PSIRT Advisory

FortiGate fails to log traffic for Fortinet owned IP address range


An insufficient logging vulnerability in FortiGate may allow the traffic from an unauthenticated attacker to Fortinet owned IP addresses to go unnoticed.


Insufficient Logging

Affected Products

FortiGate versions 6.2.4 and below. FortiGate version 6.4.0.


Please upgrade to 6.4.1 or above, and add dynamic firewall address "FCTEMS_ALL_FORTICLOUD_SERVERS" which includes all FortiGuard servers in the policy to log the traffic for Fortinet IP addresses.


Fortinet is pleased to thank Michael Weinstein from NetTects LLC for reporting this vulnerability under responsible disclosure.