Fortinet black logo

Security concerns

Copy Link
Copy Doc ID 067f5236-ca6d-11e9-8977-00505692583a:433308
Download PDF

Security concerns

Using the old IPSec tunneling method, packets can be routed anywhere by a FortiGate unit after decryption, which is a potential security issue. The fgfm protocol performs tunneling/detunneling exclusively in the fgfm daemon, sending packets to the FortiGate’s TUN device and no other network devices. Packets are unable to leak out of the FortiGate and incoming data is dropped if it cannot be delivered to daemons via the local stack.

Security concerns

Using the old IPSec tunneling method, packets can be routed anywhere by a FortiGate unit after decryption, which is a potential security issue. The fgfm protocol performs tunneling/detunneling exclusively in the fgfm daemon, sending packets to the FortiGate’s TUN device and no other network devices. Packets are unable to leak out of the FortiGate and incoming data is dropped if it cannot be delivered to daemons via the local stack.