I was recently made aware by the open support community that I'm a top contributor for Q3/4-2014.
https://forum.fortinet.com/tm.aspx?m=119131
I was surprised to see this, and the fact that they rewarded me with a fortiStore gift purchase credit. This why Fortinet is such and outstanding group , and for the security engineers working in the security sectors & communities.
The support forum has grown, very well behaved and good tips/tricks/pointers are pass around on a daily basis.
I've been closely involved with fortinet going back to FortiOS 2.8 and the mid 2006 years.
https://forum.fortinet.com/
Ken Felix
Freelance Network/Security Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( # # )=
@
/ \
"DENY" rule getting bypassed
ReplyDeleteI have been waiting for an administrator to approve my registration request for the forums for a few days now, but really need to get this out for people to read.
Here in an obscure technical note Is a bombshell for many FortiOS administrators:
http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD33338
To make things worse, without the settings recommended in the technical note, these packets are silently dropped, they are not logged by the implicit deny rule, so an admin may not necessarily even know this was a problem. This information is not given in the main FortiGate Handbook or Firewall Manual - in fact, I can't find it anywhere else! I only came across it because someone noticed the issue in the forums earlier this year:
https://forum.fortinet.com/tm.aspx?m=112129
Fortunately, my level of paranoia saved me before we put our unit into production; I was able to amend the rules so that they actually worked. I opened an official ticket and documented a complaint - apologies if my experience so far with their product has been different. Anyhow, tell anyone you know, I'll be doing the same.
Cheers,
MJK
Lol - actually, looking at your above post more closely, emnoc and netmin were two of the posters in the exact thread I referenced! My intention was to respond in that thread, so I guess it was just as well that I posted here, one of them is probably you. :)
Delete