.B IBM.AIX.FTPD.CEL.Buffer.Overflow IIS.STAT.Globbing.DoS IIS.Wildcard.DoS InetUtils.TFTP.Client.Buffer.Overflow.A InetUtils.TFTP.Client.Buffer.Overflow.B Ipswitch.Ws_ftp.ALLO.Buffer.Overflow Ipswitch.WS_FTP.CPWD.Buffer.Overflow Ipswitch.WS_FTP.iFtpSvc.Option.Remote.Command.Execution Ipswitch.Ws_ftp.REST.Large.Argument.DoS Ipswitch.WS_FTP.RNFR.Buffer.Overflow Ipswitch.WS_FTP.SITE.Buffer.Overflow Ipswitch.Ws_ftp.STAT.Buffer.Overflow Ipswitch.WS_FTP.XMKD.Buffer.Overflow moxftp.Banner.Parsing.Buffer.Overflow OpenBSD.X86.FTPD.Shell.Code OpenFTPD.SiteMsg.Format.String Oracle9i.XDB.FTP.Pass.Overflow Oracle9i.XDB.FTP.Unlock.Overflow PlatinumFTPserver.Malformed.Username.DoS Rsync.Chunk.Checksum.Buffer.Overflow Saint.Scanner.FTP.Attempt Sasser.FTPD.1203.Overflow Sasser.FTPD.5554.Overflow Satan.Scanner.FTP.Attempt Serv-U.FTP.site.chmod.LongFilename.Buffer.Overflow Serv-U.List.Parameter.Buffer.Overflow.A Serv-U.List.Parameter.Buffer.Overflow.B Server.U.Transversal Solaris.Command.CWD.7E0A Solaris.Command.CWD.7E0D0A SolarWinds.TFTP.Server.Directory.Traversal TFTP.Directory.Traversal TFTP.Overlong.Filename WFTPD.Pro.MLST.Buffer.Overflow WS_FTPD.CWD.Stack.Overflow WuFTP.Glob.Filename.Bad WuFTP.SITE.EXEC.Attempt.A WuFTP.SITE.EXEC.Attempt.B WvTftp.Option.Heap.Overflow Wzdftpd.SITE.Arbitrary.Command.Execution.A 3COM.OfficeConnect.DoS 3COM.OfficeConnect.SoftReset AIX.Rexd.Weak.Authentication Altnet.ADM.ActiveX.Remote.Buffer.Overflow Apple.Quicktime.ImageWidth.DoS Apple.QuickTime.Integer.Overflow Apple.QuickTime.StripByteCounts.Buffer.Overflow Apple.QuickTime.StripOffsets.Improper.Memory.Access Ares.Chat.Join BSD.TildeSlash.Monit.Content-Length.DoS. Cauldron.Chaser.Client.Remote.DoS Cauldron.Chaser.Server.Remote.DoS CFEngine.CFServD.Transaction.Packet.Buffer.Overflow Chocoa.IRC.Client.Topic.Buffer.Overflow Cisco.Catalyst.Command.Execution Cisco.IOS.HTTP.Command.Execution Cisco.IOS.HTTP.DoS Cisco.Malformed.URL Cisco.Secure.ACS Cisco.view-source.DoS Computer.Associates.License.Client.PUTOLF.Buffer.Overflow Computer.Associates.License.Client.PUTOLF.Directory.Traversal DameWare.Mini.Remote.Control.Server.Buffer.Overflow Delegate.Application.Proxy.Buffer.Overflow Denora.IRC.Stats.Nick.Buffer.Overflow DHCPD.Hostname.Format.String DNS.Suspicious.Connection eMule.DecodeBase16.Remote.Buffer.Overflow GraphOn.GO-Global.Client.Remote.Buffer.Overflow GraphOn.GO-Global.Server.Remote.Buffer.Overflow HP.JetDirect.LCD.Display.Modification Interaction.SIP.Proxy.REGISTER.Remote.Buffer.Overflow IPSec-Tools.IKE.Message.Handling.DoS IRC.clientToServer.communication.JOIN ISAKMP.AGGR.Hash.Header.Length ISAKMP.AGGR.SA.Key.Length.Value ISAKMP.Main.SA.Life.Duration.TLV.Value Jabber.Studio.JabberD.Remote.Buffer.Overflow.A Jabber.Studio.JabberD.Remote.Buffer.Overflow.B Jabber.Studio.JabberD.Remote.Buffer.Overflow.C