Created on 02-27-2007 05:45 PM
I have scoured the forum archives but I do not see a " best practices" use of the IPS section. Is there such a thing?There' s not a general recipe for that because is related with your actual deployment Mostly a good starting point is common sense and IPS guide from http://docs.forticare.com/fgt.html I mean, if you don' t have a Oracle server to protect, why should you enable oracle signatures? If you' ve a old or non-patched IIS server in your DMZ, is good idea to enable and LOG everything to see what happening there; a pen-test may be helpful to probe known exploits against that IIS.
I am looking for how others are setting up their FortiGate 60' s - I have 28 of them at 28 remote branchespossibly -i' m guessing-, you don' t have servers to protect or be worried about internal activity inside every branch office; you could turn off IPS in those situations and begin to enable only strictly necessary.
why you ask?? Well I am having a huge amount of trouble with my FortiGate 60' s and I see where others have posted that turning off many of the services under IPS may solve some performance issues.yes, you can begin with kc article' s tips: http://kc.forticare.com/default.asp?id=1076&SID=&Lang=1 to tune those 60' s and avoid ' conserve mode' messages
has anyone had to return any of their FortiGate 60' s because they no longer boot?? I am on my 7th out of 28.Not with 60s, nor in that proportion, just one or two old 50 models; you' ve a really bad luck with your reseller; after buying them 32 boxes, you' ll deserves better attention. good luck
regards
/ Abel
Created on 03-01-2007 08:02 AM
BTW - has anyone had to return any of their FortiGate 60' s because they no longer boot?? I am on my 7th out of 28.Its pretty rare that a Fortinet is totally dead. You can wipe them clean and upload a new firmware to fix any booting issues. I' ve never (in the 100s of Fortinet' s we sell and support) had a Fortinet be totally dead to the point where it had to be returned. In every case, a full wipe and reimage repaired any problems. Its pretty easy to reimage a box. See the Knowledge Base. You just need a TFTP server. as for the IPS....
I have scoured the forum archives but I do not see a " best practices" use of the IPS section. Is there such a thing? I am looking for how others are setting up their FortiGate 60' s - I have 28 of them at 28 remote branches - and I would like articles or ANYTHING that will guide me on the IPS setup.There probably isn' t any such document. I would reccomend the following: Set the following categories to block: Worm, Backdoor, Web_Client As for the rest. Pick off the " high" ones in Web_Server, Application, email, smtp, web_apps and set them to drop. I' d set up one FG60 the way you want and let it run for 1-2 weeks. Make sure your users can do their work and access whatever they need to. When you have the IPS signatures tuned the way you want, save the configuration and then get the CLI commands for the IPS out of the configuration file. That way you can use the Bulk CLI commands to upload your configuraiton to the other systems. On an FG 60. I' d leave off all the low and informational IPS signatures. The 60s don' t have much power and there is no point monitoring for them. Here is a list of ones I manually set to drop. Note most of them are worms & back doors - hence you would get them with that category. AMPII.3D.Game.Engine.UDP.DoS Apache.IPv6ParsingFlaw.DoS.A Apache.IPv6ParsingFlaw.DosS.B Apple.Safari.Large.JavaScript.Array.Handling.DoS.A Apple.Safari.Large.JavaScript.Array.Handling.DoS.B Arnudp Cisco.ssh.Overflow.DoS Cisco.VoIP.Phone.StreamingStatistics.DoS EchoChargen.UDP.DoS Echok.DoS FreeRADIUS.Ascend.Receive.Secret.DoS FreeRADIUS.Ascend.Send.Secret.DoS Gewse Icecast.Base.64.Authorization.DoS ICMP12 ICQ.Message.Session.Window.DoS Kerio.Personal.Firewall.DoS LibPNG.iCCP.NULL.Dereference.DoS Lithtech.Game.Engine.UDP.DoS.A Lithtech.Game.Engine.UDP.DoS.B Mstream.Agent.Pong2Handler Mstream.Agent2Handler Mstream.Handler.Ping2Agent Mstream.Handler2Agent Mstream.Handler2Client Mstream.Handler2Client.15104 Nb.Isakmp.DoS Newtear Oracle.Intermedia.ORDDoc.DoS Oracle.Intermedia.ORGImage.DoS Oracle.Net.Services.Listener.DoS Oracle9i.Application.Server.Web.Cache.Administration.DoS.B Oracle9i.TNS.OneByte.DoS Polycom.ViaVideo.DoS Project1.TCP.epmap.DoS Quake.Dcd3c.26000.DoS Quake.Dcd3c.26001.DoS Quake.Dcd3c.26002.DoS Qualcomm.Eudora.MIME.Nesting.DoS RAS.PPTP.Malformed.Control.Packet.DoS Real.Networks.Helix.Universal.Server.DoS.A Real.Networks.Helix.Universal.Server.DoS.B RealNetworks.Helix.Server.Content.Length.DoS Shaft.Agent2Handler Shaft.Handler2Agent Snork.UDP SSLBomb.Binary SSLBomb.Hello Stacheldraht.Client.Check Stacheldraht.Client.Check.Gag Stacheldraht.Client.Spoof Stacheldraht.Server.Response Stacheldraht.Server.Response.Gag Stacheldraht.Sever.Spoof Sun.Cobalt.RAQ4Server.DoS SurgeLDAP.HTTP.GET.DoS Symantec.DoS TCPDump.L2TP.Parser.Remote.DoS.A TCPDump.L2TP.Parser.Remote.DoS.B TearDrop.Bonk TFN.Client.Command.BE TFN.Client.Command.LE TFN.Probe TFN.Server.Response TFN2K Trin00.Daemon2Master Trin00.HELLO Trin00.Master2Daemon.Password.Default Trin00.Password.Default Trin00.Password.Mdie.Default Trin00.Password.Startup Trin00.PONG VERITAS.Backup.Exec.Agent.Invalid.Error.Status.DoS WapServ.DoS.A WapServ.DoS.B WapServ.DoS.C Web.Browser.Infinite.Array.Sort.DoS Windows.Ani.File.DoS.A Windows.Ani.File.DoS.B Windows.Ani.File.DoS.C Windows.IGMP.Header.Invalid.C.DoS Windows.IGMP.Header.Invalid.D.DoS Windows.IGMP.Header.Invalid.E.DoS Windows.IGMP.Header.Invalid.F.DoS Windows.LANMAN.TCP.DoS Windows.Printing.Service.DoS Windows.XP.WAV.File.Handler.DoS Winnuke.Windows.Out.Of.Band.DoS Wnewk Working.Resources.Badblue.Malformed.HTTP.DoS wu-ftpd.Wildcard.DoS Apple.QuickTime.Content-Type.Remote.Buffer.Overflow Apple.Quicktime.Movie.File.Component.Name.Integer.Overflow Apsis.Pound.logmsg.Format.String Arkeia.Agent.Access.Default.Root.Password Arkeia.Agent.Access.Get.System.Info Arkeia.Type.77.Request.Stack.Overflow AV.Software.Zip.Files.Detection.Evasion.A AV.Software.Zip.Files.Detection.Evasion.B Axis.StorPoint.CD.Authentication.Bypass BadBlue.Ext.DLL.Command.Execution BadBlue.MFCISAPICommand.Remote.Buffer.Overflow BakBone.NetVault.Computer.Name.Buffer.Overflow BrightStor.ARCserve.Backup.Default.Account BrightStor.ARCserve.Discovery.SERVICEPC.Buffer.Overflow.A BrightStor.ARCserve.Discovery.SERVICEPC.Buffer.Overflow.B BrightStor.ARCserve.UDP.Probe.Buffer.Overflow BrightStor.ARCserve.UniversalAgent.BOF.big.endian BrightStor.ARCserve.UniversalAgent.BOF.little.endian CA.iGateway.HTTP.Request.Remote.Buffer.Overflow CA.License.Manager.Stack.Overflow CA.Unicenter.Awservices.Stack.Overflow CA.Unicenter.Message.Queuing.Buffer.Overflow Cfengine.Authentication.Dialogue.Buffer.Overflow Cisco.CiscoWorks2000.CsAuthServlet.Privilege.Escalation Compaq.Web.management.Authentication.CIM_XML ISS.PAM.SMB.Parsing.Buffer.Overflow Agobot.Phatbot.Infection Akak.Response Akak.Setup Amanda.Connected CDK Dagger.1.4.0.Drives DeepThroat.Client DeepThroat.Mouse.Frozen DeepThroat.Mouse.Unfrozen DeepThroat.Server Dolly.2.Client.DTOK Dolly.2.Client.GURL Dolly.2.Client.HVTC Dolly.2.Client.RUNA Dolly.2.Client.SVTC Dolly.2.Client.UIPC Dolly.2.Server G_Door.ICMP HidePak.StoogR HideSource.wank MyDoom.Client MyDoom.Server NetBus.Client.D NetBus.Client.GetInfo.A NetBus.Client.GetInfo.B NetBus.Server PhaseZero Phatbot.P2P.Connection QAZ.Client.Login RHTools.ASP.Access Rootkit.d13hh Rootkit.lrkr0x Rootkit.r00t Rootkit.rewt Rootkit.satori Rootkit.w00w00 Rootkit.wh00t! Sm4ck.hax0r SubSeven.2.1.Command SubSeven.2.1.Connected SubSeven.2.2.SA SubSeven.Defcon8.2.1 WinRAT.1.2.Client.A WinRAT.1.2.Server IBM.DB2.Universal.Database.Generate_distfile.Buffer.Overflow 3CDaemon.FTP.Server.Information.Disclosure ArGoSoft.Upload.Windows.Shortcut BSD.Ftpd.Glob.Buffer.Overflow CooolSoft.PowerFTP.Drive.Content.Disclose CooolSoft.PowerFTP.PWD.Path.Disclose FTP.ADM.User.W0rm FTP.ADMhack.Password.Attempt FTP.Backdoor.Password.h0tb0x.Attempt FTP.Command.authorized_keys.file.Transfer FTP.Command.CWD.BS.WAREZ FTP.Command.CWD.DoS FTP.Command.CWD.Root FTP.Command.CWD.WAREZ FTP.Command.DELE.Overflow FTP.Command.MKD.BS.WAREZ FTP.Command.MKD.Dot.WAREZ FTP.Command.MKD.Overflow FTP.Command.MKD.WAREZ FTP.Command.PASS.Overflow FTP.Command.REST.Overflow FTP.Command.RETR.2xBSDot FTP.Command.RETR.Conversion FTP.Command.RETR.passwd.File.Transfer FTP.Command.RETR.shadow.File.Transfer FTP.Command.RMD.Overflow FTP.Command.RMDIR.Overflow FTP.Command.SITE.CHOWN.A.Overflow FTP.Command.SITE.EXEC.Overflow FTP.Command.SITE.ZIPCHK.Overflow FTP.Command.STAT.Overflow FTP.Command.USER.Overflow FTP.file_id.diz.Transfer FTP.ISS.Password.iss@iss.Attempt FTP.LIST.Directory.Traversal FTP.MODE.Invalid FTPD.Created.Pathname.Buffer.Overflow FTPLocate.flsearch.pl.Remote.Command.Execution.A1 FTPLocate.flsearch.pl.Remote.Command.Execution.A2 FTPLocate.flsearch.pl.Remote.Command.Execution.B1 FTPLocate.flsearch.pl.Remote.Command.Execution.B2 FutureSoft.TFTP.Directory.Traversal.A FutureSoft.TFTP.filename.Buffer.Overflow FutureSoft.TFTP.transfer-mode.Buffer.Overflow glFtdD.SITE.ZIPCHK.Command.Execution glFTPd.Zip.Plugin.Directory.Traversal.nfo glFTPd.Zip.Plugin.Directory.Traversal.zipchk glFTPd.Zip.Plugin.Directory.Traversal.ziplist Golden.FTPD.APPE.Stack.Overflow Gzip.FTP.Get.Buffer.Overflow Gzip.FTP.Put.Buffer.Overflow HP-UX.FTP.Server.Directory.Listing.A HP-UX.FTP.Server.Directory.Listing.B IBM.AIX.FTPD.CEL.Buffer.Overflow IIS.STAT.Globbing.DoS IIS.Wildcard.DoS InetUtils.TFTP.Client.Buffer.Overflow.A InetUtils.TFTP.Client.Buffer.Overflow.B Ipswitch.Ws_ftp.ALLO.Buffer.Overflow Ipswitch.WS_FTP.CPWD.Buffer.Overflow Ipswitch.WS_FTP.iFtpSvc.Option.Remote.Command.Execution Ipswitch.Ws_ftp.REST.Large.Argument.DoS Ipswitch.WS_FTP.RNFR.Buffer.Overflow Ipswitch.WS_FTP.SITE.Buffer.Overflow Ipswitch.Ws_ftp.STAT.Buffer.Overflow Ipswitch.WS_FTP.XMKD.Buffer.Overflow moxftp.Banner.Parsing.Buffer.Overflow OpenBSD.X86.FTPD.Shell.Code OpenFTPD.SiteMsg.Format.String Oracle9i.XDB.FTP.Pass.Overflow Oracle9i.XDB.FTP.Unlock.Overflow PlatinumFTPserver.Malformed.Username.DoS Rsync.Chunk.Checksum.Buffer.Overflow Saint.Scanner.FTP.Attempt Sasser.FTPD.1203.Overflow Sasser.FTPD.5554.Overflow Satan.Scanner.FTP.Attempt Serv-U.FTP.site.chmod.LongFilename.Buffer.Overflow Serv-U.List.Parameter.Buffer.Overflow.A Serv-U.List.Parameter.Buffer.Overflow.B Server.U.Transversal Solaris.Command.CWD.7E0A Solaris.Command.CWD.7E0D0A SolarWinds.TFTP.Server.Directory.Traversal TFTP.Directory.Traversal TFTP.Overlong.Filename WFTPD.Pro.MLST.Buffer.Overflow WS_FTPD.CWD.Stack.Overflow WuFTP.Glob.Filename.Bad WuFTP.SITE.EXEC.Attempt.A WuFTP.SITE.EXEC.Attempt.B WvTftp.Option.Heap.Overflow Wzdftpd.SITE.Arbitrary.Command.Execution.A 3COM.OfficeConnect.DoS 3COM.OfficeConnect.SoftReset AIX.Rexd.Weak.Authentication Altnet.ADM.ActiveX.Remote.Buffer.Overflow Apple.Quicktime.ImageWidth.DoS Apple.QuickTime.Integer.Overflow Apple.QuickTime.StripByteCounts.Buffer.Overflow Apple.QuickTime.StripOffsets.Improper.Memory.Access Ares.Chat.Join BSD.TildeSlash.Monit.Content-Length.DoS. Cauldron.Chaser.Client.Remote.DoS Cauldron.Chaser.Server.Remote.DoS CFEngine.CFServD.Transaction.Packet.Buffer.Overflow Chocoa.IRC.Client.Topic.Buffer.Overflow Cisco.Catalyst.Command.Execution Cisco.IOS.HTTP.Command.Execution Cisco.IOS.HTTP.DoS Cisco.Malformed.URL Cisco.Secure.ACS Cisco.view-source.DoS Computer.Associates.License.Client.PUTOLF.Buffer.Overflow Computer.Associates.License.Client.PUTOLF.Directory.Traversal DameWare.Mini.Remote.Control.Server.Buffer.Overflow Delegate.Application.Proxy.Buffer.Overflow Denora.IRC.Stats.Nick.Buffer.Overflow DHCPD.Hostname.Format.String DNS.Suspicious.Connection eMule.DecodeBase16.Remote.Buffer.Overflow GraphOn.GO-Global.Client.Remote.Buffer.Overflow GraphOn.GO-Global.Server.Remote.Buffer.Overflow HP.JetDirect.LCD.Display.Modification