The recommended resolution for all issues documented above is to upgrade to the version indicated below at your earliest convenience. * 17.2 Upgrade

If the NGFW has one or more Report application Report Users with Online Access enabled they are vulnerable.   To access this information: * As the NGFW administrator, log into the UI and navigate to the Reports application. The above picture shows the configuration panel for user access. The “reportuser@domain.com” user has “Online Access” checked, which is required in order to be vulnerable. Indicators of CompromiseAny compromise will reveal itself via the postgres user running a non-standard postgres process.   For example, an appropriate process list for running the postgres database will look like: # ps -u postgres -f UID         PID   PPID C STIME TTY         TIME CMD postgres 94057     1 0 Feb06 ?       00:00:00 /usr/lib/postgresql/13/bin/postgres -D /var/lib/postgresql/13/main -c config_file=/etc/postgresql/13/main/postgresql.conf postgres 94063 94057 0 Feb06 ?       00:00:02 postgres: 13/main: checkpointer postgres 94064 94057 0 Feb06 ?       00:00:00 postgres: 13/main: background writer postgres 94065 94057 0 Feb06 ?       00:00:12 postgres: 13/main: walwriter postgres 94066 94057 0 Feb06 ?       00:00:00 postgres: 13/main: autovacuum launcher postgres 94067 94057 0 Feb06 ?       00:00:01 postgres: 13/main: stats collector postgres 94068 94057 0 Feb06 ?       00:00:00 postgres: 13/main: logical replication launcher   Additional processes run by the postgres user indicating a potential compromise may look like: postgres 100172 100171 0 Feb06 pts/2   00:00:00 bash

For the Reports application, for all Reports Users, disable Online Access. To do this: * As the NGFW administrator, log into the UI and go to the Reports application. * For all users with the Online Access checkbox (red box) enabled, uncheck it. * Click Save.