Hello everyone,
Our #Fortigate v7.0.14 detected a Heartbleed attack, but it did not block it, so it reached an inner service (luckly not vulnerable)
To my understanding, the default action should be blocking such malicious connections. Why did it detect but not block?
How should I configure Fortigate to block it?
Thanks for your help,
1 Solution
The behavior you're observing in the IPS configuration for the 'OpenSSL TLS Heartbeat Information Disclosure' can indeed be modified. It's important to note that the current 'Pass' setting is applied only to the information disclosure that does not directly pertain to an attack. This means that the system is configured to allow information that is considered non-malicious. However, if your security protocol requires that all forms of potential vulnerabilities, including information disclosures, be blocked, you can adjust the IPS settings accordingly. Simply change the action from 'Pass' to 'Block' for this specific signature to enhance security measures against possible exploitation.
The behavior you're observing in the IPS configuration for the 'OpenSSL TLS Heartbeat Information Disclosure' can indeed be modified. It's important to note that the current 'Pass' setting is applied only to the information disclosure that does not directly pertain to an attack. This means that the system is configured to allow information that is considered non-malicious. However, if your security protocol requires that all forms of potential vulnerabilities, including information disclosures, be blocked, you can adjust the IPS settings accordingly. Simply change the action from 'Pass' to 'Block' for this specific signature to enhance security measures against possible exploitation.
