Has anyone seen this error message from FortiGate?
Hi I am new here. I just started using Atera and gathering information for my clients. But my FortiGate is having issues with the scanning.
I am getting this error when my Network discovery is active:
The following intrusion was observed: "Java.Debug.Wire.Protocol.Insecure.Configuration".
Comments
-
@michelle It seems like your FortiGate firewall has detected the network scanning activity from Atera as potentially malicious, specifically identifying it as "Java.Debug.Wire.Protocol.Insecure.Configuration". This intrusion detection could be due to Atera using the Java Debug Wire Protocol (JDWP) for network discovery, which may be flagged as insecure by FortiGate.
To resolve this issue, you can follow these steps:
- Verify that the network scanning activity is indeed coming from Atera and not from any other potentially malicious source. You can do this by checking the source IP address and comparing it with your Atera server or agent IP address.
- If you have confirmed that the network scanning activity is from Atera, you can create an exception in your FortiGate firewall to allow the traffic. To do this, you'll need to create a custom intrusion prevention system (IPS) signature that will exclude this specific activity. Follow these steps:
- a. Log in to your FortiGate web-based manager.
- b. Go to Security Profiles > Intrusion Prevention.
- c. Click on "Custom Signatures".
- d. Click on "Create New" and enter the required information:
- Signature Name: Provide a descriptive name, like "Atera_JDWP_Exception".
- Signature Type: Select "Custom".
- Target: Choose the appropriate target, such as "anomaly".
- Protocol: Select "TCP".
- Pattern: Enter the specific pattern that identifies the Atera network scanning activity. You can find this in the intrusion detection log or reach out to Atera support for more information.
- e. Save the custom signature.
- After creating the custom IPS signature, you'll need to apply it to the appropriate security policy that governs the traffic between Atera and your clients' networks. To do this:
- a. Go to Policy & Objects > IPv4 Policy.
- b. Locate the security policy that controls the traffic between Atera and your clients' networks.
- c. Edit the policy and scroll down to the "Security Profiles" section.
- d. Enable "IPS" and select the IPS profile containing the custom signature you created earlier.
- e. Save the policy.
By following these steps, you should be able to allow Atera's network scanning activity without triggering the intrusion detection system in your FortiGate firewall. If you continue to experience issues, consider reaching out to Atera and FortiGate support for further assistance.
4 -
Thank you so much for your reply. I will try that and let you know what happens!
2
Topics
- All Topics
- 31 Getting started
- 20 Read before posting
- 7 Meet and greet
- 156 General
- 42 News and announcements
- 40 Resources
- 7 Knowledge Base
- 7 Webinars
- 1 Shared Script Library
- Blog
- 4 Pro Tips
- 21 Got an idea?
- 93 Remote Monitoring and Management
- 67 Remote Monitoring
- 18 Patch Management
- 64 Professional Services Automation
- 42 Helpdesk
- 7 Billing
- 14 Reporting
- 25 Integrations & add-ons
- 16 Integrations
- 6 Add-ons
- 69 Scripting and automations
- 43 Scripts
- 22 Automations