Fortinet publikuje nową wersję oprogramowania dla produktu FortiAnalyzer ! W nowej wersji – 6.0.5 naprawiono głównie błędy napotykane przy próbie wyświetlenia logów określonych przez filtry zastosowane przez administratora. Fortinet naprawił również błąd który uniemożliwiał wyświetlenie logów w zakładce Log View po zaimportowaniu logów z poziomu CLI. Naprawiono również event handler odpowiadający za wykrycie ponownego uruchomienia się urządzenia FortiAnalyzer i powiadomienia o tym administratora. Producent załatał wiele dziur i błędów w działaniu aplikacji o czym możemy przeczytać w notatkach udostępnionych przez Fortinet. Zachęcamy do lektury jak i do aktualizacji urządzeń!
Rozwiązane problemy:
| Bug ID | Description |
|---|---|
| 530217 | When the time zone on the FortiGate is (GMT +5:00) Ekaterinburg, dtime in the FortiAnalyzer database is one hour ahead. |
| 531343 | Incorrect source IP is shown when unmasking a username. |
| 531481 | FortiAnalyzer log files may not be decompressed and inserted into the database. |
| 534096 | Current page’s log messages should be downloaded, if the download option Current Page is checked. |
| 534783 | Normal search with multiple values should highlight all search values used in the filter. |
| 534896 | FortiView > Traffic > Policy Hits shows duplicate policy IDs since different policy types can have the same ID. |
| 537076 | FortiAnalyzer does not delete quarantined file automatically. |
| 537535 | FortiView intermittently displays a no data message when trying to filter out data. |
| 538139 | There is no local event logs for adding, editing, or deleting subnet entries. |
| 540397 | In Fabric ADOM, subnet list should validate all fields instead of only the srcip and dstip fields. |
| 540766 | The new HA master cannot receive logs after HA failover on Azure. |
| 541249 | The diagnose test application oftpd 3 command occasionally causes FortiAnalyzer to freeze. |
| 541346 | In Fabric ADOM, if handler is for non-FortiGate devices, drill-down an event is not properly displayed. |
| 542176 | The get system performance command should differentiate RAM and Swap for memory statistics. |
| 542286 | HA cannot work on unicast mode when members are located in different subnets. |
| 542475 | FortiView > Traffic > Policy Hits shows a mix of policy name and policy ID. |
| 542606 | Local device event alerts should not be synchronize from HA Master to Slave. |
| 542607 | Drill-down “Applications & Websites” – “Top Web Sites(FortiClient)” always shows “No entry found”. |
| 543623 | UEBA pop-up cannot show epname when endpoint is set with group by. |
| 544064 | The firewall sessions chart should be a bar chart classified by devices in the FortiCare 360 report. |
| 544071 | Network Interface Availability Faults Over Time Chart should be classified by devices in the FortiCare 360 report. |
| 544197 | VDOM name may be missing a digit when adding a device with a long name. |
| 544816 | Event handler Local Device Event does not detect FortiAnalyzer reboot event or trigger an alert Email. |
| 546067 | FortiRecorder should display disk usage information for FortiRecorder in the Camera Manager page. |
| 546990 | Log files cannot be seen in the Log View for a long time after the files are imported from CLI. |
| 547583 | After cleared filter in FortiView, GUI still sends query with the filter and Log View still shows filtered logs. |
| 548112 | After enabled resolving IP address, FortiView is not showing hostname on the column “Destination” in “Top Destinations” table. |
| 548201 | Under FortiView, it is missing the column “# of Clients” in the “Top Applications” table chart. |
| 548245 | SAML configuration is not synchronized from Master to Slave. |
| 548826 | In SOC Monitor, FortiAnalyzer cannot show Sandbox Execution Details clearly in Night/Ocean theme. |
| 548974 | Under FortiView, policy-info is updated when moving FortiGate to a different ADOM. |
| 549243 | In “Top SSID” drill-down view, it cannot show related logs for a WiFi client. |
| 549245 | When camera wire-mode is changed from DHCP to Static, the gateway IP is always missing resulting in camera status error. |
| 549343 | The SOC period should be hidden or disable on the Compromised Host for FortiView. |
| 549459 | FortiCam network setting to TCP/HTTP results in connection error or network unreachable. |
| 549481 | Export to report chart from drill down panel in NOC fails. |
| 549548 | In FortiGate ADOM, widget count is not correct for some widget categories in Add Widget. |
| 549718 | Log Browse File Name cannot be filtered due to quotation marks. |
| 549739 | After upgrade, widgets displayed size are not scale with the content. |
| 550068 | FortiView drill-down to log view with unauthuser shows no result. |
| 550113 | In SOC widget “Security Rating report”, it cannot select Region and Industry and it is shown as undefined. |
| 550136 | Advanced options are not able to be edited in an existing fabric connector – Storage. |
| 550276 | First time adding a new camera always shows unexpected MAC address. |
| 550544 | When manually adding device, FortiWeb is missing v6.1 and FortiAuthenticator is missing v6.0. |
| 550570 | IOC drill-down view shows incorrect “last detect” time. |
| 550663 | Exporting chart from FortiView main view “Top Country/Region” has an additional line, “Reserved”. |
| 550894 | Quickly switching from “Top Threat” to “Top Application” leads to SQL query error. |
| 550933 | Authorized FortiCarrier device does not shows up in the Fabric ADOM’s FortiGate device drop-down list. |
| 551125 | When setting Event Handler with filter threshold over 25, FortiAnalyzer may not display any event. |
| 551243 | In Fabric ADOM, View Related Logs in the FortiDDoS widget re-directs to an inaccurate page in Log View. |
| 527616, 537201 | FortiAnalyzer may stop accepting logs and require manual restarting of the OFTPD process. |
Znane problemy do rozwiązania:
| Bug ID | Description |
|---|---|
| 542774 | Upgrading from 5.2 to 5.6 may break Log aggregation if password contains the special character ($). |
| 542933 | FortiView may not search logs for the time entered in custom time. |
| 543259 | Error checking should prevent administrator from being able to incorrectly configure log forwarding with same IP address of FortiAnalyzer. |
| 545197 | Device Manager’s log rate may be displayed incorrectly for a FortiGate HA cluster. |
| 548872 | FortiAnalyzer Report Cover Page footer display set to transparent may not work the same way as previous releases. |
| 550116 | FortiAnalyzer may intermittently not sending reports to Email as per the configured schedule. |
| 552067 | FortiAnalyzer may show the error, “authorization failed for restapi request OFTP_RESTAPI_GENERIC_REQ”, in the event log. |
| 552613 | There may not be abnormal behavior using the space character in Advanced Search field. |
| 553495 | FortiAnalyzer may show Web Server 404 Error when trying to download a report. |
| 554201 | FortiAnalyzer may not be able to import reports when creating re-creating an ADOM with the same name. |
| 554345 | System may generate the error message, “Did not receive any log from device <device-name> in xxxx minute for device changed standalone to ha”. |
| 554480 | GDPR user can open the log browse and the Source columns are not masked within the log file. |
| 554890 | Syslog forward as syslog reliable miss end delimiter (0x0a) between logs. |
| 555907 | FortiAnalyzer may not successfully run all scheduled reports. |
| 556106 | FortiGate ADOM should not access the blocked websites statistic from non-FortiGate devices. |
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie