Producent oprogramowani Fortinet udostępnił najnowszą aktualizację dla FortiAnalyzer o oznaczeniu 6.4.8. Dzięki nowszej wersji zostały poprawione procesy dotyczące widżetów FortiView, które powodowały powolne działanie. Ponadto, naprawiono monitowanie łączy SD-WAN, gdzie problemy dotyczyły nieprawidłowych przepustowości. Od wersji 6.4.8 poprawiono integrację z oprogramowaniem FortiMail, skorygowano również uwierzytelnienie RADIUS. Zapraszam do dalszej części artykułu po więcej szczegółowych informacji.
|When FortiManager sends syslogs to FortiAnalyzer, the FortiManager device may appear twice as unauthenticated devices.
|FortiAnalyzer ha-member-auto-grouping may not work FortiGate HA devices.
|CSF cannot be formed when including FortiGate-6000 or FortiGate-7000 series as blades are not prompted on Device Manager.
|Device Manager may not show FortiGate Fabric members under the root Fabric tree.
|FortiAnalyzer may incorrectly detect FortiNAC firmware version.
|In some rare cases, only some fabric devices may appear in the fabric group tree.
|Selecting of the log group returns invalid params error under FortiSoC > Event Monitor >All Event.
|SOC should show AP SSIDs and clients from event logs when the service profile is in bridge mode.
|FortiView monitor WiFi widget is not showing bridged SSID information.
|FortiAnalyzer may not show rescan icon, and drill-down for rescan may show an empty page.
|FortiAnalyzer may not be able to cancel IOC re-scan task.
|Policy Name may not show up under FortiView > Traffic > Policy Hits > Policy Column for policies with name information.
|SD-WAN Monitor may show incorrect bandwidth.
|Top Cloud Applications may show 0 KB utilization under the Bandwidth column.
|FortiView widgets may take a very long time to load.
|FortiView Secure SD-WAN and Secure SD WAN report should display correct information for Health Checker’s packet loss.
|Monitor should be able to show values with faster response time.
|Exporting to report chart may fail for „Top Apps by Installs fails”.
|Adding filters and drilldown return an error, „Invalid params:” will show for chart or list for „Top Threats”.
|Some log files under Log Browse may contain a mix of event and traffic messages.
|FortiAnalyzer may lose sorting when clicking the header column in Log Browse.
|In Log View, importing log may fail.
|Filtering FortiClient event logs with wildcard „UID” filter returns no data.
|FortiAnalyzer may show duplicated entries when filtering real-time logs in Log View.
|oftpd may not work properly if many log requests are received at the same time.
|FortiAnalyzer may not handle many re-connection requests causing FortiGate devices log system event on disconnecting or connecting.
|ADOM archive should not be higher than the configured value.
|Bandwidth data from SD-WAN event logs may not be inserted.
|FortiAnalyzer may be showing two VDOMs, root and default, in Log Browse for FortiClient devices.
|FortiAnalyzer may stop receiving logs every day until it has been rebooted.
|FortiAnalyzer Log View filter vanishes after displayed log details and returns to the log page with filter.
|ForiGate may show, „Failed to get FAZ’s status. Authentication Failed. (-19)”, when the device has been authorized and sending logs to FortiAnalyzer.
|FortiAnalyzer should support more than 128 characters with the „from” and „to” log fields for FortiMail’s History logs.
|FortiAnalyzer may gradually stop to receiving logs due to leaks in receiving buffers.
|FortiAnalyzer shows improper subject field values for FortiMail logs and in log details when the log has Cyrillic symbols.
|FortiAnalyzer stops receiving logs randomly and CPU utilization by OFTPD spikes to 100%.
|The custom view should list all the used filters.
|Drilldown compromised host from FortiGate may not work.
|FortiAnalyzer should change login-max and docker-user-login-max range from 1-32 to 1-256.
|When using the operator „>=” for „Greater than or Equal to” in FortiAnalyzer CLI, it does not accept the syntax and throws an error.
|SNMPv3 engineBoots may not properly be initialized.
|SIEM database should be trimmed at the same time when quota enforcement occurs.
|When FortiAnalyzer is changed to Collector mode, siemdb should automatically stop working.
|The login interface may crash if user inputs pre-login banner text in encoding other than UTF-8.
|User with read-only permissions cannot get the list of ADOMs via JSON request.
|High CPU usage has been observed after firmware upgrade (v5.6.8 to v6.4.5).
|FortiAnalyzer requires a FortiGuard Indicators of Compromised license in order to see compromised hosts.
|The „diag dvm support list” does not have FrotiWeb v6.4.0 GA and FortiMail v7.0.0 GA.
|FortiAnalyzer HA may use high memory usage.
|Several extra ports are opened when scanning FortiAnalyzer HA cluster’s virtual IP.
|Fortilogd may not write logs for FortiGate-401E-DC.
|HMAC given in log-checksum md5-auth option does not match.
|There may be multiple siemdbd crashes on „redisAppendCommand”.
|Log disk usage may frequently reach 99% due to calculation on the siemdb size.
|There may no a lot of errors showing „could not read block 0 in file” in pgsvr.log.
|When rebuilding database on the FortiAnalyzer HA’s secondary unit, it may stuck at 1%.
|Under Microsoft Azure, FortiAnalyzer HA’s secondary IP does not move to new primary after HA failover.
|FortiAnalyzer may frequently send 'csf-check’ requests causing miglogd consuming 99% of the CPU resources.
|The sqllogd may take a long time to startup.
|Several old files on „/drive0/private” did not clean automatically.
|Disk I/O is at 100% with no log insertion due to a device is wrongly recognized as a cell phone with multiple IP addresses.
|Due to the FortiClient’s log upload, several OFTP long idle sessions have been observed.
|After exported report template from FortiAnalyzer 6.2 and imported the template to a later version, FortiAnalyzer may show an error, „Invalid Device or Vdom”.
|Running the default report User Detailed Browsing Log finishes successfully without displaying any data.
|GUI’s scrollbar shows up partially on Output Profile configuration.
|Template Secure SD-WAN Report may not show a graphic that includes both the SLA Name Object and WAN Interface fields.
|Cyber Threat Assessment should show IPS attack count 0 when there are no IPS logs.
|FortiAnalyzer may not time out admin a session after many hours.
|When creating a log forwarding entry, user should be able to select a FortiADC device from GUI.
|Syslog server can only send via UDP, and not TCP with TLS option configured.
|An existing log forwarding entry is gone after its status changed from On to Off.
|FortiAnalyzer HA cluster always uses VIP for log forwarding to server instead of another interface.
|When Device Manager’s permission is set at Read-Write and System Settings’ permission is set at Read-Only, SAML login user cannot create new or edit ADOM.
|RADIUS authentication using mschap2 may not work.
|FortiAnalyzer may show ADOM that stores logs that exceeds FortiAnalyzer log storage criteria.
|FortiAnalyzer should have time zone information for local logs.
|The forwarded CEF start time is different than the original timestamp of the log.
|Swap file size is restricted and can not be increased when storage is less than 1TB.
|Several FortiAnalyzer service and daemons crashed due to the swap file size restriction.
|Archive percentage should not exceed more than 100% of the disk space allocated.
|FortiAnalyzer’s GUI Login „Force to change password upon next log on” feature does not work.
Visit https://fortiguard.com/psirt for more information.
|FortiAnalyzer 6.4.8 is no longer vulnerable to the following CVE-Reference:
|FortiAnalzyer may take more than two minutes to show log details with Top threat view with two filters.
|When service is not in the log entry, filter based on negative service still should show related logs in the filtered result.
|FortiAnalyzer HA may randomly fail-over.
|FortiAnalyzer using Azure AD SAML SSO may show 'invalid_logout_response_error’ after logout.
Notatki producenta: FortiAnalyzer 6.4.8
Bezpieczeństwo w biznesie