Fortinet publikuje pierwszą wersję oprogramowania dla produktu FortiAnalyzer w nowej rodzinie 6.4! FortiAnalyzer doposażony został w nowy kokpit monitorowania SD-WAN. Rozszerzone zostały również możliwości podczas tworzenia raportu dotyczącego SD-WAN – dodano możliwości wyświetlenia danych dotyczących wykorzystania SD-WAN według reguł, aplikacji, użytkowników oraz kluczowych wskaźników wydajności (opóźnień, utraty pakietów). Świetną wiadomością jest fakt, iż Fortinet udostępnia darmową rejestrację bezterminowych licencji testowych dla logowania z trzech urządzeń FortiGate! Więcej informacji w artykule!
Nowości w FortiAnalyzer 6.4:
- Darmowa rejestracja bezterminowych licencji testowych
Możesz uzyskać bezpłatną licencję próbną dla logowania z maksymalnie trzech urządzeń. Licencje próbne nie wygasają.
- Przejdź do strony logowania FortiAnalyzer VM.
- Kliknij Zaloguj się za pomocą FortiCloud.
- Wprowadź dane logowania do konta FortiCloud i kliknij Zaloguj się. Konto FortiCloud jest wymagane do wygenerowania darmowej licencji.
Przejdź do System settings> dashboard, aby wyświetlić stan licencji w widgecie License Information
Aby wyświetlić licencję próbną w FortiCloud, zaloguj się do swojego konta i kliknij Asset> Manage/View Products.
- FortiAnalyzer SD-WAN Monitoring Dashboard
Wykresy podobne do dostępnych w raporcie SD-WAN można znaleźć jako widgety w domyślnym pulpicie nawigacyjnym SD-WAN w FortiView.
Okno Monitors w FortiView ma predefiniowany panel SD-WAN Monitor z ośmioma widgetami SD-WAN.
Dziewiąty widget, SD-WAN Rules Utilization, można dodać do głównego kokpitu.
Aby wyświetlić widżety SD-WAN:
- Przejdź do FortiView> Monitors.
W menu wybierz Secure SD-WAN monitor. - Panel Secure SD-WAN monitor wyświetla widgety SD-WAN.
Stan wydajności SD-WAN:
Wyświetla status poszczególnych łączy w SD-WAN
Umieść wskaźnik myszy nad paskiem, aby wyświetlić jego status, datę i godzinę w podpowiedzi.
Latency:
Widget Latency pokazuje wykres liniowy danych opóźnień dla każdego łącza SD-WAN w wybranym okresie.
Umieść wskaźnik myszy nad wykresem liniowym, aby wyświetlić datę, godzinę i opóźnienie.
Wykorzystanie SD-WAN według aplikacji
Pokazuje wykres słupkowy 10 najlepszych, 20 lub 30 aplikacji na każdym łączu SD-WAN w wybranym okresie.
Umieść wskaźnik myszy nad wykresem słupkowym, aby zobaczyć nazwę aplikacji i wykorzystanie każdego linku.
Wykorzystanie przepustowości według reguł SD-WAN:
Pokazuje wykres wykorzystania reguł SD-WAN w wybranym okresie.
- Enhanced SD-WAN Report
Raport wykorzystuje ulepszone logi FortiGate SD-Wan do wyświetlania wykorzystania SD-Wan według różnych reguł, łączy, aplikacji użytkowników, a także SLA łącza, wydajności i jakości kluczowych wskaźników wydajności, takich jak opóźnienia, zmiany pakietów i zmiany jittera w czasie.
Ulepszony raport obejmuje następujące elementy:
Ulepszona strona tytułowa raportu.
Dodano typ wykresu Sankeya dla lepszej wizualizacji.
Dodano poziomy wykres słupkowy: Dostępność SD-WAN.
Rozwiązane problemy:
Device Manager
| Bug ID | Description |
|---|---|
| 545264 | FortiAnalyzer may not show Device Lists. |
| 596832 | FortiGate Cluster is removed from log forwarding on failover when FortiAnalyzer is managed by a FortiManager. |
| 296528 | Sorting with Device Manager’s Log Status column may not work properly. |
| 496394 | Users may not be able to delete a VDOM from the GUI or API. |
| 536856 | Device IP address under Device Manager may get randomly auto-updated. |
| 589646 | FortiAnalyzer should be able to add FortiProxy device with firmware version 1.2. |
Event Management
| Build ID | Description |
|---|---|
| 537678 | FortiAnalyzer should support Event Handler group-by options for non FortiGate device types. |
| 560818 | Email filter event with group by subject may show unreadable characters due to some non-ASCII strings. |
| 563514 | Build 1050: Event handler does not work properly for FortiSandbox. |
| 590383 | Event handler does not accept Email with „+” sign in the address. |
FortiView
| Bug ID | Description |
|---|---|
| 602387 | FortiAnalyzer may use high CPU resources when viewing logs from FortiGate. |
| 611019 | Filter is not working when the user drills down from „Top Threats”. |
| 535682 | FortiView Compromised Host Last Detected time is displayed as GMT time instead of local time. |
| 562834 | On FortiView > Top Sources, FortiAnalyzer displays incorrect data when trying to filter logs with Source and User. |
| 574836 | FortiAnalyzer may not be able to show the Compromised Hosts. |
| 577941 | Compromised host should be removed from the list after being acknowledged. |
| 593374 | Exported PDF should take into consideration on how data is sorted. |
| 594107 | The time shown in Last Detected is only in 12 hour format and it does not include AM or PM. |
Log View
| Build ID | Description |
|---|---|
| 586929 | FortiAnalyzer may not insert logs when the IP changes often for endpoints due to DHCP. |
| 591077 | FortiAnalyzer may not be able to quickly insert logs when IP changes often for endpoints due to DHCP. |
| 542933 | FortiView does not search logs for the time entered in custom time. |
| 550523 | Downloading logs from Log View randomly fails. |
| 592340 | FortiAnalyzer may have performance issue to display system logs in Log View. |
| 608652 | Event alert logs cannot be inserted into database successfully on HA master unit. |
| 573281 | Unregistered syslog device appears with FortiMail’s IP after adding a FortiMail device. |
| 589840 | When source column is not selected, the log view cannot display log details. |
| 592808 | When FortiAnalyzer tries to display Traffic Log details, the details pane is completely empty. |
| 596229 | Log Filter should allow the user to choose and filter „DNS” log type when Log Forwarding is enabled. |
| 597192 | Downloading logs may take longer than log search. |
Others
| Build | Description |
|---|---|
| 551198 | The command, execute restore reports-config, may not run correctly. |
| 569707 | Device may hang and lost of accessibility including console. |
| 590630 | Backing up all ADOM logs via FTP may stop with no error printed. |
| 591594 | snmpd may frequently crash. |
| 508597 | FortiAnalyzer with no devices may occupy high CPU resources by sqllogd. |
| 529711 | FortiAnalyzer may connect to map server and GeoIP server directly even when web-proxy is enabled. |
| 544516 | FortiAnalyzer with Hyper-V live migration does not display the GUI. |
| 560746 | The default value for „hcache-max-fv-row” should be set based on available memory. |
| 562540 | FortiAnalyzer’s diagnostic report should also include IO statistics. |
| 578038 | After upgrade, FortiAnalyzer is slow when searching for information. |
| 588074 | FortiAnalyzer may stop receiving logs and event logs, and continuously display oftpd re-initialization. |
| 590368 | FortiAnalyzer may stop receiving logs after oftpd crashed. |
| 590503 | The new CLI process may crash due to commands „execute tac report” and „diagnose dvm check-integrity”. |
| 592593 | FortiAnalyzer may update ADOM disk allocation or create ADOM without any checks when request is made via JSON API. |
| 596192 | FortiAnalyzer may return incorrect value for SNMP MIB sysObjectID. |
| 596252 | The clustered daemon may consume high CPU resources. |
| 597093 | Mib file for FortiAnalyzer should not contain duplicated object ID. |
| 601093 | After upgrade, FortiManager may not receive logs from one FortiGate cluster that is running FortiOS 6.0. |
Reports
| Build ID | Description |
|---|---|
| 608819 | A report cache cannot be used on scheduled report when running on specific device. |
| 588590 | FortiAnalyzer should print a detailed message when importing report fails. |
| 380371 | FortiAnalyzer improved report accuracy on high end models. |
| 552414 | Read-write permissions are required to view and download reports through API calls. |
| 557388 | There are discrepancies in Bandwidth and Applications Report for predefined datasets with the same report time period. |
| 581769 | After rebuilding the SQL database, users may now be able to run reports with all available data. |
| 589496 | FortiAnalyzer may generate different results when running a report with the same time period, either with a custom time-period or selecting a specific time period from the dropdown list. |
System Settings
| Build ID | Description |
|---|---|
| 559592 | Rebuilding SQL takes a very long time after adding a second slave to a cluster. |
| 612328 | When there are overlapping trust hosts, the incorrect IP and subnet might be used in the IP table. |
| 516044 | FortiAnalyzer GUI should keep the same behavior as CLI when the user disables the log forwarding setting. |
| 571412 | Logging topology is misleading when collector mode FortiAnalyzer is deployed. |
| 574987 | ADOM quota retention removes more log data than the applied retention policy. |
| 577814 | FortiAnalyzer does not generate accurate local event logs when the ADOM retention policy is enforced. |
| 587702 | Restricted user with Specify ADOM permission cannot access Device Manager. |
| 590109 | Some time zones are formatted incorrectly when forwarding as syslog. |
| 593588 | GUI should not allow creating a Local Certificate with Certificate Name containing more than 35 characters. |
| 594693 | FortiAnalyzer may show many messages on Alert Console: „re-obtained table size for FGTADOM1391-Elog-1553532000 size=8192”. |
| 600639 | FortiAnalyzer may not be able to move a VDOM with long name from the Root ADOM to another ADOM. |
| 603346 | FortiAnalyzer should not allow user to set to 0 day for data retention policy. |
Znane problemy do rozwiązania:
Device Manager
| Bug ID | Description |
|---|---|
| 192706 | After FortiAnalyzer adds a VDOM, there is no method to disable VDOM mode. |
Fabric View
| Bug ID | Description |
|---|---|
| 622261 | Fabric View > Identity Center/Assets are not displayed for FortiClient when an ADOM has no FortiGate logs. |
FortiView
| Bug ID | Description |
|---|---|
| 586611 | Some NOC widgets are not working for log group. |
| 622671 | Under Failed Authentication Attempts, sorting by the User(Source IP) column does not give correct result. |
| 623948 | Top Threat Destinations table chart can trigger a query error when searching on the Threat Level column. |
| 624800 | Drill down from Top Threats(FortiClient) view to Log View always show „No entry found”. |
| 624970 | FortiView prompts „Server error: ERROR” when the device is a FortiClient. |
| 625004 | All Endpoints(FortiClient) view prompts query error when drill down to the Web Violation and Malware views. |
| 542607 | Drill down Applications & Websites > Top Web Sites(FortiClient) always shows No entry found. |
| 621271 | FortiAnalyzer may show incorrect session duration under SOC > Dial-up > Drill down table. |
| 611019 | Filter is not working when drilling down from Top Threats. |
| 534761 | FortiAnalyzer is missing threat entries in FortiView > Top Threats. |
| 590775 | FortiAnalyzer should hide Device and Time Frame selection in FortiView Threat Map. |
| 611019 | Filter is not working in the drill down from „Top Threats”. |
FortiSoC
| Bug ID | Description |
|---|---|
| 617227 | Playbook list column settings are missing „ID” and „Author”. |
| 624026 | Deleted connector can still be displayed in the playbook. |
| 624439 | If a playbook name is removed, FortiAnalyzer cannot add the name back on the next edit, or delete the playbook. |
| 624443 | Incidents will fail to update with an fazsvcd crash If not all parameters are not configured. |
| 625446 | Playbook monitor information is not synchronized from Master to Slave. |
| 625417 | After rebuilding the SQL database, the existing playbook cannot be run anymore. |
Log View
| Bug ID | Description |
|---|---|
| 597824 | Base64 encoded file name within archived logs sent by FortiSandbox is not decoded on FortiAnalyzer. |
| 608139 | Opening compressed FortiClient traffic file on FortiAnalyzer may cause other compressed FortiClient traffic logs fail to open. |
| 579871 | Restoration of logs does not show correct timestamps under log browse after a NTP out of sync event |
Others
| Bug ID | Description |
|---|---|
| 540766 | HA master cannot receive logs after HA failover on Azure. |
| 624239 | IOC has no license on AWSOnDemand. |
| 624712 | Secondary IP for the HA master is not transitioned to the new HA master after switch over on AWSOnDemand. |
| 601383 | FortiAnalyzer may become unresponsive when source IPs change often for all endpoints due to DHCP. |
| 587489 | Analytic data may be removed due to high disk usage. |
Reports
| Bug ID | Description |
|---|---|
| 624960 | Scheduled reports may not be generated when there is a possible corruption with the database. |
| 528395 | Deleting a device from Device Manager removes the report filter but does not stop schedule and notifications. |
| 547496 | FortiAnalyzer generates a report for selected device with outputs for all devices. |
| 553495 | FortiAnalyzer may prompt Web Server 404 Error when trying to download Report with 100,000 lines. |
System Settings
| Bug ID | Description |
|---|---|
| 533885 | An unnecessary message pops up when deleting a fabric ADOM. |
| 602422 | Test User credentials fail when using RADIUS MSCHAPv2 as authentication type. |
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie
