Producent oprogramowania Fortinet właśnie udostępnił nową wersję oprogramowania 6.2.7 dla produktu FortiAnalyzer. W nowej wersji oprogramowania rozwiązano problem zawieszającego się parseru plików. Podczas tworzenia kopii zapasowej dzienników za pomocą SCP przez CLI, nie generują się już błędy. Rozwiązano również błąd, który powodował brak danych na wykresach w FortiView. Zachęcamy do zapoznania się z dalszą częścią artykułu.
Rozwiązane problemy:
FortiSoC
| Bug ID | Description |
|---|---|
| 638676 | SNMP alert is not generated for event handler triggered by FortiWeb attack logs. |
FortiView
| Bug ID | Description |
|---|---|
| 590775 | FortiAnalyzer should hide Device and Time Frame selection in Fortiview Threat Map. |
| 616914 | Some graphs may not render data in FortiView. |
| 667745 | FortiView > Traffic > Top Sources may return zero value for time period of less than four hours. |
Others
| Bug ID | Description |
|---|---|
| 578907 | exec log-aggregate all should aggregate all log files without an error. |
| 610161 | FortiAnalyzer may unexpectedly set Don’t Fragment flag with jumbo frame related packets in OFTP communications and in log forwarding. |
| 617669 | File parser may keep crashing every few minutes. |
| 659573 | Backup logs with SCP via CLI may have a few issues. |
| 665273 | The diagnose system ntp status command may return error /bin/ntpq: read: Connection refused. |
Reports
| Bug ID | Description |
|---|---|
| 547496 | FortiAnalyzer generates a report for a selected device with outputs for all devices. |
| 637129 | FortiAnalyzer may return 500 error when deleting an output profile. |
| 647868 | After upgrade, all default reports and event handler list are lost. |
| 652715 | The pre-defined reports items should be created in the new ADOM even the same name being re-used. |
| 653532 | Scheduled report does not run if the report owner has been deleted from the admin list. |
| 654182 | SD-WAN reporting graphs default to a scale of one second where the scale should auto-scale to milliseconds. |
System Settings
| Bug ID | Description |
|---|---|
| 639102 | FortiAnalyzer may not apply Not equal to operator when Log Forwarding > Log Filter is configured via GUI. |
| 647724 | FortiAnalyzer may not be able to forward the same amount of logs in CEF format than in Syslog. |
| 668067 | NTPv3 enabled with authentication is not sending NTP client request with hardware platforms. |
| 672633 | FortiAnalyzer HA primary unit may stop log insertion when there is postgres UPDATE on IOC. |
Znane problemy do rozwiązania:
Device Manager
| Bug ID | Description |
|---|---|
| 613115 | Device Manager view may show red icons for VDOMs even when the log is received. |
FortiView
| Bug ID | Description |
|---|---|
| 579828 | There may be bandwidth discrepancy under FortiView > Application & websites > Top websites. |
| 616675 | Bandwidth may not match between FortiAnalyzer and FortiGate. |
| 628225 | Compromised host shows Error 500 when FQDN is set in config log fortyanalyzer setting. |
| 640553 | FortiView monitor WiFi widget is not showing Bridged SSID information. |
| 668494 | FortiView may not apply filter correctly for many of the entries. |
Log View
| Bug ID | Description |
|---|---|
| 591272 | Download Logs files from Log View or browse are not in correct CSV format. |
| 604850 | The remote IP for SSL-VPN is showing as IPsec Remote IP. |
| 625306 | Hiding column(s) in Log view may make filters to reference to incorrect column. |
| 633393 | Some of IPS archive files do not contain whole Attack Context but only contain BODY that is partial part of Attack Context. |
| 635598 | FortiAnalyzer may not display Traffic Logs in Log View and return Web Server Error 500. |
| 638388 | When two filters are defined and the first filter is removed, clicking on the remaining filter may reference the removed filter. |
| 641013 | After creating ADOM in FortiMail, the ADOM is not visible on GUI and mail domain logs are not going to the default FortiMail ADOM. |
| 652076 | Log view may take a long time to load with Custom Time Period. |
| 653765 | Some log files under Log Browse may contain a mix of event and traffic messages. |
| 674027 | Filtering FortiClient event logs with wildcard UID filter does not return data. |
Others
| Bug ID | Description |
|---|---|
| 595696 | The change of value for system.global.enc-algorithm is not applied to oftpd until a reboot. |
| 625343 | FortiAnalyzer may consume high on I/O resources every hour by fazwatch. |
| 660810 | FortiAnalyzer-200F rebuild may get stuck and sqllogd may crash due to insufficient memory. |
Reports
| Bug ID | Description |
|---|---|
| 624911 | FortiAnalyzer may not be able to generate the SaaS Application Usage Report with Obfuscate User feature. |
| 628823 | FortiAnalyzer is not generating all local Event logs for reports. |
System Settings
| Bug ID | Description |
|---|---|
| 627683 | GB/day displayed in License Widget may not be correct. |
| 629663 | Free text filter does not work when using (~) tilde sign on syslog ADOM for the msg field. |
| 630654 | Imported logs may not sync to secondary device. |
| 634253 | ADOMs may disappear randomly from ADOM configuration while editing it. |
| 660798 | Device Log Settings > Upload to FTP, may not working correctly in collector-analyzer setup. |
Notatki producenta:FortiAnalyzer 6.2.7
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie
