The FortiGate firewall must fail to a secure state if the firewall filtering functions fail unexpectedly.
An XCCDF Rule
Description
<VulnDiscussion>Firewalls that fail suddenly and with no incorporated failure state planning may leave the hosting system available but with a reduced security protection. Failure to a known safe state helps prevent systems from failing to a state that may cause unauthorized access to make changes to the firewall filtering functions. This applies to the configuration of the gateway or network traffic security function of the device. Abort refers to stopping the firewall filtering function before it has finished naturally. The term abort refers to both requested and unexpected terminations.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-234148r611444_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
FortiGate will inherently fail closed upon a power failure. Additionally, the FortiOS kernel enters conserve mode when memory use reaches the red threshold (default 88 percent memory use). When the red threshold is reached, FortiOS functions that react to conserve mode, such as the antivirus transparent proxy, apply conserve mode based on configured conserve mode settings. Additionally, FortiOS generates conserve mode log messages and SNMP traps, and a conserve mode banner appears on the GUI. If memory use reaches the extreme threshold (95 percent memory used), new sessions are dropped and red threshold conserve mode actions continue.
Conserve mode actions for filtering are configured as follows:
Log in to the FortiGate GUI with Super-Admin privilege.