Producent Fortinet udostępnił najnowszą aktualizację dla FortiAnalyzer, o numerze wersji 7.0.0. Dzięki nowej aktualizacji zostały skorygowane problemy z wcześniejszych wersji. Główne naprawy dotyczą raportów, gdzie błędy dotyczyły złego wyświetlania danych. W wersji 7.0.0, skorygowano błędne działanie FortiView, gdzie problem dotyczył błędnych właściwość łącza SD-WAN. Co więcej, poprawiono obsługiwanie urządzeń FortiADC. Po więcej informacji, zapraszam do dalszej części artykułu.
Aktualnie wspierane modele:
|FAZ-150G, FAZ-300F, FAZ-300G, FAZ-400E, FAZ-800F, FAZ-1000F, FAZ-2000E,
FAZ-3000F, FAZ-3000G, FAZ-3500E, FAZ-3500F, FAZ-3500G, FAZ-3700F, FAZ-3900E
|FAZ-VM64, FAZ-VM64-AWS, FAZ-VM64-Azure, FAZ-VM64-GCP, FAZ-VM64-HV (including Hyper-V 2016, 2019), FAZ-VM64-KVM, FAZ-VM64-OPC, FAZ-VM64-Xen (for both Citrix and Open Source Xen)
|The Add and Delete function for unregistered devices are greyed out even when the root ADOM is locked.
|FortiAnalyzer should support FortiADC device type.
|When a FortiGate HA device is deleted, their log files are not deleted.
|When manually adding a device in FortiNAC ADOM, version v8.8 is not listed in the version option.
|FortiAnalyzer should automatically retrieve all software inventory after EMS connector is created.
|FortiView may not apply filter correctly for many of the entries.
|Selecting FortiGate in FortiView Traffic logs returns Invalid params: Cannot find device XXX under adom XXX.
|Resources Usage Peak shows higher bandwidth than real usage.
|FortiAnalyzer SD-WAN View is not showing correct SLA output and cannot filter on specific SLA.
|FortiView map may fail to display traffic.
|Within FortiView VPN logs, the Country Flags may be incorrect.
|FortiView may show error when drill-down IOC rescan details.
|Policy hit count may be shown as zero while there is traffic.
|FortiView may not be refreshed correctly after switching between ADOMs.
|Top Sources response may be slow when filtering by Policy ID.
|Secure SD-WAN Monitor should not send a request when device list fails to load.
|FortiView > Monitors > Secure SD-WAN Monitor > SD-WAN Rules Utilization widget may show No Data for some FortiGates.
|FortiAnalyzer may not be able to cancel IOC re-scan task.
|FortiAnalyzer may prompt XSS erro while retrieving IPS error log details.
|After upgrade, the Secure SD-WAN Monitor may show No Data for Performance, Jitter, Latency, or Packet loss widget.
|Loading the FortiView page may be very slow when the Source is set as FortiAnalyzer when accessing it from FortiGate.
|FortiAnalyzer may not able to accept syslog from FortiVoice.
|Downloaded Logs files from Log View or browse are not in the correct CSV format.
|Endpoint Identification should always show the same user tied to the same session.
|Hiding column(s) in Log view may cause filters to reference to incorrect column.
|When two filters are defined and the first filter is removed, clicking on the remaining filter may incorrectly reference a removed filter.
|FortiAnalyzer needs to synchronize FortiClient 6.4.1 new log format changes for Value of Type, Sub-type, and Event Type.
|Actual analytics logs do not match what is observed in log view.
|Log view may take a long time to load with Custom Time Period.
|FortiAnalyzer should able to view the space in between the user name on Log View > Event > VPN > User column.
|Level Column is empty on GUI when switching to Real-time Log on a FortiAnalyzer ADOM.
|The event logs filter should only display logs from its own VDOM.
|The exec log-aggregate all should aggregate all log files without any error.
|The change of value for system.global.enc-algorithm is not applied to oftpd until a reboot.
|FortiAnalyzer may unexpectedly set Don’t Fragment flag with jumbo frame related packets in OFTP communications and in log forwarding.
|FortiSOC is missing in cloud-based VMs.
|When formatting disk, database server may fail to shut down.
|FortiAnalyzer SCP backup cannot be stopped.
|The diagnose system ntp status command may return error /bin/ntpq: read: Connection refused.
|ADOM Mode Information has outdated wording about Reduced operation.
sqllogd may keep crashing after upgrading FAZ-3700F secondary unit.
|FortiAnalyzer to add SFTP and port support for all export commands.
|When calling an API, FortiAnalyzer may not update the progress with correct percentage.
|Webhook Fabric Connector sends the wrong Sever Name Indication (SNI) in the TLSv1.2 Client Hello.
|FortiAnalyzer may return SQL query error when creating temporary table
ioc-rescan. Workaround: Please set
ioc-rescan days to less than database compression days.
|FortiAnalyzer may stop inserting logs using high CPU usage.
|HA synchronization may stall at a random percentage.
|FortiAnalyzer may show fmgd crash during boot up after upgrade.
|Log insert lag time may go above 5 hours on a properly sized FortiAnalyzer.
|When frequently accessing different pages, FortiAnalyzer’s GUI may become sluggish and pages may not transition.
|Secondary FortiAnalyzer accepts FTP connections after disabling FortiRecorder.
|FortiAnalyzer may return duplicated data within log view JSON response.
