Fortinet urges admins to patch bug with public exploit immediately

To reduce this vulnerability, You can remove the public access of HTTPS from WAN port. along with use custom port for WAN access.

Use SSL-VPN  for HTTP access,.

Use MAC based Authentication for SSL-VPN user, Where Firewall authenticate User's Device MAC address before connecting to Firewall it adds one more security layer in your Network.

After Creating the SSL VPN

config vpn ssl web portal edit full-access set mac-addr-check enable end

2 things required for user to get verified by fortinet 1: Username 2. MAC address of the device  Like this format: 00:00:00:00:00:00

config vpn ssl web portal edit full-access config mac-addr-check-rule edit Username set mac-addr-list 00:00:00:00:00:00 set mac-addr-mask 48 end

Need to Add this device in given format for each user

Use Command

Contact US for mac based authentication.

Warm Thanks, Weindians Team