Quelli della Fortinet ce ne hanno combinata un’altra. Hanno rilasciato delle firme per l’IPS che, di fatto, rendono inutilizzabili i Fortigate corrompendo la memoria interna al punto tale che e’ necessario riformattarla e ripristinare sia il firmware, sia la configurazione.

Negli ultimi tre giorni ci sono saltati tre apparati differenti, su tre clienti differenti, e abbiamo perso non meno di tre giorni di lavoro per ripristinare tutto, giorni di cui manderemo presto il conto a Fortinet. Pur essendo partner Fortinet, di sicuro ci penseremo bene la prossima prima di comprare degli altri apparati perché non e’ la prima volta che ci troviamo in condizioni di emergenza per problemi simili dovuti a bug del firmware o a signatures con problemi e dati i margini economici nei quali ci si muove, in particolare nel mercato small & medium business, il gioco non vale la candela se gli apparati (e servizi) hanno un elevato (sufficiente) indice di difettosità.

In ogni modo, di seguito l’output della console di uno degli apparati affetti dal problema, più sotto il bollettino rilasciato dal supporto tecnico (volendo anche l’originale in PDF ) ed in ultimo la nota tecnica inviataci “Loading FortiGate firmware image using TFTP


 

FGT50B-DEAD_DEVICE #

Please stand by while rebootig

FGT50B (14:15-10.01.2008)

Ver:04000010
Serial number:FGT50B3G09123456
RAM activation
Total RAM: 256MB
Enabling cache...Done.
Scanning PCI bus...Done.
Allocating PCI resources...Done.
Enabling PCI resources...Done.
Zeroing IRQ settings...Done.
Verifying PIRQ tables...Done.
Enabling Interrupts...Done.
Boot up, boot device capacity: 64MB.
Press any key to display configuration menu...
......

Reading boot image 1319595 bytes.
Initializing firewall...
System is started.
pid-28 lock_mlog()-504 shmget()failed: No such file or directory
pid-28 lock_mlog()-504 shmget()failed: No such file or directory
pid-28 lock_mlog()-504 shmget()failed: No such file or directory

__get_backdoor_timeout: Couldn't get shm
__set_backdoor_timeout: Couldn't get shm

FGT50B-DEAD_DEVICE login: pid-28 lock_mlog()-504 shmget()failed: No such file or directory
pid-28 lock_mlog()-504 shmget()failed: No such file or directory
pid-28 lock_mlog()-504 shmget()failed: No such file or directory
pid-28 lock_mlog()-504 shmget()failed: No such file or directory

FGT50B-DEAD_DEVICE login:

FGT50B-DEAD_DEVICE login: pid-28 lock_mlog()-504 shmget()failed: No such file or directory
FGT50B-DEAD_DEVICE login: pid-28 lock_mlog()-504 shmget()failed: No such file or directory

FGT50B-DEAD_DEVICE login: admin
Password: ********
__admindb_get_copy: Couldn't get admindb
__admindb_get_copy: Couldn't get admindb
Welcome !

FGT50B-DEAD_DEVICE # pid-28 lock_mlog()-504 shmget()failed: No such file or directory

 


Number: CSB-110610-1
Released: 10 June 2011
Modified: N/A
Subject: FortiGuard Update – Failed Reboot Condition
Product: FortiGate
Description:

 

A FortiGate may fail to restart correctly after a power cycle or a software reboot if a FortiGuard update of either the IPS engine and its signatures or the AV engine and its signatures has been performed. After the update has successfully completed and a subsequent reboot is carried out, the FortiGate device may hang and traffic may not traverse through it, the following output may be seen on the console port:

__get_backdoor_timeout: Couldn’t get shm
__set_backdoor_timeout: Couldn’t get shm
__admindb_get_copy: Couldn’t get admindb

 

Affected Products:

FortiGate devices running FortiOS v4.0 MR1 Patch Release 1 through to Patch Release 9, inclusive.
Check if the version of IPS engine and signature that is loaded on the FortiGate:

 

FortiGate# get sys fortiguard-service status

 

NAME VERSION LAST UPDATE METHOD EXPIRE

 

AV Engine 3.013 13/08/2009 15.44 manual 03/01/2012 0.00
Virus Definitions 13.309 10/06/2011 4.31 manual 03/01/2012 0.00
Extended set 0.000 01/01/2003 0.00 manual 03/01/2012 0.00
Attack Definitions 3.012 10/06/2011 4.31 manual 03/01/2012 0.00
IPS Attack Engine 1.230 10/06/2011 4.33 manual 03/01/2012 0.00

If FortiGate is running one of the affected firmware versions listed above, the IPS engine is version 1.230 AND the attack definitions are version 3.012 the device may be susceptible to this issue

Resolution:

To prevent the issue , update the IPS attack definition to version 3.013. This can be retrieved from the FortiGuard network by performing an update on the IPS definitions.

Using the GUI interface : System > Maintenance > FortiGuard > IPS definitions – Update

Then verify the attack definition file has been updated to 3.013:

 

FortiGate# get sys fortiguard-service status

 

NAME VERSION LAST UPDATE METHOD EXPIRE

 

AV Engine 3.013 13/08/2009 15.44 manual 03/01/2012 0.00
Virus Definitions 13.309 10/06/2011 4.31 manual 03/01/2012 0.00
Extended set 0.000 01/01/2003 0.00 manual 03/01/2012 0.00
Attack Definitions 3.013 10/06/2011 4.35 manual 03/01/2012 0.00
IPS Attack Engine 1.230 10/06/2011 4.33 manual 03/01/2012 0.00

Patch Release 10, v4.0, MR1 is scheduled for release on June 16th, 2011 to correct the FortiOS corruption of shared memory issue.

If the FortiGate has been rebooted and is already in the hung state, recovery can be achieved by reloading the firmware image via a TFTP reload.

For an emergency fix, customers are required to contact Fortinet Customer Support to request an interim build of firmware with the correction applie.