Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
joh2k
New Contributor III

Threat detected but not blocked - OpenSSL.TLS.Heartbeat.Information.Disclosure

Hello everyone,

 

Our #Fortigate v7.0.14 detected a Heartbleed attack, but it did not block it, so it reached an inner service (luckly not vulnerable)

cs940a.PNG
cs940b.png
 

cs940c.png

 

To my understanding, the default action should be blocking such malicious connections. Why did it detect but not block?

 

How should I configure Fortigate to block it?

 

Thanks for your help,

1 Solution
kk777
New Contributor II

The behavior you're observing in the IPS configuration for the 'OpenSSL TLS Heartbeat Information Disclosure' can indeed be modified. It's important to note that the current 'Pass' setting is applied only to the information disclosure that does not directly pertain to an attack. This means that the system is configured to allow information that is considered non-malicious. However, if your security protocol requires that all forms of potential vulnerabilities, including information disclosures, be blocked, you can adjust the IPS settings accordingly. Simply change the action from 'Pass' to 'Block' for this specific signature to enhance security measures against possible exploitation.

 

Selection_999(123).png

View solution in original post

2 REPLIES 2
kk777
New Contributor II

The behavior you're observing in the IPS configuration for the 'OpenSSL TLS Heartbeat Information Disclosure' can indeed be modified. It's important to note that the current 'Pass' setting is applied only to the information disclosure that does not directly pertain to an attack. This means that the system is configured to allow information that is considered non-malicious. However, if your security protocol requires that all forms of potential vulnerabilities, including information disclosures, be blocked, you can adjust the IPS settings accordingly. Simply change the action from 'Pass' to 'Block' for this specific signature to enhance security measures against possible exploitation.

 

Selection_999(123).png

hbac
Staff
Staff
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors