If you don't use SSL-VPN or the HTTP/HTTPS administrative interface on the WAN side, disable them.
config system auto-install show
In Fortinet’s ecosystem, FortiOS serves as the foundational operating system for FortiGate Next-Generation Firewalls (NGFWs). Within this OS, fgtsystemconf is an internal system configuration component or daemon responsible for managing, validating, and applying system-level configuration changes.
In late 2025 and early 2026, research and incident reports highlighted severe vulnerabilities affecting FortiOS, specifically in the areas of SAML (Security Assertion Markup Language) and authentication mechanisms. Attackers were exploiting these flaws to gain unauthorized access to FortiGate firewalls by bypassing 2FA/SSO protocols.
Ensure that administrative access (HTTPS and SSH) to the FortiGate GUI/CLI is completely disabled on external-facing (WAN) interfaces.
If you don't use SSL-VPN or the HTTP/HTTPS administrative interface on the WAN side, disable them.
config system auto-install show
In Fortinet’s ecosystem, FortiOS serves as the foundational operating system for FortiGate Next-Generation Firewalls (NGFWs). Within this OS, fgtsystemconf is an internal system configuration component or daemon responsible for managing, validating, and applying system-level configuration changes. fgtsystemconf patched
In late 2025 and early 2026, research and incident reports highlighted severe vulnerabilities affecting FortiOS, specifically in the areas of SAML (Security Assertion Markup Language) and authentication mechanisms. Attackers were exploiting these flaws to gain unauthorized access to FortiGate firewalls by bypassing 2FA/SSO protocols. If you don't use SSL-VPN or the HTTP/HTTPS
Ensure that administrative access (HTTPS and SSH) to the FortiGate GUI/CLI is completely disabled on external-facing (WAN) interfaces. fgtsystemconf patched