KDE.Kjs.UTF-8.Encoded.URI.Handling.BufferOverflow Kerio.Personal.firewall.Packet.Buffer.Overflow LCDproc.Command.Buffer.Overflow LCDproc.Test_func.Command.Buffer.Overflow LCDproc.Test_func.Command.Format.String Legato.NetWork.Administrator.Login LHA.Arbitrary.File.Creation LHA.Filename.Buffer.Overflow Linux.Ramen.Retrieval Linux.TildeSlash.Monit.Content-Length.DoS Lpd.Solaris.Unlink.File.Attempt Lynx.NNTP.Article.Header.Buffer.Overflow MDaemon.Form2Raw.Message.Handler.Buffer.Overflow Microsoft.Excel.Malformed.Graphic.File.Code.Execution.B Microsoft.Excel.Malformed.Graphic.File.Code.Execution.C Microsoft.Excel.Malformed.Range.Memory.Corruption MPlayer.RTSP.Line.Response.Buffer.Overflow.B MS.UPNP.Notify.Buffer.Overflow OpenSSL.SSLv3.Client.SessionID.Buffer.Overflow Passlogd.Buffer.Overflow PeerCast.URL.Format.String PPTP.Root.Exploit RealPlayer.Arbitary.Code.Execution RealServer.DESCRIBE.Buffer.Overflow Red.Faction.DoS Rsync.Backup-dir.Directory.Traversal ShixxNOTE.6.net.Font.Buffer.Overflow Soulseek.Login.Attempt.2234 Soulseek.Login.Attempt.2240 Soulseek.Login.Attempt.2242 Soulseek.Login.Attempt.5534 Stream.Media.HTTP Stream.Media.MMS Stream.Media.PNM Stream.Media.RTSP StreamTheWorld.Online.Radio.Detection Suspecious.Active.FTP.Data.Connection Symantec.Client.Firewall.Remote.DNS.Response.DoS Symantec.Firewall.NBNS.Response.Heap.Overflow Symantec.Firewall.NBNS.Response.Stack.Overflow Symantec.Firewall.UDP.ISAKMP.Filtering.Bypass Symantec.Firewall.UDP.SNMP.Filtering.Bypass Symantec.Firewall.UDP.TFTP.Filtering.Bypass TCPDump.isakmp.Integer.Overflow Tcpdump.LDP.Print.Zero.Length.Message.TCP.DoS Tcpdump.LDP.Print.Zero.Length.Message.UDP.DoS ToolTalk.ttdbserverd.Format.String.TCP.A TrendMicro.ARJ.Filename.Buffer.Overflow Unreal.Engine.Secure.Query.Buffer.Overflow Watchfire.AppScan.QA.Remote.Code.Execution Webmin.Miniserv.pl.Perl.Format.String Win32/Sobig.F.A Win32/Sobig.F.B Win32/Sobig.F.C Windows.Session.Information.Disclosure.139 WSMP3.Buffer.Overflow AutoMount.Multiple.Vendor.Buffer.Overflow.tcp AutoMount.Multiple.Vendor.Buffer.Overflow.udp HP-UX.LPD.Arbitrary.Command.Execution Linux.LCDproc.Parse.Code.Execution Linux.Ntalkd.Hostname.Buffer.Overflow MS.CMM.ICC.Profile.Buffer.Overflow MS.DDS.Library.Msdds.dll.Buffer.Overflow MS.DirectX.DirectShow.Buffer.Overflow.A MS.DirectX.DirectShow.Buffer.Overflow.B MS.GDIPlus.JPEG.BufferOverflow.A MS.Message.Queuing.Remote.Buffer.Overflow MS.Windows.GDI.Library.EMF.DoS SCO.Unix.Calserver.Buffer.Overflow Solaris.SnmpXdmi.AddComponent.Name.Overflow Solaris.SnmpXdmi.AddComponent.Pragma.Overflow Sun.Solaris.ypbind.Buffer.Overflow Unix.CDE.Dtspcd.Buffer.Overflow Unixshellfromport.ingreslock.port.Exploit Windows.HTML.Help.Heap.Overflow Windows.Media.Player.plug-in.Buffer.Overflow Windows.Metafile.WMF.Integer.Overflow Windows.Shell.Buffer.Overflow Windows.Task.Scheduler.Remote.Buffer.Overflow Windows.Troubleshooter.RunQuery2.Code.Execution Windows.WINS.Replaction.Name.Buffer.Overflow.B Windows.WMF.Rendering.Engine.Heap.Overflow.A Acrobat.Reader.Filespec.Overflow.A Acrobat.Reader.Filespec.Overflow.B AdCycle.AdLogin.pm.Authentication.Bypass AWStats.Rawlog.Plugin.Logfile.Parameter.Input.Validation Barracuda.imgpl.Command.Execution BitComet.URI.Buffer.Overflow BNB.Survey.CGI.Remote.Command.Execution CGI.Day5datacopier.Access.Attempt CGI.nph-test-cgi.Directory.Listing.Disclosure CGI.PHP.Mlog.Mylog.phtml.access CGI.PHP.Mylog.file.access CuteNews.Remote.Code.Execution Darryl.Burgdorf.Webhints.Remote.Command.Execution Dnsmasq.DHCP.Lease.File.DoS Dragon-Fire.IDS.Arbitrary.Command.Execution eFiction.Cross-Site.Scripting eFiction.SQL.Injection.A eFiction.SQL.Injection.B First4Internet.CodeSupport.Remote.Code.Execution FormHandler.CGI.Reply.Attachment Google.Appliance.ProxyStyleSheet.Command.Execution HP.OpenView.Network.Node.Manager.Remote.Command.Execution.3443 HP.OpenView.Network.Node.Manager.Remote.Command.Execution.80 HTTP.CGI.Anyform.Semicolon HTTP.CGI.Bigconf.cgi.Access HTTP.CGI.Uploader.exe.Acces HTTP.Coldfusion.Administrator.Probe HTTP.Tomcat.ContextAdmin.Access HTTP.Tomcat.Snoop.Servlet.Information.Disclosure IBM.WebSphere.AS.Console.BOF.Buffer.Overflow Ikonboard.Illegal.Cookie.Language.Command.Execution Karrigell.Ks.File.Python.Command.Execution.A Karrigell.Ks.File.Python.Command.Execution.B Linksys.Apply.cgi.POST.Buffer.Overflow Lynx.Command.Injection Macromedia.ShockWave.Installer.Buffer.Overflow Microsoft.MSN.SetupBBS.ActiveX.Control.BufferOverflow MS.ActiveX.CAB.File.Execution.HTTP MS.ActiveX.htmlfile.File.Disclosure MS.ASP.NET.WEB.Service.DoS MS.Frontpage.MS-DOS.Device.Name.DoS MS.Jet.DB.File.Code.Execution MS.Office.Data.Source.Control.ActiveX.Object MS.Office.Web.Components.Chart.ActiveX.Object.Access MS.Office.Web.Components.Local.File.Read MS.Office.Web.Components.PivotTable.ActiveX.Object MS.Outlook.View.ActiveX.Object.Access MS.OWC.Record.Navigation.Control.ActiveX.Object.Access AN.HTTPD.CMDIS.DLL.Buffer.Overflow AOLServer.Authentication.Buffer.Overflow AOLserver.Directory.Traversal AOLServer.nstelemetry.adp.Access Apache.CGI.Byterange.Request.DoS Apache.CMD.CommandExecution.B Apache.DoS.2044 Apache.Encoded.Backslash.Directory.Traversal Apache.HTTP.Server.Error.Pages.Cross.Site.Scripting Apache.IPv6ParsingFlaw.C Apache.long.header.space.tab.DoS Apache.MIME.Blank.Header.DoS.A Apache.MIME.Blank.Header.DoS.B Apache.nph-publish.Script.Access Apache.Proxy.HTTP.Request.Smuggling ASP.Net.Unicode.Conversion.Cross-Site.Scripting Bajie.HTTP.JServer.CGI.Remote.Command.Execution.A Bajie.HTTP.JServer.CGI.Remote.Command.Execution.B Cobalt.RaQ.bash_history.Access CSM.Alibaba.alibaba.pl.Command.Execution CSM.Alibaba.get32.exe.Command.Execution