Producent oprogramowania Fortinet udostępnił najnowszą aktualizację dla produktu FortiAnalyzer o numerze wersji 7.0.1. Nowa aktualizacja pozbawiona jest błędów – między innymi podczas generowania raportów, które finalnie były niekompletne bądź puste. Aktualizacja 7.0.1 rozwiązuje również problem działania systemu BIOS, który sygnalizował mnóstwo błędów. Najnowsza aktualizacja to również koniec problemów z urządzeniem FortiAnalyzer 200-F – od teraz aktualizacja oprogramowania powinna na nim przebiegać prawidłowo. Po więcej szczegółowych informacji zapraszam do dalszej części artykułu.
Aktualnie wspierane modele:
| FortiAnalyzer | FAZ-150G, FAZ-200F, FAZ-300F, FAZ-300G, FAZ-400E, FAZ-800F, FAZ-800G, FAZ-1000F, FAZ-2000E,
FAZ-3000F, FAZ-3000G, FAZ-3500E, FAZ-3500F, FAZ-3500G, FAZ-3700F, FAZ-3900E |
| FortiAnalyzer VM | FAZ-VM64, FAZ-VM64-AWS, FAZ-VM64-Azure, FAZ-VM64-GCP, FAZ-VM64-HV (including Hyper-V 2016, 2019), FAZ-VM64-KVM, FAZ-VM64-OPC, FAZ-VM64-Xen (for both Citrix and Open Source Xen) |
Rozwiązane problemy:
Device Manager
| Bug ID | Description |
|---|---|
| 676662 | Collector may not be showing the same FortiGate device version as analyzer. |
| 716486 | FortiAnalyzer still populating unauthorized device list even after detect-unregistered-log-device is set to disable. |
| 722235 | FortiWeb ADOM may not able to auto-detect correct platform model with SN. |
FortiView
| Bug ID | Description |
|---|---|
| 708006 | Monitors Endpoints does not show all FortiClient endpoints as in logs. |
| 711810 | SSL Dialup IPSec connection count may not match with connection list. |
| 713083 | FortiAnalyzer may show a No Data message for the Worldwide Threat Prevalence chart. |
| 721008 | Threats > Compromised Hosts may not be able to acknowledge compromised hosts when the end user is not a known IP. |
Log View
| Bug ID | Description |
|---|---|
| 662830 | FortiAnalyzer daylight adjustments are not applied to real-time logging until rebooting the system. |
| 694307 | With increasing memory usage, FortiAnalyzer may stop receiving logs via OFTP from FortiGate devices. |
| 704410 | FortiAnalyzer may stop handling logs and the oftpd process is in a non-responsive state. |
| 711711 | Log filter may show unfiltered values. |
| 715960 | FortiClient Device ID takes FortiClient EMS SN value when displaying the log information from the historical view. |
| 721806 | LDAP User may not be able to delete Custom Views. |
| 724223 | Device list in Log View does not show correct devices after switching ADOMs. |
Others
| Bug ID | Description |
|---|---|
| 625343 | FortiAnalyzer may consume high on I/O resources every hour by fazwatch. |
| 686491 | Postgres may keep causing OoM with segmentation faults on multiple processes. |
| 690271 | The sqllogd daemon may crash. |
| 698780 | FortiAnalyzer may intermittently provide empty response to FortiView JSON requests. |
| 700562 | When creating a system admin user using JSON API, FortiAnalyzer may return an error: The data is invalid for selected url. |
| 709699 | FortiAnalyzer may contain a few siemdb crashes. |
| 710178 | FortiAnalyzer is listening on TCP/3000 even though accept-aggregation is disabled. |
| 710322 | An oftpd may have high memory usage triggering multiple crashes. |
| 713344 | After upgrade, FortiAnalyzer may show Invalid BIOS errors. |
| 713701 | FortiAnalyzer should provide more than 500 lines of logs via API. |
| 713826 | The diagnose test application siemdbd 6 command may show the wrong information after removing the last ADOM with „diagnose siem remove database. |
| 722521 | Upgrading of FortiAnalyzer-200F may not be possible due to hardware limitations. |
| 723638 | The dvmcmd process may crash when running TAC report. |
Reports
| Bug ID | Description |
|---|---|
| 692097 | A report’s sub-charts may not work after upgrade. |
| 713189 | Dataset and Intrusions-Timeline-By-Severity, may not list low severity intrusions. |
| 716505 | Text color for date on the cover page may not be correct. |
| 717557 | FortiAnalyzer reports may be empty when enabling LDAP Query. |
| 718172 | Report may be showing user or source as malicious code. |
| 718579 | While creating new or editing an Output Profile, the body section does not take any input. |
| 718849 | Reports and Output Profiles may disappear after upgrade. |
| 720897 | Scheduled Report may not run when the /amp folder is full. |
System Settings
| Bug ID | Description |
|---|---|
| 634253 | ADOMs may disappear randomly from ADOM configuration while editing it. |
| 667488 | Read-only users should not be able to change RAID level with the GUI. |
| 696041 | FortiAnalyzer SSO should support URI format in entity ID. |
| 712043 | HA cluster failover may not work with the secondary unit stuck in the init-syncing state. |
| 717524 | Users may not be able to add a username which contains a Slash (/) inside Device Log Setting. |
Common Vulnerabilities and Exposures
| Bug ID | CVE references |
|---|---|
| 716350 | FortiAnalyzer 7.0.1 is no longer vulnerable to the following CVE-Reference:
|
Znane problemy do rozwiązania:
Device Manager
| Bug ID | Description |
|---|---|
| 639479 | FortiGate v6.0 with sub-ca certificate may not be able to establish oftp connection with FortiAnalyzer without sub-ca certificate. |
Event Management
| Bug ID | Description |
|---|---|
| 691220 | Event handler may not be triggered correctly when there is more than one match. |
FortiSOC
| Bug ID | Description |
|---|---|
| 621473 | FortiSOC is missing in cloud-based VMs. |
FortiView
| Big ID | Description |
|---|---|
| 616675 | Bandwidth may not match between FortiAnalyzer and FortiGate. |
| 626530 | Bytes Sent/Received should match between Top Destinations and Policy Hit charts under FortiView when filtered by the same policy ID. |
| 640553 | FortiView monitor WiFi widget is not showing Bridged SSID information. |
| 641596 | FortiAnalyzer may show No Data in User Vulnerabilities Summary widget. |
| 707480 | Top Threats(FortiClient) may only display Threat level LOW and Allowed incidents. |
| 722443 | Top Destinations on FortiView may not display the correct information. |
| 723799 | Policy Name may not show up under FortiView > Traffic > Policy Hits > Policy Column for policies with name information. |
Log View
| Bug ID | Description |
|---|---|
| 661094 | In Log View, importing log may fail. |
| 674027 | Filtering FortiClient event logs with wildcard UID filter returns no data. |
| 704206 | When filtering with Action and Source IP under the Traffic menu, the filter output may be incorrect with the combination of smart action with any other field. |
Others
| Bug ID | Description |
|---|---|
| 616355 | FortiGate may display SSL error or OFTP error when testing connectivity with FortiAnalyzer. |
| 687180 | When using the operator „>=” for Greater than or Equal to in FortiAnalyzer CLI, it does not accept the syntax and throws an error. |
| 701753 | SIEM database should be trimmed at the same time when quota enforcement occurs. |
Reports
| Bug ID | Description |
|---|---|
| 653207 | FortiAnalyzer may have incorrect dataset queries without considering the Direction field. |
| 677090 | Report Filter may not work with devname. |
System Settings
| Bug ID | Description |
|---|---|
| 638380 | FortiAnalyzer may accept invalid which may break some widgets. |
| 669402 | FortiAnalyzer may not time out admin a session after many hours. |
| 708958 | Changing the Timezone on FortiAnalyzer does not take effect on FortiSOC. |
Notatki producenta: FortiAnalyzer 7.0.1
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie