FortiGate Firewall Zombie
what is fortigate zombie - Zombie (computing) - Zombie virus
zombie" in computer security



Zombie Firewall

zombie . ( DOS). "" . . DDoS " " .

In computing, a zombie is a computer connected to the Internet that has been compromised by a hacker, computer virus or trojan horse program and can be used to perform malicious tasks of one sort or another under remote direction. Botnets of zombie computers are often used to spread e-mail spam and launch denial-of-service attacks (DOS attacks). Most owners of "zombie" computers are unaware that their system is being used in this way. Because the owner tends to be unaware, these computers are metaphorically compared to fictional zombies. A coordinated DDoS attack by multiple botnet machines also resembles a "zombie horde attack", as depicted in fictional zombie films.



. Zombies . .

: . .
: .

A zombie is a computer or device infected with malware that is controlled remotely by a hacker. Zombies may be used to launch online attacks or send spam or phishing emails to infect other devices. A large group of these zombies is known as a botnet.

How to Recognize This Threat: The primary sign of zombie computers is especially slow performance. They can also be turned on remotely by the hacker controlling them, so computers running more than normal may be another signal.

How to Prevent This Threat: Avoid downloading files youre unsure of, and keep your network protected from online threats with a firewall thats outfitted with email and web security.

Fortigate Zombie



This line shows that all the CPU is used up by system processes. Normally this should not happen as it shows the FortiGate is overloaded for some reason. If you see this overloading, you should investigate farther as its possible a process, such as scanunitid, is using all the resources to scan traffic, in which case you need to reduce the amount of traffic being scanned by blocking unwanted protocols, configuring more security policies to limit scanning to certain protocols, or similar actions. It is also possible that a hacker has gained access to your network and is overloading it with malicious activity such as running a spam server or using zombie PCs to attack other networks on the Internet. You can get additional CPU related information with the CLI command get system performance top. This command shows you all the top processes running on the FortiGate unit (names on the left) and their CPU usage. If a process is using most of the CPU cycles, investigate it to determine if its normal activity.


The second line of output from get system performance status shows the memory usage. Memory usage should not exceed 90 percent. If memory is too full, some processes will not be able to function properly. For example, if the system is running low on memory, antivirus scanning will go into failopen mode where it will start dropping connections or bypass the antivirus system.
The other lines of output, such as average network usage, average session setup rate, viruses caught, and IPS attacks blocked can also help you determine why system resource usage it high. For example, if network usage is high it will result in high traffic processing on the FortiGate, or if the session setup rate is very low or zero the proxy may be overloaded and not able to do its job.

:
https://en.wikipedia.org/wiki/Zombie_(computing)
https://help.fortinet.com/fos50hlp/5..._questions.htm