FortiAnalyzer 7.0.0 - B&B Bezpieczeństwo w biznesie

Producent Fortinet udostępnił najnowszą aktualizację dla FortiAnalyzer, o numerze wersji 7.0.0. Dzięki nowej aktualizacji zostały skorygowane problemy z wcześniejszych wersji. Główne naprawy dotyczą raportów, gdzie błędy dotyczyły złego wyświetlania danych. W wersji 7.0.0, skorygowano błędne działanie FortiView, gdzie problem dotyczył błędnych właściwość łącza SD-WAN. Co więcej, poprawiono obsługiwanie urządzeń FortiADC. Po więcej informacji, zapraszam do dalszej części artykułu.

Aktualnie wspierane modele:

FortiAnalyzer

FAZ-150G, FAZ-300F, FAZ-300G, FAZ-400E, FAZ-800F, FAZ-1000F, FAZ-2000E,

FAZ-3000F, FAZ-3000G, FAZ-3500E, FAZ-3500F, FAZ-3500G, FAZ-3700F, FAZ-3900E

FortiAnalyzer VM

FAZ-VM64, FAZ-VM64-AWS, FAZ-VM64-Azure, FAZ-VM64-GCP, FAZ-VM64-HV (including Hyper-V 2016, 2019), FAZ-VM64-KVM, FAZ-VM64-OPC, FAZ-VM64-Xen (for both Citrix and Open Source Xen)

Rozwiązane problemy:

Device Manager

Bug ID	Description
521774	The Add and Delete function for unregistered devices are greyed out even when the root ADOM is locked.
523721	FortiAnalyzer should support FortiADC device type.
622649	When a FortiGate HA device is deleted, their log files are not deleted.
696853	When manually adding a device in FortiNAC ADOM, version v8.8 is not listed in the version option.

FortiSOC

Bug ID	Description
656293	FortiAnalyzer should automatically retrieve all software inventory after EMS connector is created.

FortiView

Bug ID	Description
668494	FortiView may not apply filter correctly for many of the entries.
668922	Selecting FortiGate in FortiView Traffic logs returns Invalid params: Cannot find device XXX under adom XXX.
670844	Resources Usage Peak shows higher bandwidth than real usage.
671620	FortiAnalyzer SD-WAN View is not showing correct SLA output and cannot filter on specific SLA.
673477	FortiView map may fail to display traffic.
674461	Within FortiView VPN logs, the Country Flags may be incorrect.
678250	FortiView may show error when drill-down IOC rescan details.
682485	Policy hit count may be shown as zero while there is traffic.
682657	FortiView may not be refreshed correctly after switching between ADOMs.
684131	Top Sources response may be slow when filtering by Policy ID.
684193	Secure SD-WAN Monitor should not send a request when device list fails to load.
690895	FortiView > Monitors > Secure SD-WAN Monitor > SD-WAN Rules Utilization widget may show No Data for some FortiGates.
691570	FortiAnalyzer may not be able to cancel IOC re-scan task.
692464	FortiAnalyzer may prompt XSS erro while retrieving IPS error log details.
692852	After upgrade, the Secure SD-WAN Monitor may show No Data for Performance, Jitter, Latency, or Packet loss widget.
702268	Loading the FortiView page may be very slow when the Source is set as FortiAnalyzer when accessing it from FortiGate.

Log View

Bug ID	Description
522202	FortiAnalyzer may not able to accept syslog from FortiVoice.
591272	Downloaded Logs files from Log View or browse are not in the correct CSV format.
600083	Endpoint Identification should always show the same user tied to the same session.
625306	Hiding column(s) in Log view may cause filters to reference to incorrect column.
638388	When two filters are defined and the first filter is removed, clicking on the remaining filter may incorrectly reference a removed filter.
639228	FortiAnalyzer needs to synchronize FortiClient 6.4.1 new log format changes for Value of Type, Sub-type, and Event Type.
643858	Actual analytics logs do not match what is observed in log view.
652076	Log view may take a long time to load with Custom Time Period.
672350	FortiAnalyzer should able to view the space in between the user name on Log View > Event > VPN > User column.
672763	Level Column is empty on GUI when switching to Real-time Log on a FortiAnalyzer ADOM.
690922	The event logs filter should only display logs from its own VDOM.

