Ran into a wonderful situation yesterday on a Fortinet Fortigate 100C where, every hour on the half hour the internet traffic would cease passing through the router.
The solution was to reboot the firewall.
Turns out, there was a bug in the 4.2 firmware (4.0 build 0272) with the NIDS signature. I believe it was triggered when our Trend Micro Worry Free Business Security Advanced server would try to update (hence the every hour on the half hour).
This was diagnosed via the CLI command:
Diag Sys Top 1
Let that run for a few seconds, then hit CTRL-C to stop.
IPSEngine was using 90+ % CPU (the first decimal number in the 2nd to last column is CPU usage, the last is memory usage)
Fortinet support sent me the newer NIDS signature manually, which should be automatic later today.
I have long been involved with Microsoft’s Small Business Server, installing and maintaining many such networks for my clients.
Initially I bit on the ISA Server bandwagon, bought and read the 800 page “bible” and tried to make it work. Yes, it works, but as I have said before, security and Microsoft in the same sentence is a bit of an oxymoron. I decided to dump ISA Server years ago when, for no good reason, HTTP or HTTPS would stop passing through the server and users called to complain that the internet was down.
Turns out, stopping and restarting 4 or 5 services fixed it every time. But why? ISA Server was way too tough and provided nothing we needed that wasn’t being provided by a good hardware firewall. I started doing away with ISA Server and installing Fortinet Fortigate 60’s (or above) on all of my networks.
I never looked back. That was one of the best decisions I ever made for securing my clients’ networks and I picked up secure IPSec VPNs and Anti-Virus/Intrusion detection at the hardware perimeter level besides.
Some of my peers who have Microsoft’s PR line running through their veins would fight me on this every time. But guess what? Microsoft SBS 2008 is shipping without ISA Server. And now I see Harry Brelsford is hurriedly hawking Untangle as the replacement.
Guess what, Harry, I’m way ahead of you. Half a decade at least.
But here’s another point. Why so anxious to upgrade to Small Business Server 2008 if SBS 2003 is doing everything you need?
Only two reasons I can think of are 1) keep putting money in Microsoft’s pocket and 2) keep putting money in consultant’s pockets. I’ve have enough work thankfully, I don’t like milking clients.
And you know what? Clients don’t like being milked either (or being guinea pigs for the latest software, I might add).