Has anyone seen this error message from FortiGate?

michelle
michelle Member Posts: 3
edited May 2023 in Integrations & add-ons

Hi I am new here. I just started using Atera and gathering information for my clients. But my FortiGate is having issues with the scanning.

I am getting this error when my Network discovery is active:

The following intrusion was observed: "Java.Debug.Wire.Protocol.Insecure.Configuration".

Comments

  • tanderson
    tanderson Member Posts: 279 ✭✭✭✭

    @michelle It seems like your FortiGate firewall has detected the network scanning activity from Atera as potentially malicious, specifically identifying it as "Java.Debug.Wire.Protocol.Insecure.Configuration". This intrusion detection could be due to Atera using the Java Debug Wire Protocol (JDWP) for network discovery, which may be flagged as insecure by FortiGate.

    To resolve this issue, you can follow these steps:

    1. Verify that the network scanning activity is indeed coming from Atera and not from any other potentially malicious source. You can do this by checking the source IP address and comparing it with your Atera server or agent IP address.
    2. If you have confirmed that the network scanning activity is from Atera, you can create an exception in your FortiGate firewall to allow the traffic. To do this, you'll need to create a custom intrusion prevention system (IPS) signature that will exclude this specific activity. Follow these steps:
    3. a. Log in to your FortiGate web-based manager.
    4. b. Go to Security Profiles > Intrusion Prevention.
    5. c. Click on "Custom Signatures".
    6. d. Click on "Create New" and enter the required information:
      • Signature Name: Provide a descriptive name, like "Atera_JDWP_Exception".
      • Signature Type: Select "Custom".
      • Target: Choose the appropriate target, such as "anomaly".
      • Protocol: Select "TCP".
      • Pattern: Enter the specific pattern that identifies the Atera network scanning activity. You can find this in the intrusion detection log or reach out to Atera support for more information.
      • e. Save the custom signature.
    7. After creating the custom IPS signature, you'll need to apply it to the appropriate security policy that governs the traffic between Atera and your clients' networks. To do this:
    8. a. Go to Policy & Objects > IPv4 Policy.
    9. b. Locate the security policy that controls the traffic between Atera and your clients' networks.
    10. c. Edit the policy and scroll down to the "Security Profiles" section.
    11. d. Enable "IPS" and select the IPS profile containing the custom signature you created earlier.
    12. e. Save the policy.

    By following these steps, you should be able to allow Atera's network scanning activity without triggering the intrusion detection system in your FortiGate firewall. If you continue to experience issues, consider reaching out to Atera and FortiGate support for further assistance.

  • michelle
    michelle Member Posts: 3

    Thank you so much for your reply. I will try that and let you know what happens!

  • tanderson
    tanderson Member Posts: 279 ✭✭✭✭

    @michelle Did this end up working for you?

  • nina
    nina Internal Posts: 428 ✭✭✭✭✭

    Hi @michelle - did it?! :)