FortiGate PPPoE inside a VLAN

Some providers (like init7.ch which already uses the Swisscom XGS-PON) do encapsulate their PPPoE traffic into a VLAN Tag (802.1Q or Q-Tagged). The reason for this is, that in the majority of the cases the provider is using a layer 2 network (last mile) of another provider, which uses VLAN tagging to differentiate the traffic to different service providers.

The configuration of the FortiGate is not too complicated in those cases. It is even possible to make the whole configuration directly off the WebGUI.

«FortiGate PPPoE inside a VLAN» weiterlesen

Windows update breaks SSO event log readers (FSSO, PAN UIA, WG ELM)

Microsoft has released KB5003646 on the 6th of June 2021. Part of this update is a security hardening measurement to align with recommendations as a conclusion out of CVE-2021-31958.

As a known issue of this KB5003646, microsoft has noted in the release notes: «After installing this or later updates, apps accessing event logs on remote devices might be unable to connect.»

This is exactly what is happening on Fortinet FSSO (FSSO with FortiGate, as well as FSSO over the FortiAuthenticator) and Palo Alto Networks User-ID Agent. They are not working anymore after the installation of Update KB5003646.

«Windows update breaks SSO event log readers (FSSO, PAN UIA, WG ELM)» weiterlesen

FortiGuard DNS Rating Server (SDNS) unavailable

Last update from 12.05.2021 at 09:40 Swiss local time: We have noticed an improvement in the situation. Some rare rating timeouts still show up from time to time, but the majority of requests are being answered correctly. Also the DNS servers are working as usual again.

We have noticed an increase of support requests regarding the FortiGuard DNS rating service (SDNS) today. Therefore we want to inform you about the following issue.

«FortiGuard DNS Rating Server (SDNS) unavailable» weiterlesen

FortiGate SSLVPN Update-Empfehlung

Update, Nov 2020:

More than a year after Fortinet described this SSLVPN vulnerability, it gets new attention. A few days ago a list of IPs and domain names of vulnerable Fortigates was published. This list is dated November 2019 and one can only hope that many of these systems have already been patched.

Two days ago, this list was extended with usernames and passwords that were exploted via this vulnerability. Even if the Fortigates have been patched – as long as the passwords have not been changed, an attacker could still use them to gain access to protected networks.

«FortiGate SSLVPN Update-Empfehlung» weiterlesen

Upgrade your FortiMail now!

There seems to be a vulnerarbility in some FortiMail versions, that allow an unauthenticated remote attacker to access the system by requesting a password change. Please refer to the FortiGuard PSIRT article.

The problem here is not only the unauthorized access to the system, but also the change of the password of all configured administrative accounts. Also, the maintainer functionality to reset the administrator password over a serial console of the FortiMail is being disabled from the attacker.

«Upgrade your FortiMail now!» weiterlesen

 1,601 total views,  1 views today

What’s new with FortiOS 6.2/6.0.8: Update issue with certificate for WebUI

Recently we have had a few support cases where a customer was unable to log in to the firewall via WebUI after the firmware update. But SSH access worked fine.

It turned out that during the update process the server certificate used for the WebUI is lost.

Config with v6.0.4 (it does not happen with «self-signed» only):

config system global
set admin-server-cert "self-signed"
end
«What’s new with FortiOS 6.2/6.0.8: Update issue with certificate for WebUI» weiterlesen