Hi,
a strange thing happened to me today.
My home firewall 40F (7.2.1) rebooted unexpectedly.
I looked in the log and found that the reboot was done by the user "fortigate-tech-support" and the reason was a firmware upgrade (7.2.1->7.2.2)
In system/Administrator this user was created and I don't know about it.
My admin password is set to 17 characters (including special characters) and another administrator has an equally strong password.
FortiGate is added to FortiCloud.
Passwords remained unchanged, all configuration looks ok.
How should I explain it? I'm assuming it's not a trusted event... or is it something to do with the new CVE?
Thank you.
Jirka
If you see "fortigate-tech-support" or have device with logs (type="event" subtype="system") and any of following properties:
user="Local_Process_Access"
ui="Node.js"
then open a technical ticket of Fortinet's Support for further steps and checks.
Tom xSilver, planet Earth, over and out!
@Jirka1please advise on the feedback from support if you reported ? i also experienced the same thing on the same date as you
Noticed these on some Fortigates as well, what was the feedback and recommendation from Fortinet to take on this?
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.