Hi All,
FortiGate 300D v5.4.1. Just going live with a subset of our vlans and watching traffic, I noticed a ton of UPD/3544 from our Windows boxes, which is likely Teredo - Microsoft's IPv6 tunnel through IPv4. I've kept everything in-house at IPv4 still.
A while back there were a lot of comments that Teredo could too easily be used by malware to bypass inspection by gateway firewalls. I haven't seen much recently, but Symantec's write up on it was concerning: http://www.symantec.com/avcenter/reference/Teredo_Security.pdf.
My uneducated questions:
- Is Teredo still seen as a security risk?
- I assume FGT isn't aware of Teredo and there's no way for me to inspect it without moving over to IPv6 dual stack?
- Has anybody blocked Teredo at the FGT and disabled for the Windows clients (netsh interface teredo set state disable) and how did it go?
Thanks in advance for any pointers.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Apologies for the ask, and I know this is very old, so I won't likely get an answer, but I have run into a similar situation where I see Teredo IPv6 over IPv4 tunnels being used for Xbox traffic, which circumvents policies and inspection when the firewall is in IPv4 mode. Except, that I am using firmware 6.4.10 on a FGT60F. I assume, likewise, that I will have to setup IPv6 mode for my firewall to be able to even inspect this tunnel, yes?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1633 | |
1063 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.