Fortigate 6.2.3 fails to log traffic to IP addresses 173.243.138.98 - 173.243.138.110 Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-20-033 Final 1 1 2020-09-24T00:00:00 Current version 2020-09-24T00:00:00 2020-09-24T00:00:00 FortiGate may fail to record traffic destined to Fortinet owned IP addresses i.e. traffic destined to the following subnets: 173.243.128.0/20, 96.45.32.0/20 As an example, traffic generated by FortiClient/FortiClient EMS via the FortiGate in order to request updates from the FortiGuard distributed servers may not be logged under Logs > forward traffic logs. Improper access control FortiGate versions 6.0.11 and below.FortiGate versions 6.2.5 and below.This issue is triggered ONLY when fabric/fortiheartbeat/endpoint-compliance is enabled at the interface level. Please upgrade to FortiGate Version 6.4.0 or above. Workaround: For FortiGate versions 6.2.5 and below, please disable Fabric/Fortiheartbeat on all interfaces and reboot the FortiGate. config system interface edit set fortiheartbeat disable next end or config system interface edit set allowaccess ping https http ssh fabric -----------> remove fabric next end For FortiGate versions 6.0.11 and below, disable endpoint-compliance on all interfaces and reboot the FortiGate config system interface edit set endpoint-compliance disable next end Fortinet is pleased to thank Michael Weinstein from NetTects LLC for reporting this vulnerability under responsible disclosure. CVE-2020-12818 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-20-033 Fortigate 6.2.3 fails to log traffic to IP addresses 173.243.138.98 - 173.243.138.110 Reference>