CSM.Alibaba.lsindex2.bat.Command.Execution CSM.Alibaba.post32.exe.Command.Execution CSM.Alibaba.tst.bat.Command.Execution eZnet.HTTP.Request.Buffer.Overflow Frontpage.queryhit.htm.Access FrontPage.Server.Extension.fpadmdll.dll.XSS FrontPage.webhits.exe.Access GoAhead.WebServer.Remote.Arbitrary.Command.Execution HTAccess.Access HTPasswd.Access HTTP.Header.Value.Format.String IBM.Lotus.Domino.Web.Server.DoS ICQ.Webserver.Arbitrary.File.Access IIS.48K.Premature.Termination.HTTP.Request.Smuggling IIS.AskSam.as_web.Access IIS.AskSam.as_web4.Access IIS.Asp.Chunked.Transfer-Encoding IIS.Asp.Data.File.Access IIS.Bat.Command.Execution IIS.BizTalk.BizTalkHttpReceive.Access IIS.BizTalk.RawCustomSearchField.asp.SQL.Injection IIS.BizTalk.rawdocdata.asp.SQL.Injection IIS.Chunked.Encoding.Transfer.Heap.Overflow IIS.Cmd.Commad.Execution IIS.Cmd.Exe.Buffer.Overflow IIS.Codebrws.Asp.File.Access.A IIS.Codebrws.Asp.File.Access.B IIS.Codebrws.Source.Disclose IIS.Configuration.File.Disclosure IIS.cpshost.dll.Access IIS.Ctss.idc.Command.Execution IIS.Doctodep.btr.Access IIS.Escape.Character.Decode.Executable IIS.ExAir.Search.ASP.Access IIS.Executable.File.Parsing.A IIS.Executable.File.Parsing.B IIS.Form_JScript.asp.Access IIS.Form_VBScript.asp.Access IIS.Fpcount.Buffer.Overflow IIS.Fragment.HTR.Source.Disclosure IIS.FrontPage._vti_inf.html.Access IIS.Getdrvs.xxe.Information.Disclosure IIS.Header.DelimiterParsing.Buffer.Overflow.A IIS.Header.DelimiterParsing.Buffer.Overflow.B IIS.Header.DelimiterParsing.Buffer.Overflow.C IIS.Header.DelimiterParsing.Buffer.Overflow.D IIS.Header.Translate.Source.Disclosure IIS.Help.File.Search.Cross.Site.Scripting IIS.HR.Align.Buffer.Overflow IIS.HTR.Chunked.Encoding.Transfer.Buffer.Overflow IIS.HTR.IDC.STM.File.Extension.Buffer.Overflow IIS.IDC.File.Extension.Buffer.Overflow IIS.JET.Database.Engine.DSN.Hack IIS.Malformed.Escape.Command IIS.Malformed.File.Extension.DoS IIS.NTLM.Auth.Method.Disclosure.A IIS.NTLM.Auth.Method.Disclosure.B IIS.Server.Name.Spoof IIS.SQLInjection.Command.Shell IIS.STM.File.Extension.Buffer.Overflow IIS.TranslateF.Source.Disclose IIS.Upgrade.Bdir.htr IIS.Web.Server.Folder.Traversal W32/Bagle.GET.2.jpg.A W32/Bagle.GET.2.jpg.B Virus.Massacre.Pop3 W32.Nyxem.d.SMB.winzip.tmp.exe W32.Nyxem.d.SMTP.in.out.bound W32.Nyxem.possible.infection.counter W32.Nyxem.possible.infection.mstest W32/Bropia.A-tr.MSNFTP.A W32/Bropia.A-tr.MSNFTP.B W32/Bropia.A-tr.MSNP2P W32/Bropia.D-net.MSNFTP.A W32/Bropia.D-net.MSNFTP.B W32/Bropia.D-net.MSNP2P W32/Bropia.E-net.MSNFTP.A W32/Bropia.E-net.MSNFTP.B W32/Bropia.E-net.MSNP2P W32/Bropia.F-net.MSNFTP.A W32/Bropia.F-net.MSNFTP.B W32/Bropia.F-net.MSNP2P W32/LSASS.Bifffer.Overflow.D W32/LSASS.Buffer.Overflow.A W32/LSASS.Buffer.Overflow.B W32/LSASS.Buffer.Overflow.C W32/MyDoom W32/Sasser.A W32/Sasser.B W32/Sasser.C Worm.Blaster.POP3 Worm.Loveletter.VBS.POP3 Worm.Netsky.Z.POP3 Apple.iTunes.STSZ.Integer.Overflow Hope that helps.
Andrew Plato, CISSP, CISM
President / Principal Consultant
Anitian Enterprise Security
www.anitian.com
Fortinet Star MSSP Reseller
Andrew Plato, CISSP, CISM President / Principal Consultant Anitian
Enterprise Security www.anitian.com Fortinet Star MSSP Reseller
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We are a small business with multiple locations. In the 2+ years we have used Fortinet products configuration has always been a question. One of the issues is configuration backup. If utilization exceeds 79% then the backup will fail. Fortinet' s online help states " Disabling unneeded signatures can improve system performance and reduce the number of log messages and alert emails the IPS generates. For example, the IPS detects a large number of web server attacks. If access to a web server behind the FortiGate unit is not provided, disable all web server attack signatures" . They further state that revisions prior to 3.0 are backup failure prone. Yet when I contact Fortinet support there suggestion is to configure the units based on our requirements. The good news is that we only have one 2.8 unit left. However, there is still no need to place a demand on the equipment that is not necessary. But in the absence of recommendations we are forced to enable everything.
Not applicable
Created on 03-05-2007 07:03 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
First off - Thanks so much for the informational response..
You can wipe them clean and upload a new firmware to fix any booting issues. I' ve never (in the 100s of Fortinet' s we sell and support) had a Fortinet be totally dead to the point where it had to be returned. In every case, a full wipe and reimage repaired any problems. Its pretty easy to reimage a box. See the Knowledge Base. You just need a TFTP server.I actually did wipe them clean and attempted to upload a new image. I would get to the last step and it would seem like it was working and then I would get a " boot image" error. I used a free tftp server from SolarWinds and a Dell workstation to act as my server for all the backups and firmware images. It' s been maddening. If it is rare - I would love to understand what the heck I am doing wrong? What firmware version are you using on your FortiGate 60' s? a few of mine are here: Fortigate-60 3.00,build0474,061228 but the majority are; FortiWiFi-60AM 3.00,build0400,061002 How do you have your " Fortiguard Center" setup? A couple of boxes " died" during a scheduled update. They will start an update, get stuck and then if they are rebooted (either manually or cold) they fail. (I cant say it' s an ISP problem because these boxes are scattered all over and I have several ISP' s) Again thanks for all the information..
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I actually did wipe them clean and attempted to upload a new image. I would get to the last step and it would seem like it was working and then I would get a " boot image" error. I used a free tftp server from SolarWinds and a Dell workstation to act as my server for all the backups and firmware images. It' s been maddening. If it is rare - I would love to understand what the heck I am doing wrong?Ah, had the exact same problem. Put a switch between your system with the TFTP server and your fortigate. Direct cable connections or hubs will corrupt the TFTP transfer and cause that problem. We had a laptop that did the same thing and nothing seemed to solve it. Then we moved over to another laptop and put the fortigate and the laptop on a dumb switch and it worked fine. Also, try changing out the cables you' re using. Use new cables. TFTP is a correctionless protocol (its UDP) so if there are any errors along the way in transfer, they don' t get fixed. Yes, that is a maddening problem but easily fixed.
Andrew Plato, CISSP, CISM
President / Principal Consultant
Anitian Enterprise Security
www.anitian.com
Fortinet Star MSSP Reseller
Andrew Plato, CISSP, CISM President / Principal Consultant Anitian
Enterprise Security www.anitian.com Fortinet Star MSSP Reseller
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would get to the last step and it would seem like it was working and then I would get a " boot image" error. .... If it is rare - I would love to understand what the heck I am doing wrong? What firmware version are you using on your FortiGate 60' s? a few of mine are here: Fortigate-60 3.00,build0474,061228 but the majority are; FortiWiFi-60AM 3.00,build0400,061002It' s not clear from your post which is the composition of your bunch of 60' s There' re several 60 models around there; Forget by now MR4 for your 60' s ; Try with MR3 patch 6 ( build 406) by formatting your boxes and uploading it with your TFTP server.
How do you have your " Fortiguard Center" setup?Fortiguard center is related to bundle of services from Fortinet (AV and IPS updates, Spam and Web filtering); not required to put your boxes to work; Try to solve your firmwares issues and then, you can go for updates and the rest. hope it helps
regards
/ Abel
regards
/ Abel
Not applicable
Created on 03-06-2007 06:59 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
OK - gave it a shot this morning and I got a new error message! Got all the way to programming the boot device when I got the following error " WDC attempted to read over the partition end" and it froze.
If you don' t mind me picking you brain one last time - Can you give me further details or specs on how you set this up with a dumb switch?? Sorry for the newbie rants.
Put a switch between your system with the TFTP server and your fortigate. Direct cable connections or hubs will corrupt the TFTP transfer and cause that problem. We had a laptop that did the same thing and nothing seemed to solve it. Then we moved over to another laptop and put the fortigate and the laptop on a dumb switch and it worked fine. Also, try changing out the cables you' re using. Use new cables.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ORIGINAL: NCRL OK - gave it a shot this morning and I got a new error message! Got all the way to programming the boot device when I got the following error " WDC attempted to read over the partition end" and it froze. If you don' t mind me picking you brain one last time - Can you give me further details or specs on how you set this up with a dumb switch?? Sorry for the newbie rants.Install SolarWinds TFTP on a laptop Download the image you want, rename the file image.out Put the image.out in the TFTP root directory and start the TFTP server. Turn off all AV, firewalls, etc. on your laptop. Plug your laptop into a switch (not a hub). You can buy a cheap 8 port 10/100 switch at Frys BestBuy etc. for about $30.00. Don' t plug the switch into your internal network or any other network. Assign the laptop an STATIC IP address of 192.168.0.100 Plug in the internal interface of your Fortigate to the switch. Plug your serial port into to the laptop and start a terminal session. Boot the Fortigate and follow the instructions to upload the image. Everything should work.
