To temporarily disable the ThreatSTOP service, complete the following steps.
Turn off the crontab jobs.
- Log into ThreatSTOP appliance via ssh or and run
crontab -e
The output will look similar to
Add a pound / hash sign (#) in front of the /home/threatstop/ts-fortinet/ts-fort.pl so it looks like
This will prevent the ThreatSTOP appliance from updating your policy and pushing it to the FortiNet device.
Then run the command
sudo crontab -e
To update the root cronjob that uploads the log file. The output will look similar to
Add a pound / hash sign (#) in front of the perl -e'exec q(/usr/sbin/logrotate -f /etc/logrotate.d/remotes.log) if (stat q(/var/log/remotes.log))[7]>100000;' so it looks like
This will prevent the ThreatSTOP appliance from uploading logs to our system.
Remove the ThreatSTOP rules from the interfaces.
- Log into your ForiNet via https and go to Policy & Objects >> Policy >> IPv4 to bring up the current rules
For each ThreatSTOP rule, right-click on the sequence number and select disable
Comments