Fortinet opublikował aktualizację dla FortiAnalyzer o oznaczeniu wersji 7.0.6. Aktualizacja rozwiązuje problem który powodował zatrzymanie przyjmowania logów przez urządzenie, rozwiązano również problem ze stanem synchronizacji konfiguracji HA – który powodował błąd synchronizacji.
Aktualnie wspierane modele:
| FortiAnalyzer | FAZ-150G, FAZ-200F, FAZ-300F, FAZ-300G, FAZ-400E, FAZ-800F, FAZ-800G, FAZ-1000F, FAZ-2000E,
FAZ-3000F, FAZ-3000G, FAZ-3500E, FAZ-3500F, FAZ-3500G, FAZ-3700F, FAZ-3700G, FAZ-3900E |
| FortiAnalyzer VM | FAZ_DOCKER, FAZ-VM64, FAZ_VM64_ALI, FAZ-VM64-AWS, FAZ-VM64-Azure, FAZ-VM64-GCP, FAZ-VM64-HV (including Hyper-V 2016, 2019), FAZ-VM64-IBM, FAZ-VM64-KVM, FAZ-VM64-OPC, FAZ-VM64-Xen (for both Citrix and Open Source Xen) |
Rozwiązane problemy:
Log View
| Bug ID | Description |
|---|---|
| 858682 | The data icon under the Log View for ADOM FortiMail/FortiWeb do not properly display the log details. |
Others
| Bug ID | Description |
|---|---|
| 839191 | The HA config-sync status issue creates the sync failure frequently. |
| 845871 | FortiAnalyzer stopped accepting logs and status of the devices turned into red. |
Znane problemy:
Device Manager
| Bug ID | Description |
|---|---|
| 728715 | FortiAnalyzer displays red logging status for VDOMs with low traffic rate. |
| 814008 | Sort function for logs and average log rate (logs/sec) does not work in Device Manager. |
| 824296 | FortiAnalyzer does not show the „root VDOM” under its device manager. |
| 830376 | FortiAnalyzer does not display the right firmware running on its managed devices. |
| 833448 | The device SYSLOG-00000000 appears repeatedly even after being removed from the unregistered devices. |
FortiSOC
| Bug ID | Description |
|---|---|
| 717841 | IOC events and FortiGate Event Handler events are not being sent to FortiGate from FortiAnalyzer. |
| 775589 | FortiAnalyzer does not provide any details on status of Fabric Connectors. |
| 848284 | Despite having relevant event logs, created playbook does not get triggered. |
| 849070 | Playbook runs successfully on the FortiAnalyzer, but there is not any stitches triggered on the FortiGate. |
FortiView
| Big ID | Description |
|---|---|
| 744791 | „Failed Authentication Attempts” logs under the System tab of FortiView are blanks. |
| 768270 | Secure SD-WAN Monitor shows 'No Data’ if only HA member has the SD-WAN logs. |
| 841717 | The Data displayed on FortiView is inconsistent with the exported „Top Website Domains” PDF report. |
Log View
| Bug ID | Description |
|---|---|
| 691552 | FortiAnalyzer may be missing a double quote in direction log field. |
| 704206 | When filtering with „Action” and „Source IP” under Traffic menu, the filter output may be incorrect with the combination of smart action with any other field. |
| 761972 | Log View with device name filter may not work. |
| 763852 | If a user uses „Filter Mode” and types „=”, FortiAnalyzer returns the equal character, „=”, twice. |
| 771086 | FortiAnalyzer displays Invalid log file format error message when importing log backup to FortiAnalyzer. |
| 785559 | Filtering messages using the smart action field might not display the proper results. |
| 800675 | Read-Only profile for Log View, cannot search logs because filters are not working for ’empty’ value search in drill-down page. |
| 837554 | The Fabric log contains „::ffff:” prefix in front of the value of any IPv4 related fields. |
| 855783 | FortiAnalyzer event log file cannot be downloaded in „CSV” format. |
Others
| Bug ID | Description |
|---|---|
| 827787 | The CPU and Disk I/O usage of the FortiAnalyzer appear to be constantly high. |
| 838182 | Logs are not being inserted into the secondary FortiAnalyzer. |
| 841622 | FortiAnalyzer does not download the IOC DB updates when FortiManager acts as the local FortiGuard Server. |
| 860113 | The primary FortiAnalyzer can show the logs in Log View. The synchronization between primary and secondary fails and the secondary doesn’t show the last logs. |
Reports
| Bug ID | Description |
|---|---|
| 704187 | „Bandwidth and Application” Report’s data does not match with the Top Application data on FortiView. |
| 722233 | The generated report does not display data, but its dataset query contains data. |
| 837826 | The event logs does not create any event logs whenever reports are being generated via „run report”. |
| 844563 | Hodex Time shown on table chart does not match with the configured time period for the previous XX days in report. |
System Settings
| Bug ID | Description |
|---|---|
| 748107 | Additional timestamp, tz field, is being added to forwarded logs from FortiAnalyzer. |
| 758040 | FortiAnalyzer may be unable to establish Log Forward session with remote server using encrypted forwarding. |
| 782431 | SNMPv3 stopped working after upgrading. |
| 814471 | Despite having a proper license, new ADOMs cannot be created and error message „maximum number of ADOMs has been reached.” is displayed. |
| 849824 | Under the Event’s System logs, Adding Filter „Fortiguard web filter services are NOT reachable” does not display any logs. |
| 853855 | The log forwarding filter does not seem to work properly as expected on FortiAnalyzer. |
| 882195 | If HA attribute „hb-interface” is empty, upgrading directly from 7.0.5 or 7.0.6 to 7.2.2 may unset the HA configuration.
Workaround: Ensure the „hb-interface” has been set prior to upgrading. |
Notatki producenta: FortiAnalyzer 7.0.6
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie