FYI,
if you are using FortiOS 4.x and a Fortimanager. When configuring application control on your FortiGate units you have the option to "Enable logging for undefined applications". Another possibility is to create a rule something like this:
- Category: All
- Application: All
- Action: Pass
- Log: Enable
I have found that creating a rule to log undefined applications can cause problems. When you use this second method rather than checking the "Enable logging ..." box the Fortigates will send an SNMP trap for EVERY detected application to the FortiManager. This leads to the SNMP daemon process on the FM using up all available memory and eventually crashing the FM box completely.
Fortinet is currently investigating this behaviour.
No comments:
Post a Comment