Others

Bug ID	Description
578907	The exec log-aggregate all should aggregate all log files without any error.
595696	The change of value for system.global.enc-algorithm is not applied to oftpd until a reboot.
610161	FortiAnalyzer may unexpectedly set Don’t Fragment flag with jumbo frame related packets in OFTP communications and in log forwarding.
621473	FortiSOC is missing in cloud-based VMs.
653646	When formatting disk, database server may fail to shut down.
656370	FortiAnalyzer SCP backup cannot be stopped.
665273	The diagnose system ntp status command may return error /bin/ntpq: read: Connection refused.
666940	ADOM Mode Information has outdated wording about Reduced operation.
673224	The `sqllogd` may keep crashing after upgrading FAZ-3700F secondary unit.
675273	FortiAnalyzer to add SFTP and port support for all export commands.
675930	When calling an API, FortiAnalyzer may not update the progress with correct percentage.
676103	Webhook Fabric Connector sends the wrong Sever Name Indication (SNI) in the TLSv1.2 Client Hello.
677494	FortiAnalyzer may return SQL query error when creating temporary table `blklst` during `ioc-rescan`. Workaround: Please set `ioc-rescan` days to less than database compression days.
678200	FortiAnalyzer may stop inserting logs using high CPU usage.
681884	HA synchronization may stall at a random percentage.
682997	FortiAnalyzer may show fmgd crash during boot up after upgrade.
687809	Log insert lag time may go above 5 hours on a properly sized FortiAnalyzer.
693161	When frequently accessing different pages, FortiAnalyzer’s GUI may become sluggish and pages may not transition.
696211	Secondary FortiAnalyzer accepts FTP connections after disabling FortiRecorder.
697654	FortiAnalyzer may return duplicated data within log view JSON response.
702140	The `disable-module` setting resets to default after reboot.

Reports

Bug ID	Description
547496	FortiAnalyzer generates a report for selected device with outputs for all devices.
624911	FortiAnalyzer may not be able to generate the SaaS Application Usage Reportwith Obfuscate User feature.
647868	After upgrade, all default reports and event handler list are lost.
662442	FortiAnalyzer should show report, template, chart library, and dataset under report section.
677060	Default Reports, Templates, Chart Library, Macro Library, or Datasets are missing on newly created ADOMs.
677109	Graphics may not be complete for FortiGate Performance Statistics Report.
695960	When accessing Throughout Utilization Billing Report, FortiAnalyzer may show a vertical line on the Interface Throughout Distribution chart when there is no interface data available.
704544	Application icons may not be displayed in report.

System Settings

Bug ID	Description
560895	FortiAnalyzer should separate the Admin profile setting for Log and SoC views.
580629	Chromebooks are unable to log to FortiAnalyzer if the admin has trusted hosts configured.
627683	The GB/day displayed in License Widget may not be correct.
631709	Email should be sent successfully from FortiAnalyzer with SMTPS TCP/465.
660798	Device Log Settings > Upload to FTP may not working correctly in collector-analyzer setup.
668067	NTPv3 enabled with authentication is not sending NTP client request with hardware platforms.
672633	FortiAnalyzer HA primary unit may stop log insertion when there is postgres UPDATE on IOC.
681321	Avatar may always synchronizing resulting in init sync cannot be finished.
681622	SMTP server password should not be limited to 63 characters.
689824	After upgrade, log filter setting may set to Equal to„for log forwarding.
691798	The secondary unit in FortiAnalyzer HA cluster may report HA cluster config-sync DOWN, cause=keepalive failure every couple of days.
708047	There may be multiple `devid`, `devname`, or `tz` columns when logs are forwarded in syslog.

Znane problemy do rozwiązania:

Device Manager

Bug ID	Description
639479	FortiGate v6.0 with sub-ca certificate may not be able to establish oftp connection with FortiAnalyzer without sub-ca certificate.

Event Management

Bug ID	Description
691220	Event handler may not be triggered correctly when there is more than one match.

FortiView

Bug ID	Description
579910	SOC should show AP SSIDs and clients from Event Logs when the Service Profile is in Bridge mode.
616675	Bandwidth may not match between FortiAnalyzer and FortiGate.
621453	FortiGate cannot get FortiClient’s vulnerability detail information from FortiAnalyzer.
626530	Bytes Sent/Received should match between Top Destinations and Policy Hit charts under FortiView when filtered by the same policy ID.
640553	FortiView monitor WiFi widget is not showing Bridged SSID information.
641596	FortiAnalyzer may show No Data in User Vulnerabilities Summary widget.
642837	If Sandbox detection only supports FortiGate in Fabric ADOM, there should be an indication on GUI.
663930	Ports status is not correct in Secure SD-WAN monitor and SD-WAN Performance status.
667076	FortiView Top Cloud Users may show „no entry found” message but there is a session graph shown.
683525	The return lines may be incorrect after adding filters to Top Website Categories.
683580	The Not operation may not work for advanced filter.
685452	The Not filer filter may not work properly.
688141	FortiAnalyzer should be able to apply multiple negative filters from the same type.
707480	Top Threats (FortiClient) may only display Threat level LOW and Allowed incidents.
708006	Monitors > Endpoints does not show all FortiClient endpoints in the logs.
711810	SSL Dialup IPSec connection count may not match with connection list.
713083	FortiAnalyzer may show a No Data message for the Worldwide Threat Prevalence chart.

Log View

Bug ID	Description
608139	Opening compressed FortiClient traffic file on FortiAnalyzer may cause other compressed FortiClient traffic logs to fail to open.
633393	Some IPS archive files do not contain whole Attack Context but only contain BODY that is part of Attack Context.
635598	FortiAnalyzer may not display Traffic Logs in Log View and return Web Server Error 500.
641013	After creating an ADOM for FortiMail, the ADOM is not visible on GUI and mail domain logs are not going to the default FortiMail ADOM.
653765	Some log files under Log Browse may contain a mix of event and traffic messages.
661094	In Log View, importing log may fail.
674027	Filtering FortiClient event logs with wildcard UID filter returns no data.
686924	Downloading CSV file contains tunnel-up and tunnel-down VPN logs from other devices that belong to different ADOMs.
704206	When filtering with Action and Source IP under the Traffic menu, the filter output may be incorrect with the combination of smart action with any other field.
711711	Log filter may show unfiltered values.

Others

Bug ID	Description
584105	The `/drive0/private/restapi/sync/fgt_intf_stat` location may use too many inodes.
616355	FortiGate may display „SSL error” or „OFTP error” when testing connectivity with FortiAnalyzer.
625343	FortiAnalyzer may consume high on I/O resources every hour by fazwatch.
632971	FortiAnalyzer should have the ability to query CPU utilization on individual CPU core.
700562	When creating a system admin user using JSON API, FortiAnalyzer may return an error: The data is invalid for selected url.
701753	SIEM database should be trimmed at the same time when quota enforcement occurs.

Reports

Bug ID	Description
628823	FortiAnalyzer is not generating all local Event logs for reports.
653207	FortiAnalyzer may have incorrect dataset queries without considering the direction field.
677090	Report filter may not work with devname.
683668	The FortiClient report is always empty after enabling device filter.
692097	Report sub-charts may not work after upgrade.

System Settings

Bug ID	Description
630654	Imported logs may not sync to slave.
634253	ADOMs may disappear randomly from ADOM configuration while editing it.
638380	FortiAnalyzer may accept invalid dashboard configurations which may break some widgets.
666767	When log forwarding is enabled, there may be logfwd crashes with high log rate.
669402	FortiAnalyzer may not time out admin session after many hours.
673591	FortiAnalyzer may return error, cfgerror:1, when editing and saving an admin user.

Notatki producenta: FortiAnalyzer 7.0.0

Pozdrawiamy,

Zespół B&B
Bezpieczeństwo w biznesie

Post Views: 3 532

7.0.0 FortiAnalyzer FortiAnalyzer 7.0.0