You will find here some bugs or issues I found in Fortinet Fortigate firewall/IDS/Anti-Virus/Anti-Spam gateway.
CVE-2005-3057 : Bypass Fortinet anti-virus using FTP
CVE-2005-3058 : Bypass Fortinet URL filtering


AV analysis impact on network performance:
I found a 23 K file for which the AV analysis causes some important delay for network connections (this file is here).

Configuration:

We are using a cluster composed of two FG3000 (which is not an entry-level), using v3beta2.
We haved noticed the problem using v2.8MR10 but we were unable to identify the file that caused the problem before upgrading to the v3beta.
AV and IPS are activated, the cluster is in Active-Active mode, load-balance-all disabled (this means that AV analysis is dispatched between the 2 members of the cluster, but not the firewalling work).
All our tests are made on a local network.

How we tested:

On a local network, we put the file on web server, and made 12 simultaneous wget to this file (that passes through the Fortigate, with AV/IPS enabled), and we made a ping to another host. Here’s the ping output:
64 bytes from 172.18.1.250: icmp_seq=3 ttl=127 time=0.871 ms
64 bytes from 172.18.1.250: icmp_seq=4 ttl=127 time=0.847 ms
64 bytes from 172.18.1.250: icmp_seq=5 ttl=127 time=0.839 ms
64 bytes from 172.18.1.250: icmp_seq=6 ttl=127 time=0.758 ms
64 bytes from 172.18.1.250: icmp_seq=7 ttl=127 time=0.799 ms
64 bytes from 172.18.1.250: icmp_seq=10 ttl=127 time=1875 ms
64 bytes from 172.18.1.250: icmp_seq=11 ttl=127 time=875 ms
64 bytes from 172.18.1.250: icmp_seq=12 ttl=127 time=1908 ms
64 bytes from 172.18.1.250: icmp_seq=13 ttl=127 time=908 ms
64 bytes from 172.18.1.250: icmp_seq=14 ttl=127 time=1943 ms
64 bytes from 172.18.1.250: icmp_seq=15 ttl=127 time=943 ms
64 bytes from 172.18.1.250: icmp_seq=16 ttl=127 time=1977 ms
64 bytes from 172.18.1.250: icmp_seq=17 ttl=127 time=977 ms
64 bytes from 172.18.1.250: icmp_seq=18 ttl=127 time=2023 ms
[...]
--- 172.18.1.250 ping statistics ---
69 packets transmitted, 63 received, 8% packet loss, time 68080ms
rtt min/avg/max/mdev = 0.753/447.421/2023.194/666.045 ms, pipe 3

We opened a case at Fortinet support, but it was closed without comment on this problem by a Fortinet engineer arguing that we were not sure that this was happening on a stable version.

(Original page here)

February 13, 2006, 3:34 pm lock

Add your own comment or set a trackback

Currently no comments

  1. No comment yet

Add your own comment

*
To prove you're a person (not a spam script), type the security word shown in the picture.
Anti-Spam Image



Follow comments according to this article through a RSS 2.0 feed