Fortinet Community

Jirka1 · ‎10-16-2022

Hi,

a strange thing happened to me today.

My home firewall 40F (7.2.1) rebooted unexpectedly.
I looked in the log and found that the reboot was done by the user "fortigate-tech-support" and the reason was a firmware upgrade (7.2.1->7.2.2)

In system/Administrator this user was created and I don't know about it.
My admin password is set to 17 characters (including special characters) and another administrator has an equally strong password.
FortiGate is added to FortiCloud.
Passwords remained unchanged, all configuration looks ok.

How should I explain it? I'm assuming it's not a trusted event... or is it something to do with the new CVE?

Thank you.

Jirka

kanes391 · ‎10-19-2022

Hi @Amar1 ,

Is this legitimate? I am seeing the same issue as well.

xsilver_FTNT · ‎10-19-2022

If you see "fortigate-tech-support" or have device with logs (type="event" subtype="system") and any of following properties:
user="Local_Process_Access"
ui="Node.js"

then open a technical ticket of Fortinet's Support for further steps and checks.

Tomas Stribrny - NASDAQ:FTNT - Fortinet stuff - TAC L3 Escalations engineer

Zamokuhle · ‎11-03-2022

@Jirka1please advise on the feedback from support if you reported ? i also experienced the same thing on the same date as you

esec · ‎12-14-2022

Noticed these on some Fortigates as well, what was the feedback and recommendation from Fortinet to take on this?

Fortinet Community

fortigate-tech-support user