Interaction.SIP.Proxy.REGISTER.Remote.Buffer.Overflow IPSec-Tools.IKE.Message.Handling.DoS IRC.clientToServer.communication.JOIN ISAKMP.AGGR.Hash.Header.Length ISAKMP.AGGR.SA.Key.Length.Value ISAKMP.Main.SA.Life.Duration.TLV.Value Jabber.Studio.JabberD.Remote.Buffer.Overflow.A Jabber.Studio.JabberD.Remote.Buffer.Overflow.B Jabber.Studio.JabberD.Remote.Buffer.Overflow.C KDE.Kjs.UTF-8.Encoded.URI.Handling.BufferOverflow Kerio.Personal.firewall.Packet.Buffer.Overflow LCDproc.Command.Buffer.Overflow LCDproc.Test_func.Command.Buffer.Overflow LCDproc.Test_func.Command.Format.String Legato.NetWork.Administrator.Login LHA.Arbitrary.File.Creation LHA.Filename.Buffer.Overflow Linux.Ramen.Retrieval Linux.TildeSlash.Monit.Content-Length.DoS Lpd.Solaris.Unlink.File.Attempt Lynx.NNTP.Article.Header.Buffer.Overflow MDaemon.Form2Raw.Message.Handler.Buffer.Overflow Microsoft.Excel.Malformed.Graphic.File.Code.Execution.B Microsoft.Excel.Malformed.Graphic.File.Code.Execution.C Microsoft.Excel.Malformed.Range.Memory.Corruption MPlayer.RTSP.Line.Response.Buffer.Overflow.B MS.UPNP.Notify.Buffer.Overflow OpenSSL.SSLv3.Client.SessionID.Buffer.Overflow Passlogd.Buffer.Overflow PeerCast.URL.Format.String PPTP.Root.Exploit RealPlayer.Arbitary.Code.Execution RealServer.DESCRIBE.Buffer.Overflow Red.Faction.DoS Rsync.Backup-dir.Directory.Traversal ShixxNOTE.6.net.Font.Buffer.Overflow Soulseek.Login.Attempt.2234 Soulseek.Login.Attempt.2240 Soulseek.Login.Attempt.2242 Soulseek.Login.Attempt.5534 Stream.Media.HTTP Stream.Media.MMS Stream.Media.PNM Stream.Media.RTSP StreamTheWorld.Online.Radio.Detection Suspecious.Active.FTP.Data.Connection Symantec.Client.Firewall.Remote.DNS.Response.DoS Symantec.Firewall.NBNS.Response.Heap.Overflow Symantec.Firewall.NBNS.Response.Stack.Overflow Symantec.Firewall.UDP.ISAKMP.Filtering.Bypass Symantec.Firewall.UDP.SNMP.Filtering.Bypass Symantec.Firewall.UDP.TFTP.Filtering.Bypass TCPDump.isakmp.Integer.Overflow Tcpdump.LDP.Print.Zero.Length.Message.TCP.DoS Tcpdump.LDP.Print.Zero.Length.Message.UDP.DoS ToolTalk.ttdbserverd.Format.String.TCP.A TrendMicro.ARJ.Filename.Buffer.Overflow Unreal.Engine.Secure.Query.Buffer.Overflow Watchfire.AppScan.QA.Remote.Code.Execution Webmin.Miniserv.pl.Perl.Format.String Win32/Sobig.F.A Win32/Sobig.F.B Win32/Sobig.F.C Windows.Session.Information.Disclosure.139 WSMP3.Buffer.Overflow AutoMount.Multiple.Vendor.Buffer.Overflow.tcp AutoMount.Multiple.Vendor.Buffer.Overflow.udp HP-UX.LPD.Arbitrary.Command.Execution Linux.LCDproc.Parse.Code.Execution Linux.Ntalkd.Hostname.Buffer.Overflow MS.CMM.ICC.Profile.Buffer.Overflow MS.DDS.Library.Msdds.dll.Buffer.Overflow MS.DirectX.DirectShow.Buffer.Overflow.A MS.DirectX.DirectShow.Buffer.Overflow.B MS.GDIPlus.JPEG.BufferOverflow.A MS.Message.Queuing.Remote.Buffer.Overflow MS.Windows.GDI.Library.EMF.DoS SCO.Unix.Calserver.Buffer.Overflow Solaris.SnmpXdmi.AddComponent.Name.Overflow Solaris.SnmpXdmi.AddComponent.Pragma.Overflow Sun.Solaris.ypbind.Buffer.Overflow Unix.CDE.Dtspcd.Buffer.Overflow