The secondary unit in a FortiGate active/passive cluster bricks (i.e.,
fails closed and must be re-imaged) after FIPS self-tests under certain
conditions, two of them being: when it can't contact the master; when it
is given the master's configuratio...
The fix for this issue has been released. The current fix is not
publicly available. If you are having the previously described issue you
can call their support and request a copy. The timeline for 5.0.13 looks
like sometime in August at this point, ...
FYI Congrats to the O.P. who started this thread and all those who
responded. Please see a snippet of the official response from cert.org
(the place US-CERT vulnerability requests go) pertaining to the rule
precedence / match-vip documentation gap. P...
"Fantastic summary trauthor. From your post, I get the impression that
Fortinet will be re-working the flow of traffic such that a deny would
somehow take precedence, is this indeed the case?" The only response of
which I was made aware is the docume...
There are multiple posts in this forum related to VIP policy [...]
Please refer to the below correspondence to see if it pertains to your
situation. Thank you. ========== Fw: FortiGate Security "Loophole" and
Severe Bug Two issues were discovered dur...
There are multiple posts in this forum related to VIP policy
compromising security. I have opened cases with FortiNet both for this
issue and an additional issue. I have also alerted appropriate parties.
To FortiNet's credit, they are working quickly...