disable-module setting resets to default after reboot.
|FortiAnalyzer generates a report for selected device with outputs for all devices.
|FortiAnalyzer may not be able to generate the SaaS Application Usage Reportwith Obfuscate User feature.
|After upgrade, all default reports and event handler list are lost.
|FortiAnalyzer should show report, template, chart library, and dataset under report section.
|Default Reports, Templates, Chart Library, Macro Library, or Datasets are missing on newly created ADOMs.
|Graphics may not be complete for FortiGate Performance Statistics Report.
|When accessing Throughout Utilization Billing Report, FortiAnalyzer may show a vertical line on the Interface Throughout Distribution chart when there is no interface data available.
|Application icons may not be displayed in report.
|FortiAnalyzer should separate the Admin profile setting for Log and SoC views.
|Chromebooks are unable to log to FortiAnalyzer if the admin has trusted hosts configured.
|The GB/day displayed in License Widget may not be correct.
|Email should be sent successfully from FortiAnalyzer with SMTPS TCP/465.
|Device Log Settings > Upload to FTP may not working correctly in collector-analyzer setup.
|NTPv3 enabled with authentication is not sending NTP client request with hardware platforms.
|FortiAnalyzer HA primary unit may stop log insertion when there is postgres UPDATE on IOC.
|Avatar may always synchronizing resulting in init sync cannot be finished.
|SMTP server password should not be limited to 63 characters.
|After upgrade, log filter setting may set to Equal to„for log forwarding.
|The secondary unit in FortiAnalyzer HA cluster may report HA cluster config-sync DOWN, cause=keepalive failure every couple of days.
|There may be multiple
tz columns when logs are forwarded in syslog.
Znane problemy do rozwiązania:
|FortiGate v6.0 with sub-ca certificate may not be able to establish oftp connection with FortiAnalyzer without sub-ca certificate.
|Event handler may not be triggered correctly when there is more than one match.
|SOC should show AP SSIDs and clients from Event Logs when the Service Profile is in Bridge mode.
|Bandwidth may not match between FortiAnalyzer and FortiGate.
|FortiGate cannot get FortiClient’s vulnerability detail information from FortiAnalyzer.
|Bytes Sent/Received should match between Top Destinations and Policy Hit charts under FortiView when filtered by the same policy ID.
|FortiView monitor WiFi widget is not showing Bridged SSID information.
|FortiAnalyzer may show No Data in User Vulnerabilities Summary widget.
|If Sandbox detection only supports FortiGate in Fabric ADOM, there should be an indication on GUI.
|Ports status is not correct in Secure SD-WAN monitor and SD-WAN Performance status.
|FortiView Top Cloud Users may show „no entry found” message but there is a session graph shown.
|The return lines may be incorrect after adding filters to Top Website Categories.
|The Not operation may not work for advanced filter.
|The Not filer filter may not work properly.
|FortiAnalyzer should be able to apply multiple negative filters from the same type.
|Top Threats (FortiClient) may only display Threat level LOW and Allowed incidents.
|Monitors > Endpoints does not show all FortiClient endpoints in the logs.
|SSL Dialup IPSec connection count may not match with connection list.
|FortiAnalyzer may show a No Data message for the Worldwide Threat Prevalence chart.
|Opening compressed FortiClient traffic file on FortiAnalyzer may cause other compressed FortiClient traffic logs to fail to open.
|Some IPS archive files do not contain whole Attack Context but only contain BODY that is part of Attack Context.
|FortiAnalyzer may not display Traffic Logs in Log View and return Web Server Error 500.
|After creating an ADOM for FortiMail, the ADOM is not visible on GUI and mail domain logs are not going to the default FortiMail ADOM.
|Some log files under Log Browse may contain a mix of event and traffic messages.
|In Log View, importing log may fail.
|Filtering FortiClient event logs with wildcard UID filter returns no data.
|Downloading CSV file contains tunnel-up and tunnel-down VPN logs from other devices that belong to different ADOMs.
|When filtering with Action and Source IP under the Traffic menu, the filter output may be incorrect with the combination of smart action with any other field.
|Log filter may show unfiltered values.
/drive0/private/restapi/sync/fgt_intf_stat location may use too many inodes.
|FortiGate may display „SSL error” or „OFTP error” when testing connectivity with FortiAnalyzer.
|FortiAnalyzer may consume high on I/O resources every hour by fazwatch.
|FortiAnalyzer should have the ability to query CPU utilization on individual CPU core.
|When creating a system admin user using JSON API, FortiAnalyzer may return an error: The data is invalid for selected url.
|SIEM database should be trimmed at the same time when quota enforcement occurs.
|FortiAnalyzer is not generating all local Event logs for reports.
|FortiAnalyzer may have incorrect dataset queries without considering the direction field.
|Report filter may not work with devname.
|The FortiClient report is always empty after enabling device filter.
|Report sub-charts may not work after upgrade.
|Imported logs may not sync to slave.
|ADOMs may disappear randomly from ADOM configuration while editing it.
|FortiAnalyzer may accept invalid dashboard configurations which may break some widgets.
|When log forwarding is enabled, there may be logfwd crashes with high log rate.
|FortiAnalyzer may not time out admin session after many hours.
|FortiAnalyzer may return error, cfgerror:1, when editing and saving an admin user.
Notatki producenta: FortiAnalyzer 7.0.0
Bezpieczeństwo w biznesie