A quick reminder that you really need to have your fortinet firewalls behind a firewall

jerry@infosec.exchange

A quick reminder that you really need to have your fortinet firewalls behind a firewall

https://thehackernews.com/2026/03/fortigate-devices-exploited-to-breach.html?m=1

viss@mastodon.social

@jerry spectacular. no notes

johnley@infosec.exchange

@jerry meanwhile I’m at fortinet accelerate this week…

ichinin@infosec.exchange

@jerry Apparently Fortinet is built upon Linux so...apt-get install iptables ?

samantazfox@infosec.exchange

@jerry Maybe we should ask them to reconsider the industry they're working in. At this point, they should open a swiss cheese factory, they'd do great!

johnley@infosec.exchange

@jerry following up on the “firewall in front of your fortigate” that’s called local in policies and the authorized hosts list.

But dogshit fly by night MSPs have never heard of that or VPNs, so they just open up the management interface(s) to the internet, slap a “all to internet” firewall policy in there with no inspection and sell it to an unsuspecting accounting firm for hundreds of dollars a month, then call themselves an MSSP.

johntimaeus@infosec.exchange

@Viss @jerry

I've been going to lots of .mil tech conferences lately. There's always a fortinet booth and an ivanti booth. I don't think I've seen anyone actually go to those booths.

pauliehedron@infosec.exchange

@johnley @jerry It's literally a check box where you put the MGT listener on an interface. It can like not be checked on internet facing ones. Mine at home doesn't have it so I know it's not hard. lol.

glitchy404@wetdry.world

@jerry https://tvtropes.org/pmwiki/pmwiki.php/Main/WhoWatchesTheWatchmen

csolisr@hub.azkware.net

Ah yes, good ol' FortiVulnsPerWeek

csolisr@hub.azkware.net

Or as the Slavic sphere would call them, Forti-НЕТ

paul_ipv6@infosec.exchange

@jerry

fortinet firewalls remind me of my grandmother.

she had slip covers to protect her upholstery, then vinyl covers to protect her slip covers...

she also had cork to protect the wood on her dining room table, custom covers to protect the cork, a table cloth over the covers, plastic to protect the table cloth.

i just get polyurethane finish on the wood table and call it done.

rafalbla@infosec.exchange

@jerry Isn't it like that with Chrome 0-days every other week?

huronbikes@cyberplace.social

@jerry genuinely considered purchasing a used gateway appliance just to get a picture of it plugged into itself, but people still want significant sums of money for them.

baloouriza@social.tulsa.ok.us

@SamantazFox Clownflare suddenly considers buying cows...

@jerry

tim_lavoie@cosocial.ca

@huronbikes @jerry Would a Fortigate 100D suffice? Mine (got as a free toy with a year's support) has been idle for a few years now.
Other than shipping, it's free.