Friday, April 11, 2014

Heartbleed - Part 3

Anyone running FortiOS 5.0 GA to 5.0.6 can protect the firewall itself by

  • limiting access to the firewall's Admin interface using "Trusted Hosts" in the Admin profiles
or
  •  configuring an interface policy as per below

config firewall interface-policy

    edit 1
        set interface "wan1"
        set srcaddr "all"
        set dstaddr "all"
        set service "HTTPS"
        set ips-sensor-status enable
        set ips-sensor "opensslheartbeat"
    next

end

No comments: