Fortinet opublikował aktualizacje dla FortiAnalyzer o oznaczeniu 6.4.4. Nowa wersja oprogramowania pozbawiła wiele błędów dotyczących FortiView. Jednym z głównych błędów wcześniejszej wersji były źle wyświetlane filtry wpisów jak i zarówno problemy z renderowaniem wykresów danych. Aktualizacja skorygowała utrudnienia z dziennikami wpisów, gdzie przy większym obciążeniu procesora mogły się nie generować. Po więcej informacji zapraszam do dalszej części artykułu.
Aktualnie wspierane modele:
| FortiAnalyzer | FAZ-200F, FAZ-300F, FAZ-400E, FAZ-800F, FAZ-1000E, FAZ-2000E, FAZ-3000E, FAZ-1000F, FAZ-3000F, FAZ3000G, FAZ-3500E, FAZ-3500F, FAZ-3500G, FAZ-3700F and FAZ-3900E. |
| FortiAnalyzer VM | FAZ-VM64, FAZ-VM64-Ali, FAZ-VM64-AWS, FAZ-VM64-AWS-OnDemand, FAZ-VM64-Azure, FAZ-VM64-GCP, FAZ-VM64-HV, FAZ-VM64-KVM, , FAZ-VM64-OPC, and FAZ-VM64-XEN (Citrix XenServer and Open Source Xen) |
Rozwiązane problemy:
FortiView
| Bug ID | Description |
|---|---|
| 616914 | Some graphs may not render data in FortiView. |
| 667745 | FortiView > Traffic > Top Sources may return a zero value for a time period of less than four hours. |
| 668494 | FortiView may not apply filter correctly for many of the entries. |
| 668922 | Selecting FortiGate in FortiView Traffic logs returns Invalid params: Cannot find device XXX under adom XXX. |
| 670844 | Resources Usage Peak shows higher bandwidth than real usage. |
| 673477 | FortiView map may fail to display traffic. |
| 674461 | Within FortiView VPN logs, the Country Flags may be incorrect. |
| 678250 | FortiView may show error when drill-down IOC rescan details. |
Log View
| Bug ID | Description |
|---|---|
| 522202 | FortiAnalyzer may not able to accept syslog from FortiVoice. |
| 591272 | Download Logs files from Log View or browse are not in the correct CSV format. |
| 638388 | When two filters are defined and the first filter is removed, clicking on the remaining filter may incorrectly reference the removed filter. |
| 639228 | FortiAnalyzer needs to synchronize FortiClient 6.4.1 new log format changes for Value of Type, Sub-type, and Event Type. |
| 643858 | Actual analytics logs do not match what is observed in log view. |
| 672350 | FortiAnalyzer should able to view the space in between the user name on Log View > Event > VPN > User column. |
| 672763 | Level Column is empty in GUI when switching to Real-time Log on a FortiAnalyzer ADOM. |
Others
| Bug ID | Description |
|---|---|
| 578907 | exec log-aggregate all should aggregate all log files without any error. |
| 610161 | FortiAnalyzer may unexpectedly set Don’t Fragment flag with jumbo frame related packets in OFTP communications and in log forwarding. |
| 621473 | FortiSOC is missing in cloud-based VMs. |
| 653646 | When formatting disk, database server may fail to shut down. |
| 665273 | The diagnose system ntp status command may return error /bin/ntpq: read: Connection refused. |
| 666940 | ADOM Mode Information has outdated wording about Reduced operation. |
| 673224 | The sqllogd may keep crashing after upgraded FAZ-3700F secondary unit. |
| 675273 | FortiAnalyzer to add SFTP and port support for all export commands. |
| 675930 | When calling an API, FortiAnalyzer may not update the progress with the correct percentage. |
| 676103 | Webhook Fabric Connector sends a wrong Sever Name Indication (SNI) in the TLSv1.2 Client Hello. |
| 678200 | FortiAnalyzer may stop inserting logs using high CPU usage. |
Reports
| Bug ID | Description |
|---|---|
| 547496 | FortiAnalyzer generates a report for the selected device with outputs for all devices. |
| 647868 | After upgrade, all default reports and event handler list are lost. |
| 662442 | FortiAnalyzer should show Report, Template, Chart Library, and Dataset under report section. |
| 677060 | Default Reports, Templates, Chart Library, Macro Library, or Datasets are missing on newly created ADOMs. |
| 677109 | Graphics may not be complete for FortiGate Performance Statistics Report. |
System Settings
| Bug ID | Description |
|---|---|
| 580629 | Chromebooks are unable to log to FortiAnalyzer if the admin has trusted hosts configured. |
| 627683 | The GB/day displayed in License Widget may not be correct. |
| 639102 | FortiAnalyzer may not applying Not equal to operator when Log Forwarding > Log Filter is configured via GUI. |
| 660798 | Device Log Settings > upload to FTP may not work correctly in collector-analyzer setup. |
| 668067 | NTPv3 enabled with authentication is not sending NTP client request with hardware platforms. |
| 672633 | FortiAnalyzer HA primary unit may stop log insertion when there is postgres UPDATE on IOC. |
| 681321 | Avatar may always be synchronizing resulting in init sync cannot be finished. |
Znane problemy:
Device Manager
| Bug ID | Description |
|---|---|
| 521774 | Add and delete function for unregistered devices are greyed out even when the root ADOM is locked. |
| 613115 | Device Manager View may show red icons for VDOMs even when the log is received. |
| 639479 | FortiGate v6.0 with sub-ca certificate may not be able to establish oftp connection with FortiAnalyzer without sub-ca certificate. |
FortiSOC
| Bug ID | Description |
|---|---|
| 668942 | A playbook running AV scan on endpoint may return error: failed results- can not find parameters for connector. |
Fabric View
| Bug ID | Description |
|---|---|
| 641596 | FortiAnalyzer may show No Data in User Vulnerabilities Summary widget. |
FortiView
| Bug ID | Description |
|---|---|
| 539298 | User may not see data on cloud application bytes in FortiView. |
| 579828 | There may be bandwidth discrepancy under FortiView > Application & websites > Top websites. |
| 616675 | Bandwidth may not match between FortiAnalyzer and FortiGate. |
| 621453 | ForiGate cannot get FortiClient’s vulnerability detail information from FortiAnalyzer. |
| 626530 | Bytes Sent/Received should match between Top Destinations and Policy Hit charts under FortiView when filtered by the same policy ID. |
| 633960 | Filter is empty in request when drill-down Top Applications(FortiClient) view to Log View. |
| 640553 | FortiView monitor WiFi widget is not showing Bridged SSID information. |
| 642837 | The GUI should indicate Sandbox detection only supports FortiGate in the Fabric ADOM. |
| 667076 | FortiView Top Cloud Users may show no entry found message but there is a session graph shown. |
Log View
| Bug ID | Description |
|---|---|
| 604850 | The remote IP for SSL-VPN is showing as IPsec Remote IP. |
| 608139 | Opening compressed FortiClient traffic file on FortiAnalyzer may cause other compressed FortiClient traffic logs fail to open. |
| 625306 | Hiding column(s) in Log view may cause filters to reference the wrong column. |
| 633393 | Some IPS archive files do not contain whole Attack Context but only contain „BODY” that is partially part of „Attack Context„. |
| 635598 | FortiAnalyzer may not display Traffic Logs in Log View and return Web Server Error 500. |
| 641013 | After creating an ADOM for FortiMail, the ADOM is not visible in the GUI and mail domain logs are not going to the default FortiMail ADOM. |
| 652076 | Log view may load forever with Custom Time Period. |
| 653765 | Some log files under Log Browse may contain a mix of event and traffic messages. |
| 661094 | In Log View, importing log may fail. |
| 674027 | Filtering FortiClient event logs with wildcard UID filter returns no data. |
Others
| Bug ID | Description |
|---|---|
| 595696 | The change of value for system.global.enc-algorithm is not applied to oftpd until a reboot. |
| 632971 | FortiAnalyzer should have the ability to query CPU utilization on individual CPU core. |
| 660810 | FortiAnalyzer-200F rebuild may get stuck and sqllogd may crash due to insufficient memory. |
| 616355 | FortiGate may display SSL error or OFTP error when testing connectivity with FortiAnalyzer. |
Reports
| Bug ID | Description |
|---|---|
| 624911 | FortiAnalyzer may not be able to generate the SaaS Application Usage Report with Obfuscate User feature. |
| 628823 | FortiAnalyzer is not generating all local Event logs for reports. |
System Settings
| Bug ID | Description |
|---|---|
| 626636 | The Allow button may now work in HA configuration page. |
| 629663 | Free text filter does not work when using (~) tilde sign on syslog ADOM for the msg field. |
| 630654 | Imported logs may not sync to slave. |
| 634253 | ADOMs may disappear randomly from ADOM configuration while editing it. |
| 653371 | CEF log forwarding start time does not match with event time. |
| 666767 | When log forwarding is enabled, there may be alogfwd crash with high log rate. |
| 668901 | After enabling Collector mode, FortiAnalyzer may not show FortiView. |
| 669402 | FortiAnalyzer may not time out admin a session after many hours. |
| 673591 | FortiAnalyzer may return error, cfgerror:1, when editing and saving an admin use |
Notatki producenta: FortiAnalyzer 6.4.4
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie