Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
netmanb2k
New Contributor II

Created on ‎12-13-2021 11:11 AM

On Fortigate firewall do we need to take any actions against LOG4J ?

On Fortigate firewall do we need to take any actions against LOG4J ?

Labels:
4325
0 Kudos
4 Solutions
kitkat09811
New Contributor III

Created on ‎12-13-2021 11:53 AM

yes !  you should protect any servers that are internet facing. If your not doing SSL inspection on inbound HTTPS communication and your webservers are vulnerable, this would not be good.  IPS Signature database 19.00215 is the updated signature database which has the log4j signature, although you need to setup this IPS signature as block since by default it's set to pass.

View solution in original post

4306
JWJ
Staff
Staff

Created on ‎12-13-2021 12:50 PM Edited on ‎12-13-2021 12:52 PM

Just in case, another user submitted a quick and dirty "How-To" for changing the default action of "Allow" to "Block" on the log4j signature.

Security Profiles

Intrusion Prevention

Edit Sensor

Add Signature

Type = Signature

Action = Block

Status = enable.

Then search the log4j signature and click add to signature.

[Apache.Log4j.Error.Log.Remote.Code.Execution]

Save.

Move to the top of the signatures list.

Save

 

Thanks @none1234 for posting.

View solution in original post

4287
kitkat09811
New Contributor III

Created on ‎12-13-2021 12:56 PM

and to add to @JWJ , here is a screenshot of the IPS Sensor:

Capture.PNG

View solution in original post

4281
kitkat09811
New Contributor III

Created on ‎12-13-2021 12:58 PM

and as default it's set to pass as seen on this screenshot, so make sure to change it to blockCapture.PNG

View solution in original post

4279
4 REPLIES 4
kitkat09811
New Contributor III

Created on ‎12-13-2021 11:53 AM

yes !  you should protect any servers that are internet facing. If your not doing SSL inspection on inbound HTTPS communication and your webservers are vulnerable, this would not be good.  IPS Signature database 19.00215 is the updated signature database which has the log4j signature, although you need to setup this IPS signature as block since by default it's set to pass.

4307
JWJ
Staff
Staff

Created on ‎12-13-2021 12:50 PM Edited on ‎12-13-2021 12:52 PM

Just in case, another user submitted a quick and dirty "How-To" for changing the default action of "Allow" to "Block" on the log4j signature.

Security Profiles

Intrusion Prevention

Edit Sensor

Add Signature

Type = Signature

Action = Block

Status = enable.

Then search the log4j signature and click add to signature.

[Apache.Log4j.Error.Log.Remote.Code.Execution]

Save.

Move to the top of the signatures list.

Save

 

Thanks @none1234 for posting.

4288
kitkat09811
New Contributor III

Created on ‎12-13-2021 12:56 PM

and to add to @JWJ , here is a screenshot of the IPS Sensor:

Capture.PNG

4282
kitkat09811
New Contributor III

Created on ‎12-13-2021 12:58 PM

and as default it's set to pass as seen on this screenshot, so make sure to change it to blockCapture.PNG

4280
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.