Producent oprogramowania Fortinet wydał aktualizację FortiAnalyzer 8.0.0, koncentrując się na usunięciu wykrytych błędów oraz poprawie stabilności działania systemu. W najnowszej wersji rozwiązano trzy istotne problemy obejmujące brak możliwości logowania administratorów przez SAML SSO po przełączeniu HA, nieprawidłowe dane prezentowane w raportach VPN IPsec oraz rozbieżności czasowe w logach syslog przekazywanych do Splunk. Aktualizacja eliminuje błędy wpływające na bezpieczeństwo i poprawność raportowania. Więcej informacji można znaleźć w artykule poniżej.
Rozwiązane problemy:
Device Manager
| Bug ID | Description |
|---|---|
| 1204113 | Security rating logs from the FortiGate-HA cluster are causing a SIEM device to be created on the FortiAnalyzer and displayed in the unregistered device list. |
| 1227977 | Adding FortiSASE devices results in error, „The device’s serial number does not match database”. |
Fabric View
| Bug ID | Description |
|---|---|
| 1236262 | FortiOS Connector does not appear under the correct Security Fabric name. |
Log View
| Bug ID | Description |
|---|---|
| 1110895 | Correlated logs for Fortimail doesn’t show up except in the ADOM which has the root VDOMs. |
| 1188362 | Some detailed information in FortiMail logs is encapsulated within large message chunks. The current FortiAnalyzer log parsing logic does not yet support extracting these details from those chunks. |
| 1198027 | No results are returned when filtering the Event Message column by a suggested value that contains a comma. |
Others
| Bug ID | Description |
|---|---|
| 1179768 | Due to the FortiGate’s log schema upgrades/updates, upon FortiAnalyzer’s upgrade, the Postgres table schema will be updated, which may take a significant amount of time to complete. The database migration from Postgres to ClickHouse will only begin after the Postgres schema upgrade has successfully finished. As a result, the process might appear to be stuck but it is simply progressing slowly. The only recommended action is to wait patiently for the upgrade to complete. |
| 1204010 | After the FortiAnalyzer upgrade, the timestamp and eventtime fields in the forwarded syslog logs to Splunk no longer match, showing a two-hour discrepancy. |
| 1217641 | The output of diagnose fortilogd logvol-adom is not correct. |
Reports
| Bug ID | Description |
|---|---|
| 1179084 | The FortiProxy default datasets do not include both required traffic subtypes (http-transaction and forward) even though each session generates both. |
| 1204007 | FortiNAC reports are empty. |
| 1211383 | When opening a report that contains bare text or similar nodes at top level, the editor throws an exception error. |
| 1224929 | Following the upgrade, the data shown in the VPN reports Top 5 Site-to-Site IPsec Tunnels by Bandwidth chart appears to be inaccurate. |
System Settings
| Bug ID | Description |
|---|---|
| 1128305 | The forwarding rate is not zero when the log forwarding server is disabled or not configured. |
| 1259170 | When running version 8.0.0 BETA 2, the GUI may display a red message at the top of the page indicating that the image is not certified for virtual or hardware platforms. |
| 1220686 | SAML SSO synchronization prevents admin SSO login after HA failover. |
Notatki producenta: FortiAnalyzer 8.0.0
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie