On Fortigate firewall do we need to take any actions against LOG4J ?
Solved! Go to Solution.
yes ! you should protect any servers that are internet facing. If your not doing SSL inspection on inbound HTTPS communication and your webservers are vulnerable, this would not be good. IPS Signature database 19.00215 is the updated signature database which has the log4j signature, although you need to setup this IPS signature as block since by default it's set to pass.
Just in case, another user submitted a quick and dirty "How-To" for changing the default action of "Allow" to "Block" on the log4j signature.
Security Profiles
Intrusion Prevention
Edit Sensor
Add Signature
Type = Signature
Action = Block
Status = enable.
Then search the log4j signature and click add to signature.
[Apache.Log4j.Error.Log.Remote.Code.Execution]
Save.
Move to the top of the signatures list.
Save
Thanks @none1234 for posting.
and as default it's set to pass as seen on this screenshot, so make sure to change it to block
yes ! you should protect any servers that are internet facing. If your not doing SSL inspection on inbound HTTPS communication and your webservers are vulnerable, this would not be good. IPS Signature database 19.00215 is the updated signature database which has the log4j signature, although you need to setup this IPS signature as block since by default it's set to pass.
Just in case, another user submitted a quick and dirty "How-To" for changing the default action of "Allow" to "Block" on the log4j signature.
Security Profiles
Intrusion Prevention
Edit Sensor
Add Signature
Type = Signature
Action = Block
Status = enable.
Then search the log4j signature and click add to signature.
[Apache.Log4j.Error.Log.Remote.Code.Execution]
Save.
Move to the top of the signatures list.
Save
Thanks @none1234 for posting.
and to add to @JWJ , here is a screenshot of the IPS Sensor:
and as default it's set to pass as seen on this screenshot, so make sure to change it to block
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.