Unixshellfromport.ingreslock.port.Exploit Windows.HTML.Help.Heap.Overflow Windows.Media.Player.plug-in.Buffer.Overflow Windows.Metafile.WMF.Integer.Overflow Windows.Shell.Buffer.Overflow Windows.Task.Scheduler.Remote.Buffer.Overflow Windows.Troubleshooter.RunQuery2.Code.Execution Windows.WINS.Replaction.Name.Buffer.Overflow.B Windows.WMF.Rendering.Engine.Heap.Overflow.A Acrobat.Reader.Filespec.Overflow.A Acrobat.Reader.Filespec.Overflow.B AdCycle.AdLogin.pm.Authentication.Bypass AWStats.Rawlog.Plugin.Logfile.Parameter.Input.Validation Barracuda.imgpl.Command.Execution BitComet.URI.Buffer.Overflow BNB.Survey.CGI.Remote.Command.Execution CGI.Day5datacopier.Access.Attempt CGI.nph-test-cgi.Directory.Listing.Disclosure CGI.PHP.Mlog.Mylog.phtml.access CGI.PHP.Mylog.file.access CuteNews.Remote.Code.Execution Darryl.Burgdorf.Webhints.Remote.Command.Execution Dnsmasq.DHCP.Lease.File.DoS Dragon-Fire.IDS.Arbitrary.Command.Execution eFiction.Cross-Site.Scripting eFiction.SQL.Injection.A eFiction.SQL.Injection.B First4Internet.CodeSupport.Remote.Code.Execution FormHandler.CGI.Reply.Attachment Google.Appliance.ProxyStyleSheet.Command.Execution HP.OpenView.Network.Node.Manager.Remote.Command.Execution.3443 HP.OpenView.Network.Node.Manager.Remote.Command.Execution.80 HTTP.CGI.Anyform.Semicolon HTTP.CGI.Bigconf.cgi.Access HTTP.CGI.Uploader.exe.Acces HTTP.Coldfusion.Administrator.Probe HTTP.Tomcat.ContextAdmin.Access HTTP.Tomcat.Snoop.Servlet.Information.Disclosure IBM.WebSphere.AS.Console.BOF.Buffer.Overflow Ikonboard.Illegal.Cookie.Language.Command.Execution Karrigell.Ks.File.Python.Command.Execution.A Karrigell.Ks.File.Python.Command.Execution.B Linksys.Apply.cgi.POST.Buffer.Overflow Lynx.Command.Injection Macromedia.ShockWave.Installer.Buffer.Overflow Microsoft.MSN.SetupBBS.ActiveX.Control.BufferOverflow MS.ActiveX.CAB.File.Execution.HTTP MS.ActiveX.htmlfile.File.Disclosure MS.ASP.NET.WEB.Service.DoS MS.Frontpage.MS-DOS.Device.Name.DoS MS.Jet.DB.File.Code.Execution MS.Office.Data.Source.Control.ActiveX.Object MS.Office.Web.Components.Chart.ActiveX.Object.Access MS.Office.Web.Components.Local.File.Read MS.Office.Web.Components.PivotTable.ActiveX.Object MS.Outlook.View.ActiveX.Object.Access MS.OWC.Record.Navigation.Control.ActiveX.Object.Access AN.HTTPD.CMDIS.DLL.Buffer.Overflow AOLServer.Authentication.Buffer.Overflow AOLserver.Directory.Traversal AOLServer.nstelemetry.adp.Access Apache.CGI.Byterange.Request.DoS Apache.CMD.CommandExecution.B Apache.DoS.2044 Apache.Encoded.Backslash.Directory.Traversal Apache.HTTP.Server.Error.Pages.Cross.Site.Scripting Apache.IPv6ParsingFlaw.C Apache.long.header.space.tab.DoS Apache.MIME.Blank.Header.DoS.A Apache.MIME.Blank.Header.DoS.B Apache.nph-publish.Script.Access Apache.Proxy.HTTP.Request.Smuggling ASP.Net.Unicode.Conversion.Cross-Site.Scripting Bajie.HTTP.JServer.CGI.Remote.Command.Execution.A Bajie.HTTP.JServer.CGI.Remote.Command.Execution.B Cobalt.RaQ.bash_history.Access CSM.Alibaba.alibaba.pl.Command.Execution