Follow

How can I temporarily disable the ThreatSTOP service

To temporarily disable the ThreatSTOP service, complete the following steps.

  1. Turn off the crontab jobs
  2. Remove the ThreatSTOP rule from the interfaces

Turn off the crontab jobs.

  1. Log into ThreatSTOP appliance via ssh or and run 

      crontab -e

The output will look similar to

Add a pound / hash sign (#) in front of the /home/threatstop/ts-fortinet/ts-fort.pl so it looks like

 
This will prevent the ThreatSTOP appliance from updating your policy and pushing it to the FortiNet device. 


Then run the command
      sudo crontab -e
To update the root cronjob that uploads the log file. The output will look similar to
 
Add a pound / hash sign (#) in front of the  perl -e'exec q(/usr/sbin/logrotate -f /etc/logrotate.d/remotes.log) if (stat q(/var/log/remotes.log))[7]>100000;' so it looks like

 

This will prevent the ThreatSTOP appliance from  uploading logs to our system.

 

Remove the ThreatSTOP rules from the interfaces.

 

  1. Log into your ForiNet via https and go to Policy & Objects >> Policy >> IPv4 to bring up the current rules

 

For each ThreatSTOP rule, right-click on the sequence number and select disable

 


Back to Top

Was this article helpful?
0 out of 0 found this helpful

Comments