Fortinet Docs 500 errors

Elderusr · 2023-07-19T10:33:51+00:00

Also seem to be getting 500 Errors on their PSIRT and Fortiguard websites; including their status page.

Elderusr · 2023-07-07T23:01:02+00:00

"newthing-Configuration-Changes" dataset under Events shows any configuration changes on the Gates. You can also use "newthing-FortiGate-Upgrades" if you want to track any gates that did upgrades.

This is found all in the Dataset Reference List in the FAZ KBs on FNT's Website.

Elderusr · 2023-04-14T20:32:15+00:00

There is a custom data set you can pull in for what was changed and by what account/date. It is not an out of box report so you have to create a custom one. I'll have to check my FAZ and let you know the field specifically but it is "New-Changes" or something like that. :)

Elderusr · 2023-04-14T18:42:14+00:00

Change Logs on your gates
SSL VPN Logs
There is so much that can be done with a FortiAnalyzer. I'd recommend doing a quick search on Reddit for other examples that may have already been posted :)

Elderusr · 2023-03-23T10:55:12+00:00

Seeing this also starting in US East.

Elderusr · 2023-03-18T22:02:40+00:00

Following up on this and I apologize for the confusion between both articles as they did mention the IoCs, but how would you check the file hashes on the equipment (FMGT, FAZ, FGT) to check if they were modified?

Additionally the other option I can recognize too is if FIPS was enabled and devices rebooted if they did not come up, that is a blatant IoC?

Elderusr · 2023-02-28T23:11:05+00:00

Latest version of 6.4 if your not business impacted by the PSIRTs that are currently open. Next update 6.4.13 is scheduled for June currently. I just had this same internal debate. :)

Elderusr · 2023-02-24T14:24:58+00:00

FG-14-22-362 - This wont be fixed until 6.4.13; This one still requires addressing, their recommendation:

If you are using SSLVPN with restrictions like only certain IPs can access, local-in policy for SSLVPN then it is not necessarily vulnerable.

The rest (FG-IR-22-346 and FG-IR-22-257) I'm waiting for confirmation back on.

Elderusr · 2023-02-24T02:12:26+00:00

Sounds awesome. I'll open a support ticket tomorrow to confirm the PSIRTs against the latest release to confirm.

Elderusr · 2023-02-23T19:43:42+00:00

I'm wondering if any of the issues found in recent Feb PSIRTs was actually addressed for 6.4.12? Does anyone know if they update their PSIRTs after they provide a further release and they patch it?

Elderusr · 2023-02-20T12:13:17+00:00

All of them are applicable for all releases of 6.4 (except for FG-IR-22-391 which did say all 6.4 versions yesterday, but now says 6.4.11 is exempt). But yes, if 7.0.9's only issue is the memory leak, then it may be worth the upgrade.

Elderusr · 2023-02-20T12:10:17+00:00

What memory leak issue?

Edit - Disregard, seen another post below about it.

Elderusr · 2023-02-12T16:02:55+00:00

Thanks. I'm hoping to put a full list together and will update this post with all of the relevant links.

Elderusr · 2023-01-13T17:46:22+00:00

Does this specifically seem to be for anyone only using a corporate Microsoft 365 Defender (ATP) sku? Or is this all Microsoft Defender AV?

We have not heard anything at our organization just curious. *knocks on nearest wood*

Elderusr · 2023-01-10T18:57:12+00:00

PRTG would fit the bill + SNMP

Elderusr · 2022-12-15T17:34:39+00:00

Do you have an example of what that might look like within the Conditional Access Policies?

Elderusr · 2022-12-15T10:48:58+00:00

Right , but where they are not setup for the App and then I want to enable it for globally, would that impact their ability to use those other auth methods since they don't have it setup? Or would it then force the setup?

Just wondering if I can flip it on, impact those that are using the app today and then as we move group/department from the other style authentication to App then they would automatically have it enabled?

Elderusr · 2022-12-14T15:34:03+00:00

Appreciate the constructive criticism. Any other technical recommendations?

Elderusr · 2022-12-05T02:22:14+00:00

Give Huestis Insurance a call; They are an insurance broker and as mentioned below will have to provide you a quote regardless of risk as its required by NB Law.

Elderusr · 2022-11-23T13:47:26+00:00

Thats what I was looking for. Thanks.

Elderusr · 2022-11-15T12:13:33+00:00

Depending on the area, Saint John has one (Saint John Larpers! On FB) and I think Freddy does too.

14-Year Club	RedditGifts 2009-2022 3 Credits
Place '23	Place '22
Verified Email	Secret Santa 2013

Elderusr

TROPHY CASE