Monday, July 21, 2008

Recommendation: Do Not Upgrade to FortiOS 3.0 MR6 Patch 2 Under Certain Conditions

If you have seen your firewall CPU utilization go to 100% and stay there my recommendation is to NOT upgrade to FortiOS 3.0 MR6 Patch 2 at this time. Where before the firewall would continually run high CPU utilization it did not appear to affect traffic. After the upgrade to MR6 Patch 2 traffic is now being impacted. The firewalls will still pass ICMP but services such as http, snmp and others are being effectively blocked. See my June post about further details and how to temporarily work around the problem.

*** Update ***

Fortinet Engineering has confirmed this as an infinite loop problem in the IPS Engine triggered by DCE/RPC type traffic. In 3.0 MR5 the impact was not noticeable. In 3.0 MR6 the IPS engine has a higher priority which is why traffic is now affected.

** Update to the previous Update **

Fortinet Engineering has fixed the issue. The new IDS package 1.097 should take care of it.

1 comment:

Anonymous said...

So what's the recomendation? Drop back to MR6 patch 1 or jumpt to MR7? Sounds like this bug only arises if you are running IPS in a profile applies to a rule(s), correct?