CSM.Alibaba.get32.exe.Command.Execution CSM.Alibaba.lsindex2.bat.Command.Execution CSM.Alibaba.post32.exe.Command.Execution CSM.Alibaba.tst.bat.Command.Execution eZnet.HTTP.Request.Buffer.Overflow Frontpage.queryhit.htm.Access FrontPage.Server.Extension.fpadmdll.dll.XSS FrontPage.webhits.exe.Access GoAhead.WebServer.Remote.Arbitrary.Command.Execution HTAccess.Access HTPasswd.Access HTTP.Header.Value.Format.String IBM.Lotus.Domino.Web.Server.DoS ICQ.Webserver.Arbitrary.File.Access IIS.48K.Premature.Termination.HTTP.Request.Smuggling IIS.AskSam.as_web.Access IIS.AskSam.as_web4.Access IIS.Asp.Chunked.Transfer-Encoding IIS.Asp.Data.File.Access IIS.Bat.Command.Execution IIS.BizTalk.BizTalkHttpReceive.Access IIS.BizTalk.RawCustomSearchField.asp.SQL.Injection IIS.BizTalk.rawdocdata.asp.SQL.Injection IIS.Chunked.Encoding.Transfer.Heap.Overflow IIS.Cmd.Commad.Execution IIS.Cmd.Exe.Buffer.Overflow IIS.Codebrws.Asp.File.Access.A IIS.Codebrws.Asp.File.Access.B IIS.Codebrws.Source.Disclose IIS.Configuration.File.Disclosure IIS.cpshost.dll.Access IIS.Ctss.idc.Command.Execution IIS.Doctodep.btr.Access IIS.Escape.Character.Decode.Executable IIS.ExAir.Search.ASP.Access IIS.Executable.File.Parsing.A IIS.Executable.File.Parsing.B IIS.Form_JScript.asp.Access IIS.Form_VBScript.asp.Access IIS.Fpcount.Buffer.Overflow IIS.Fragment.HTR.Source.Disclosure IIS.FrontPage._vti_inf.html.Access IIS.Getdrvs.xxe.Information.Disclosure IIS.Header.DelimiterParsing.Buffer.Overflow.A IIS.Header.DelimiterParsing.Buffer.Overflow.B IIS.Header.DelimiterParsing.Buffer.Overflow.C IIS.Header.DelimiterParsing.Buffer.Overflow.D IIS.Header.Translate.Source.Disclosure IIS.Help.File.Search.Cross.Site.Scripting IIS.HR.Align.Buffer.Overflow IIS.HTR.Chunked.Encoding.Transfer.Buffer.Overflow IIS.HTR.IDC.STM.File.Extension.Buffer.Overflow IIS.IDC.File.Extension.Buffer.Overflow IIS.JET.Database.Engine.DSN.Hack IIS.Malformed.Escape.Command IIS.Malformed.File.Extension.DoS IIS.NTLM.Auth.Method.Disclosure.A IIS.NTLM.Auth.Method.Disclosure.B IIS.Server.Name.Spoof IIS.SQLInjection.Command.Shell IIS.STM.File.Extension.Buffer.Overflow IIS.TranslateF.Source.Disclose IIS.Upgrade.Bdir.htr IIS.Web.Server.Folder.Traversal W32/Bagle.GET.2.jpg.A W32/Bagle.GET.2.jpg.B Virus.Massacre.Pop3 W32.Nyxem.d.SMB.winzip.tmp.exe W32.Nyxem.d.SMTP.in.out.bound W32.Nyxem.possible.infection.counter W32.Nyxem.possible.infection.mstest W32/Bropia.A-tr.MSNFTP.A W32/Bropia.A-tr.MSNFTP.B W32/Bropia.A-tr.MSNP2P W32/Bropia.D-net.MSNFTP.A W32/Bropia.D-net.MSNFTP.B W32/Bropia.D-net.MSNP2P W32/Bropia.E-net.MSNFTP.A W32/Bropia.E-net.MSNFTP.B W32/Bropia.E-net.MSNP2P W32/Bropia.F-net.MSNFTP.A W32/Bropia.F-net.MSNFTP.B W32/Bropia.F-net.MSNP2P W32/LSASS.Bifffer.Overflow.D W32/LSASS.Buffer.Overflow.A W32/LSASS.Buffer.Overflow.B W32/LSASS.Buffer.Overflow.C W32/MyDoom W32/Sasser.A W32/Sasser.B W32/Sasser.C Worm.Blaster.POP3 Worm.Loveletter.VBS.POP3 Worm.Netsky.Z.POP3 Apple.iTunes.STSZ.Integer.Overflow Hope that helps.
