FortiGate fails to log traffic for Fortinet owned IP address range
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-20-033
Final
1
1
2020-09-24T00:00:00
Current version
2020-09-24T00:00:00
2020-09-24T00:00:00
FortiGate may fail to record traffic destined to Fortinet owned IP addresses i.e. traffic destined to the following subnets: 173.243.128.0/20, 96.45.32.0/20 As an example, traffic generated by FortiClient/FortiClient EMS via the FortiGate in order to request updates from the FortiGuard distributed servers may not be logged under Logs > forward traffic logs.
Insufficient Logging
FortiGate versions 6.0.11 and below. FortiGate versions 6.2.5 and below. This issue is triggered ONLY when fabric/fortiheartbeat/endpoint-compliance is enabled at the interface level.
Please upgrade to FortiGate Version 6.4.0 or above. Workaround: For FortiGate versions 6.2.5 and below, please disable Fabric/Fortiheartbeat on all interfaces and reboot the FortiGate. config system interface edit set fortiheartbeat disable next end or config system interface edit set allowaccess ping https http ssh fabric -----------> remove fabric next end For FortiGate versions 6.0.11 and below, disable endpoint-compliance on all interfaces and reboot the FortiGate config system interface edit set endpoint-compliance disable next end
Fortinet is pleased to thank Michael Weinstein from NetTects LLC for reporting this vulnerability under responsible disclosure.
FortiOS 6.2.15
FortiOS 6.2.14
FortiOS 6.2.13
FortiOS 6.2.12
FortiOS 6.2.11
FortiOS 6.2.10
FortiOS 6.2.9
FortiOS 6.2.8
FortiOS 6.2.7
FortiOS 6.2.6
FortiOS 6.2.5
FortiOS 6.2.4
FortiOS 6.2.3
FortiOS 6.2.2
FortiGate fails to log traffic for Fortinet owned IP address range
CVE-2020-12818 (disputed)
FortiOS-6.2.15
FortiOS-6.2.14
FortiOS-6.2.13
FortiOS-6.2.12
FortiOS-6.2.11
FortiOS-6.2.10
FortiOS-6.2.9
FortiOS-6.2.8
FortiOS-6.2.7
FortiOS-6.2.6
FortiOS-6.2.5
FortiOS-6.2.4
FortiOS-6.2.3
FortiOS-6.2.2
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:X/RC:X
https://fortiguard.fortinet.com/psirt/FG-IR-20-033
FortiGate fails to log traffic for Fortinet owned IP address range
Reference>