PSIRT Advisory

FortiGate fails to log traffic for Fortinet owned IP address range

Summary

An insufficient logging vulnerability in FortiGate may allow the traffic from an unauthenticated attacker to Fortinet owned IP addresses to go unnoticed.

Impact

Insufficient Logging

Affected Products

FortiGate versions 6.2.4 and below. FortiGate version 6.4.0.

Solutions

Please upgrade to 6.4.1 or above, and add dynamic firewall address "FCTEMS_ALL_FORTICLOUD_SERVERS" which includes all FortiGuard servers in the policy to log the traffic for Fortinet IP addresses.

Acknowledgement

Fortinet is pleased to thank Michael Weinstein from NetTects LLC for reporting this vulnerability under responsible disclosure.