Created on 03-05-2007 07:03 AM
You can wipe them clean and upload a new firmware to fix any booting issues. I' ve never (in the 100s of Fortinet' s we sell and support) had a Fortinet be totally dead to the point where it had to be returned. In every case, a full wipe and reimage repaired any problems. Its pretty easy to reimage a box. See the Knowledge Base. You just need a TFTP server.I actually did wipe them clean and attempted to upload a new image. I would get to the last step and it would seem like it was working and then I would get a " boot image" error. I used a free tftp server from SolarWinds and a Dell workstation to act as my server for all the backups and firmware images. It' s been maddening. If it is rare - I would love to understand what the heck I am doing wrong? What firmware version are you using on your FortiGate 60' s? a few of mine are here: Fortigate-60 3.00,build0474,061228 but the majority are; FortiWiFi-60AM 3.00,build0400,061002 How do you have your " Fortiguard Center" setup? A couple of boxes " died" during a scheduled update. They will start an update, get stuck and then if they are rebooted (either manually or cold) they fail. (I cant say it' s an ISP problem because these boxes are scattered all over and I have several ISP' s) Again thanks for all the information..
I actually did wipe them clean and attempted to upload a new image. I would get to the last step and it would seem like it was working and then I would get a " boot image" error. I used a free tftp server from SolarWinds and a Dell workstation to act as my server for all the backups and firmware images. It' s been maddening. If it is rare - I would love to understand what the heck I am doing wrong?Ah, had the exact same problem. Put a switch between your system with the TFTP server and your fortigate. Direct cable connections or hubs will corrupt the TFTP transfer and cause that problem. We had a laptop that did the same thing and nothing seemed to solve it. Then we moved over to another laptop and put the fortigate and the laptop on a dumb switch and it worked fine. Also, try changing out the cables you' re using. Use new cables. TFTP is a correctionless protocol (its UDP) so if there are any errors along the way in transfer, they don' t get fixed. Yes, that is a maddening problem but easily fixed.
I would get to the last step and it would seem like it was working and then I would get a " boot image" error. .... If it is rare - I would love to understand what the heck I am doing wrong? What firmware version are you using on your FortiGate 60' s? a few of mine are here: Fortigate-60 3.00,build0474,061228 but the majority are; FortiWiFi-60AM 3.00,build0400,061002It' s not clear from your post which is the composition of your bunch of 60' s There' re several 60 models around there; Forget by now MR4 for your 60' s ; Try with MR3 patch 6 ( build 406) by formatting your boxes and uploading it with your TFTP server.
How do you have your " Fortiguard Center" setup?Fortiguard center is related to bundle of services from Fortinet (AV and IPS updates, Spam and Web filtering); not required to put your boxes to work; Try to solve your firmwares issues and then, you can go for updates and the rest. hope it helps
regards
/ Abel
Created on 03-06-2007 06:59 AM
Put a switch between your system with the TFTP server and your fortigate. Direct cable connections or hubs will corrupt the TFTP transfer and cause that problem. We had a laptop that did the same thing and nothing seemed to solve it. Then we moved over to another laptop and put the fortigate and the laptop on a dumb switch and it worked fine. Also, try changing out the cables you' re using. Use new cables.
ORIGINAL: NCRL OK - gave it a shot this morning and I got a new error message! Got all the way to programming the boot device when I got the following error " WDC attempted to read over the partition end" and it froze. If you don' t mind me picking you brain one last time - Can you give me further details or specs on how you set this up with a dumb switch?? Sorry for the newbie rants.Install SolarWinds TFTP on a laptop Download the image you want, rename the file image.out Put the image.out in the TFTP root directory and start the TFTP server. Turn off all AV, firewalls, etc. on your laptop. Plug your laptop into a switch (not a hub). You can buy a cheap 8 port 10/100 switch at Frys BestBuy etc. for about $30.00. Don' t plug the switch into your internal network or any other network. Assign the laptop an STATIC IP address of 192.168.0.100 Plug in the internal interface of your Fortigate to the switch. Plug your serial port into to the laptop and start a terminal session. Boot the Fortigate and follow the instructions to upload the image. Everything should work.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.