Andrew Plato, CISSP, CISM
President / Principal Consultant
Anitian Enterprise Security
www.anitian.com
Fortinet Star MSSP Reseller
Andrew Plato, CISSP, CISM President / Principal Consultant Anitian
Enterprise Security www.anitian.com Fortinet Star MSSP Reseller
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Labels
-
FortiGate
8,749 -
FortiClient
1,776 -
5.2
801 -
FortiManager
736 -
5.4
639 -
FortiAnalyzer
563 -
FortiSwitch
477 -
FortiAP
474 -
FortiClient EMS
436 -
6.0
416 -
5.6
362 -
FortiMail
323 -
6.2
251 -
SSL-VPN
249 -
FortiAuthenticator v5.5
234 -
IPsec
212 -
FortiWeb
208 -
5.0
196 -
FortiNAC
191 -
FortiGuard
139 -
6.4
128 -
SD-WAN
117 -
FortiAuthenticator
106 -
FortiGateCloud
102 -
FortiSIEM
99 -
FortiCloud Products
98 -
FortiToken
92 -
Firewall policy
84 -
Wireless Controller
81 -
Customer Service
80 -
4.0MR3
64 -
FortiProxy
60 -
High Availability
56 -
Fortivoice
55 -
FortiADC
54 -
vlan
53 -
FortiEDR
52 -
ZTNA
49 -
Routing
47 -
FortiExtender
45 -
FortiSandbox
44 -
DNS
44 -
FortiDNS
42 -
LDAP
42 -
BGP
40 -
Authentication
39 -
FortiGate v5.4
35 -
SAML
35 -
NAT
35 -
Certificate
35 -
FortiSwitch v6.4
34 -
RADIUS
34 -
SSO
33 -
Interface
31 -
FortiConnect
30 -
VDOM
30 -
FortiLink
29 -
FortiWAN
27 -
Application control
27 -
Web profile
27 -
FortiConverter
25 -
Logging
25 -
Virtual IP
25 -
FortiGate v5.2
24 -
SSL SSH inspection
23 -
FortiPAM
22 -
Fortigate Cloud
20 -
FortiSwitch v6.2
19 -
FortiPortal
19 -
FortiGate-VM
18 -
FortiMonitor
18 -
Traffic shaping
17 -
SSID
16 -
Automation
16 -
WAN optimization
16 -
FortiDDoS
15 -
OSPF
15 -
System settings
15 -
FortiGate v5.0
14 -
FortiSOAR
14 -
Static route
14 -
Web application firewall profile
14 -
IP address management - IPAM
14 -
SNMP
13 -
Admin
13 -
FortiCASB
12 -
FortiManager v5.0
11 -
FortiRecorder
11 -
Security profile
11 -
Proxy policy
11 -
FortiManager v4.0
10 -
FortiBridge
10 -
IPS signature
10 -
FortiAP profile
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
Traffic shaping policy
9 -
Intrusion prevention
9 -
FortiDeceptor
8 -
RMA Information and Announcements
8 -
Port policy
8 -
4.0
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
DNS filter
7 -
Antivirus profile
7 -
Fabric connector
7 -
Web rating
7 -
Fortinet Engage Partner Program
7 -
FortiToken Cloud
6 -
Explicit proxy
6 -
trunk
6 -
Packet capture
6 -
Traffic shaping profile
6 -
API
5 -
FortiTester
5 -
Users
5 -
Email filter profile
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
Authentication rule and scheme
4 -
DLP sensor
4 -
Netflow
4 -
Replacement messages
4 -
Cloud Management Security
4 -
FortiDB
3 -
FortiHypervisor
3 -
FortiNDR
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Protocol option
3 -
TACACS
3 -
SDN connector
3 -
Service
3 -
VoIP profile
3 -
Multicast routing
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
Schedule
2 -
Multicast policy
2 -
Zone
2 -
Vulnerability Management
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
ICAP profile
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1737 | |
| 1107 | |
| 752 | |
| 447 | |
| 240 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.