Fortinet opublikował nową wersję oprogramowania dla produktu FortiAnalyzer! Nowa wersja oprogramowania pozbawiona jest błędów które powodowały między innymi losowe zawieszanie się urządzenia/maszyny wirtualnej, wysokie zużycie procesora podczas przeglądania logów z poziomu FortiGate czy wyświetlanie niepoprawnych danych podczas próby wyszukania logów z użyciem filtrów Source oraz User. Jeśli korzystacie ze starszych wersji firmware’u przeprowadźcie aktualizację Waszych urządzeń bądź maszyn wirtualnych!
Rozwiązane problemy w FortiAnalyzer 6.2.5:
Device Manager
| Bug ID | Description |
|---|---|
| 296528 | Sorting with Device Manager’s Log Status column may not work properly. |
| 496394 | Users may not be able to delete a VDOM from GUI or API. |
| 589646 | FortiAnalyzer should be able to add FortiProxy device with firmware version 1.2. |
| 596832 | FortiGate Cluster is removed from log forwarding on failover when FortiAnalyzer is managed by a FortiManager. |
FortiView
| Bug ID | Description |
|---|---|
| 562834 | On FortiView > Top Sources, FortiAnalyzer displays incorrect data when trying to filter logs with Source and User. |
| 593374 | Exported PDF should take into consideration how data is sorted. |
| 595657 | Drill-down Panel for Resource Usage in SOC > FortiView may get stuck at loading. |
| 602387 | FortiAnalyzer may use high CPU resources when viewing logs from FortiGate. |
Log View
| Bug ID | Description |
|---|---|
| 542933 | FortiView does not search logs for the time entered in custom time. |
| 550523 | Downloading logs from Log View randomly fails. |
| 596232 | JSON API 3.0 logfiles/data returns adom privilege limit error if the device is slave. |
| 608652 | Event alert logs cannot be inserted into database successfully on HA master unit. |
Others
| Bug ID | Description |
|---|---|
| 628352 | FortiAnalyzer log-integrity check may fail. |
| 508597 | FortiAnalyzer with no devices may occupy high CPU resources by sqllogd. |
| 529711 | FortiAnalyzer may connect to map server and GeoIP server directly even when web-proxy is enabled. |
| 551198 | The command, execute restore reports-config, may not run correctly. |
| 562540 | FortiAnalyzer’s diagnostic report should also include IO statistics. |
| 568326 | oftpd may keep crashing for several times a day. |
| 569707 | Device may hang and lose accessibility, including console. |
| 590630 | Backing up all ADOM logs via FTP may stop with no error printed. |
| 591594 | snmpd may frequently crash. |
| 592593 | FortiAnalyzer may update ADOM disk allocation or create ADOM without any checks when request is made via JSON API. |
| 596192 | FortiAnalyzer may return incorrect value for SNMP MIB sysObjectID. |
| 596252 | The clusterd daemon may consume high CPU resource. |
| 597093 | MIB file for FortiAnalyzer should not contain duplicated object ID. |
| 601093 | After upgrade, FortiManager may not receive logs from one FortiGate cluster that is running FortiOS 6.0. |
| 617456 | Disk space may be different between execute lvm info and other commands. |
Reports
| Bug ID | Description |
|---|---|
| 557388 | There are discrepancies in Bandwidth and Applications Report for predefined datasets on the same report time period. |
| 588590 | FortiAnalyzer should print detailed message when importing report fails. |
| 599987 | Reports may not synchronize across HA pair. |
| 608819 | Report’s hcache cannot be used on scheduled report when running on specific device. |
System Settings
| Bug ID | Description |
|---|---|
| 533885 | Unnecessary message is popped up when deleting a fabric ADOM. |
| 594693 | FortiAnalyzer may show many messages on Alert Console: re-obtained table size for FGTADOM1391-Elog-1553532000 size=8192. |
| 600639 | FortiAnalyzer may not be able to move a VDOM with long name from the Root ADOM to another ADOM. |
| 603346 | FortiAnalyzer should not allow user to set to 0 day for data retention policy. |
| 612328 | When there are overlapping trust hosts, the incorrect IP and subnet might be used in the IP table. |
Common Vulnerabilities and Exposures
Visit https://fortiguard.com/psirt for more information.
| Bug ID | CVE references |
|---|---|
| 511903 | FortiAnalyzer 6.2.4 is no longer vulnerable to the following CVE-Reference(s):
* CVE-2004-0230 |
Znane problemy do rozwiązania w FortiAnalyzer 6.2.5:
Device Manager
| Bug ID | Description |
|---|---|
| 192706 | After FortiAnalyzer added a VDOM, there is no method to disable VDOM mode. |
| 545264 | FortiAnalyzer may not show Device Lists. |
FortiView
| Bug ID | Description |
|---|---|
| 534761 | FortiAnalyzer is missing threat entries in FortiView > Top Threats. |
| 542607 | Drilldown Applications & Websites > Top Web Sites(FortiClient) always shows No entry found. |
| 590775 | FortiAnalyzer should hide Device and Time Frame selection in FortiView Threat Map. |
| 611019 | Filter is not working when drilling down from Top Threats. |
| 612361 | Compromised hosts do not show IP for hostname resolution. |
| 621271 | FortiAnalyzer may show incorrect session duration under SOC > Dial-up > drill down table. |
Log View
| Bug ID | Description |
|---|---|
| 559466 | IOC drill-down may not show log data. |
| 579871 | Restoration of logs does not indicate correct timestamps under log browse after an NTP out of sync event. |
| 596229 | Log Filter should allow to choose and filter „DNS” log type when Log Forwarding is enabled. |
| 597824 | Base64 encoded filename within archived logs sent by FortiSandbox is not decoded on FortiAnalyzer. |
| 608139 | Opening compressed FortiClient traffic file on FortiAnalyzer may cause other compressed FortiClient traffic logs fail to open. |
Others
| Bug ID | Description |
|---|---|
| 587489 | Analytic data may be removed due to high disk usage. |
| 601383 | FortiAnalyzer may become unresponsive when source IPs change often for all endpoints due to DHCP. |
| 602774 | „execute backup logs” may trim the device list output if more than 4096 characters. |
| 617669 | File parser may keep crashing every few minutes. |
Reports
| Bug ID | Description |
|---|---|
| 547496 | FortiAnalyzer generates a report for selected device with outputs for all devices. |
| 553495 | FortiAnalyzer may prompt Web Server 404 Error when trying to download Report with 100,000 lines. |
| 595715 | Modified output profile may not take effect for Email generated report. |
System Settings
| Bug ID | Description |
|---|---|
| 593588 | GUI should not allow creating a Local Certificate with Certificate Name containing more than 35 characters. |
| 602422 | Test User credentials fail when using RADIUS MSCHAPv2 as authentication type. |
FortiAnalyzer 6.2.2 – notatki producenta
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie