Fortinet opublikował nową wersję oprogramowania dla produktu FortiAnalyzer oznaczoną numerem wersji 6.4.2!

Druga wersja nowej rodziny oprogramowania jest wolna od błędów które skutkowały nieprawidłowościami podczas wyświetlania logów w kokpicie FortiView. Wyeliminowano również błąd polegający na nieprawidłowym działaniu filtrowania podczas przeglądania logów w czasie rzeczywistym. Wersja 6.4.2 pozbawiona jest również błędu który skutkował, iż zaimportowane pliki logów były niedostępne dla podglądu administratora.

Producent wprowadził również kilka usprawnień odnoszących się do tworzenia raportów na podstawie wskazanego przez nas urządzenia oraz wyeliminował problem zawieszania się poszczególnych procesów podczas obciążenia urządzenia.

Rozwiązane problemy:

Device Manager

Bug ID	Description
641490	FortiAnalyzer may fail to update HA group name after the group name is changed on the FortiGate side causing it crash occasionally.
648893	Device list may be empty in Device Manager after upgrade.

FortiView

Bug ID	Description
590775	FortiAnalyzer should hide Device and Time Frame selection in FortiView Threat Map.
624856	Default user filter is missing from FortiView > VPN > SSL & Dialup IPsec in filter mode while it is available in text mode.
632532	Drill-down in FortiView does not display correctly when log is at the bottom of the display.
641616	Exporting chart from FortiView triggers both successful and error messages.
641983	Traffic filter by policy ID with greater or less than option is not working correctly when viewing real-time logs.

Log View

Bug ID	Description
636967	After upgrade, FortiAnalyzer reports problem that filter in real-time log does not work resulting in No entry found.
642960	Logs imported in Log Browse may not show up in traffic logs.

Others

Bug ID	Description
630900	FortiAnalyzer should add filters from session-view to default skip-index list.
645965	The diagnose dvm device list command shows incorrect VDOM to ADOM assignment and Fabric view Asset displays data belonging to different ADOMs.
647589	EMS sysinfo wildcard call should be {'uid_list': []} instead of {'uid_list': ['']}.
644232	FortiAnalyzer may use high IO usage on VACUUM process.
652541	The siemagentd may hang under load.

Reports

Bug ID	Description
296148	FortiAnalyzer needs to restrict log tables when creating a view for dataset testing.
528395	Deleting device from Device Manager removes the report filter but does not stop schedule and notifications.
643238	User should be able filter reports based on device name in Reports > Report Definitions > All Reports.

System Settings

Bug ID	Description
599771	When logging in with an LDAP admin, one invalid ADOM value may cause 'authentication failed’.
613032	Cover page files may be not synchronized to secondary unit.
642459	Syslogd receives empty logs when FortiAnalyzer forwards FortiExtender logs.
644863	When SAML uses Supper_User under root ADOM, the user is not able to view analytic logs under FortiView and Event handler prompts „Web Server Error 500”.

Znane problemy do rozwiązania:

Device Manager

Bug ID	Description
613115	Device Manager view may show red icons for VDOMs even when logs are received.
517643	When manually adding a device to a Fabric ADOM, FortiAnalyzer should not display Firmware Version.
523721	FortiAnalyzer should support FortiADC device type.
573684	When EMS is configured to send logs to FortiAnalyzer, EMS IP address is always 0.0.0.0.
639479	FortiGate v6.0 with sub-ca certificate may not be able to establish oftp connection with FortiAnalyzer without sub-ca certificate.
651696	Device Manager > Device > Average Log Rate (Logs/Sec) sort function does not work.

Event Management

Bug ID	Description
632326	Syslog type Event Handler Alert sends an Email that is truncated.
638676	SNMP alert is not generated for event handler is triggered by FortiWeb attack logs.

FortiView

Bug ID	Description
542607	When the user drills down in Applications & Websites > Top Web Sites (FortiClient), the page shows „No entry found”.
626530	Bytes Sent/Received should match the Top Destinations and Policy Hit charts under FortiView when filtered by the same policy ID.
539298	Customer may not see data on cloud application bytes in FortiView.
579828	There may be a bandwidth discrepancy under FortiView > Application & websites > Top websites.
616675	Bandwidth may not match between FortiAnalyzer and FortiGate.
616914	Some graphs may not render data in FortiView.
620565	FortiAnalyzer should remove the entry Reserved in Top Country/Region.
638828	Incident of Compromised Hosts may not be triggered.
639523	FortiView DNS Logs may be empty.
640553	FortiView monitor WiFi widget is not showing Bridged SSID information.
641938	Navigation to Monitors > Local System Performance may cause the GUI to not respond.
642837	The GUI should indicate when Sandbox detection only supports FortiGate in Fabric ADOM.
643088	For VPN, the table keeps loading or returns Server error: Invalid request-id ********* for fetching result.
643842	All SD-WAN Rule related widgets or charts may show No Data in Secure SD-WAN Monitor and Secure SD-Wan report.
643843	Monitors > Secure SD-WAN Monitor > SD-WAN Rules Utilization widget always shows No Data.

FortiSoC

Bug ID	Description
632326	Syslog type Event Handler Alert sends an Email that is truncated.
638676	SNMP alert is not generated for event handler triggered by FortiWeb attack logs.

Log View

Bug ID	Description
579871	Restoration of logs does not indicate the correct timestamps under log browse after a NTP out of sync event.
608139	Opening compressed FortiClient traffic file on FortiAnalyzer may cause other compressed FortiClient traffic logs to fail to open.
625306	Hiding column(s) in Log view may cause filters to reference the wrong column.
631527	FortiAnalyzer may show a negative value for sent or received packet count under Log View > Traffic.
591272	Downloaded Logs files from Log View or Browse are not in the correct CSV format.
604850	The remote IP for SSL-VPN is showing as IPsec Remote IP.
633393	Some of the IPS archive files do not contain whole Attack Context but only contain BODY that is partial part of Attack Context.
635598	FortiAnalyzer may not display Traffic Logs in Log View and return Web Server Error 500.
641013	After creating an ADOM for FortiMail, the ADOM is not visible on GUI and mail domain logs are not going to the default FortiMail ADOM.
643858	Actual analytic logs does not match what is observed in log view.
644189	Filters configured in the FortiView summary are not applied to Log View.
646775	Log View > Fabric > All > Source IP filter with unspecific conditions may show No entry found.
650857	Source IP in Add Filter box under Log View is not translated in Japanese.
651256	Username starting with a small case vd letter does not get displayed in the Historical logs.
652076	Searching takes a very long time when using Custom Time Period in Log View.

Others

Bug ID	Description
595696	The change of value for system.global.enc-algorithm is not applied to oftpd until a reboot.
617669	File parser may keep crashing every few minutes.
531962	There may be high disk I/O usage on FortiAnalyzer-1000E.
578907	exec log-aggregate all should aggregate all log files without any error.
587988	FortiAnalyzer is unable to send its local logs to FortiManager when FortiAnalyzer feature enabled.
616163	FortiAnalyzer may randomly display menu in Spanish instead of English.
625343	FortiAnalyzer may consume high on I/O resources every hour by fazwatch.
632971	FortiAnalyzer should have the ability to query CPU utilization on individual CPU core.
635984	Database rebuild may be slow.
644034	FortiAnalyzer HA may not synchronize analytics.
645022	SQL database rebuild may not complete after upgrading the FortiAnalyzer.
651230	SQL database log insertion stops and stops rebuild if there are old archive logs.
652438	FortiAnalyzer may not perform a complete FTP backup because of problems with files.
651057	System may randomly generate PS failure messages on power(PS*) status changed to not-present.

Reports

Bug ID	Description
547496	FortiAnalyzer generates a report for selected device with outputs for all devices.
624911	FortiAnalyzer may not be able to generate the SaaS Application Usage Report with Obfuscate User feature.
522729	Report language files may not be fully translated.
610270	Generating reports using filters with enabled Auto-cache may take hours to complete.
621744	Reports may should incorrect columns and format when exporting from SSL Dialup IPSec to chart.
628823	FortiAnalyzer is not generating all local Event logs for reports.
645290	Security Analysis report is not showing Traffic Bandwidth chart.
647868	After upgrade, all default reports and event handler list are lost.
652715	The pre-defined reports items should be created in the new ADOM even when the same name being re-used.
653532	Scheduled report does not run if the report owner has been deleted from the admin list.

System Settings

Bug ID	Description
602422	Test User credentials fail when using RADIUS MSCHAPv2 as authentication type.
597443	FortiAnalyzer should able to forward logs that comply with syslog in RFC 5424 format.
628025	Power off without shutting down OS after clicking shutdown button on Hyper-V manager.
629663	Free text filter does not work when using (~) tilde sign on syslog ADOM for the message field.
630654	Imported logs may not sync to secondary device.
639102	FortiAnalyzer may not apply the Not equal to operator when Log Forwarding > Log Filter is configured using the GUI.
645101	SAML GUI does not populate certificates into the combo-box after the certificates are inserted.
648105	The License Information widget displays Unlimited VM Storage when the correct license is 500 GB.
653371	The CEF log forwarding start time does not match the event time.
647724	FortiAnalyzer may not be able to forward the same amount of logs in CEF format than in Syslog.

 

FortiAnalyzer 6.4.2 -Release Notes (klik)

Pozdrawiamy,

Zespół B&B
Bezpieczeństwo w biznesie

6.4.2 forti analyzer FortiAnalyzer fortianalyzer 6.4.2