Fortinet publikuje nową aktualizację dla FortiAnalyzer’a o oznaczeniu wersji 6.4.3! W nowej aktualizacji producent informuje nas o tym że, FortiAnalyzer powinien obsługiwać urządzenia typu ADC (Application Delivery Controller). Wersja 6.4.3 udostępnia długo oczekiwaną obsługę FortiMail Cloud. FortiView powinien teraz poprawnie prezentować dane odnośnie VPN. Wcześniejsze wersje miały problemy z komunikacją pomiędzy FortiManagerem a FortiAnalyzerem, lecz od 6.4.3 nieprawidłowości te zostały zażegnane. Po więcej nowości dotyczących tej aktualizacji zapraszamy do dalszej części artykułu.
Rozwiązane problemy:
Device Manager
| Bug ID | Description |
|---|---|
| 523721 | FortiAnalyzer should support FortiADC device type. |
| 570039 | When FortiWeb is auto registered and promoted on FortiAnalyzer, the firmware version shown in Device Manager may not be correct. |
| 638847 | FortiWeb v6.3.3 may not be able to establish oftp connection with FortiAnalyzer without sub-ca certificate. |
| 640793 | FortiManager may not be able to register CSF group with FortiGate 6K or 7K series. |
| 651696 | Device Manager > Device > Average Log Rate (Logs/Sec) sort function does not work. |
| 669183 | FortiAnalyzer is missing support for FortiMail Cloud. |
FortiSOC
| Bug ID | Description |
|---|---|
| 632326 | Syslog type Event Handler Alert sent with Email is truncated. |
| 638676 | SNMP alert is not generated for event handler triggered by FortiWeb attack logs. |
| 656667 | FortiOS Connector may not be displayed when creating a playbook. |
FortiView
| Bug ID | Description |
|---|---|
| 620565 | FortiAnalyzer should remove the entry Reserved in Top Country/Region. |
| 643088 | For VPN, the table keeps loading or returns Server error: Invalid request-id ********* for fetching result. |
| 643842 | Secure SD-WAN Monitor and Secure SD-Wan report: All SD-WAN Rule related widgets or charts may show No Data. |
| 643843 | Monitors > Secure SD-WAN Monitor > „SD-WAN Rules Utilization widget always shows No Data. |
Log View
| Bug ID | Description |
|---|---|
| 644189 | Filters configured in the FortiView summary are not applied to Log View. |
| 646775 | Log View > Fabric > All > Source IP filter with unspecific conditions may show No entry found. |
| 651256 | Username starting with a small case „vd” letter is not displayed in the Historical logs. |
| 653641 | Logs coming from chassis unit seems to consumes excessive amounts of analytics data. |
| 657357 | Device Time filter may not work correctly under the „Log Browse” log files. |
Others
| Bug ID | Description |
|---|---|
| 587988 | FortiAnalyzer is unable to send its local logs to FortiManager with FortiAnalyzer feature enabled. |
| 617669 | File parser may keep crashing every few minutes. |
| 631832 | There may be multiple ERROR: integer out of range within pgsvr.log. |
| 651057 | System may randomly generates PS failure messages on power(PS*) status changed to not-present. |
| 652438 | FortiAnalyzer may not perform a complete FTP backup because of problems with files. |
| 652541 | The siemagentd may hang under load. |
| 655806 | FortiAnalyzer may show incorrect date filter within Log View or FortiView. |
| 659573 | Backup logs with SCP via CLI may have a few issues. |
| 664637 | | During rebuild, sqllogd may keep crashing every few seconds with signal 11. |
Reports
| Bug ID | Description |
|---|---|
| 626327 | Reports may be lost in some ADOMs after upgrade. |
| 637129 | FortiAnalyzer may return 500 error when deleting an output profile. |
| 652715 | The pre-defined reports items should be created in the new ADOM even the when same name is re-used. |
| 653532 | Scheduled report does not run if the report owner has been deleted from the admin list. |
System Settings
| Bug ID | Description |
|---|---|
| 597443 | FortiAnalyer should be able to forward logs that comply with syslog in RFC 5424 format. |
| 602422 | Test User credentials fail when using RADIUS MSCHAPv2 as authentication type. |
| 628025 | Powering off without shutting down OS after clicking shutdown button on Hyper-V manager generates an error message. |
| 645101 | SAML GUI does not populate certificates into the combo-box after the certificates are inserted. |
| 647724 | FortiAnalyzer may not be able to forward the same amount of logs in CEF format than in Syslog. |
| 648105 | Widget License Information displays Unlimited VM Storage when the correct license is 500 GB. |
ZNANE PROBLEMY DO ROZWIĄZANIA:
Device Manager
| Bug ID | Description |
|---|---|
| 613115 | Device Manager View may show red icons for VDOMs even log is received. |
| 639479 | FortiGate v6.0 with sub-ca certificate may not be able to establish oftp connection with FortiAnalyzer without sub-ca certificate. |
FortiView
| Bug ID | Description |
|---|---|
| 539298 | Customer may not see data on cloud application bytes in FortiView. |
| 579828 | There may be bandwidth discrepancy under FortiView > Application & websites > Top websites. |
| 616675 | Bandwidth may not match between FortiAnalyzer and FortiGate. |
| 616914 | Some graphs may not render data in FortiView. |
| 621453 | ForiGate cannot get FortiClient’s vulnerability detail information from FortiAnalyzer. |
| 626530 | Bytes Sent/Received should be matching between Top Destinations and Policy Hit charts under FortiView when filtered by the same policy ID. |
| 633960 | Filter is empty in request when drill-down Top Applications(FortiClient) view to Log View. |
| 638828 | Incident of Compromised Hosts may not be triggered. |
| 640553 | FortiView monitor WiFi widget is not showing Bridged SSID information. |
| 642837 | If Sandbox detection supports only with FortiGate in Fabric ADOM, there should be an indication on GUI. |
| 667076 | FortiView Top Cloud Users may show no entry found message but there is a session graph shown. |
| 668494 | FortiView may not apply filter correctly for many of the entries. |
FortiSoC
| Bug ID | Description |
|---|---|
| 668942 | With playbook running AV scan on endpoint may return error: „failed results- can not find parameters for connector”. |
Log View
| Bug ID | Description |
|---|---|
| 591272 | Download Log files from Log View or browse are not in correct CSV format. |
| 604850 | The remote IP for SSL-VPN is showing as IPsec Remote IP. |
| 608139 | Opening compressed FortiClient traffic file on FortiAnalyzer may cause other compressed FortiClient traffic logs fail to open. |
| 625306 | Hiding column(s) in Log View may cause filters to reference the incorrect column. |
| 635598 | FortiAnalyzer may not display Traffic Logs in Log View and return Web Server Error 500. |
| 638388 | When two filters are defined and the first filter is removed, clicking on the remaining filer may reference the filter that was removed. |
| 641013 | After creating an ADOM for FortiMail, the ADOM is not visible in the GUI and mail domain logs are not going to the default FortiMail ADOM. |
| 643858 | Actual analytics logs does not match what is observed in log view. |
| 652076 | Log view may take a long time to load with Custom Time Period. |
| 653765 | Some log files under Log Browse may contain a mix of event and traffic messages. |
| 661094 | In Log View, importing alog may fail. |
Others
| Bug ID | Description |
|---|---|
| 578907 | exec log-aggregate all should aggregate all log files without any errors. |
| 595696 | The change of value for system.global.enc-algorithm is not applied to oftpd until a reboot. |
| 621473 | FortiSOC is missing in cloud-based VMs. |
| 625343 | FortiAnalyzer may consume high on I/O resources every hour by fazwatch. |
| 632971 | FortiAnalyzer should have the ability to query CPU utilization on individual CPU core. |
| 660810 | FortiAnalyzer-200F rebuild may get stuck and sqllogd may crash due to insufficient memory. |
Reports
| Bug ID | Description |
|---|---|
| 522729 | Report language files may not be fully translated. |
| 547496 | FortiAnalyzer generates a report for selected device with outputs for all devices. |
| 624911 | FortiAnalyzer may not be able to generate the SaaS Application Usage Report with Obfuscate User feature. |
| 628823 | FortiAnalyzer is not generating all local Event logs for reports. |
| 647868 | After upgrade, all default reports and event handler list are lost. |
System Settings
| Bug ID | Description |
|---|---|
| 626636 | The Allow button may now work in HA configuration page. |
| 627683 | The License Widget may not display the correct GB/day. |
| 629663 | Free text filter does not work when using (~) tilde sign on syslog ADOM for the msg field. |
| 630654 | Imported logs may not sync to slave. |
| 634253 | ADOMs may disappear randomly from ADOM configuration while editing it. |
| 639102 | FortiAnalyzer may not applying „Not equal to” operator when „Log Forwarding > Log Filter” is configured via GUI. |
| 653371 | CEF log forwarding start time does not match with event time. |
| 668067 | NTPv3 enabled with authentication is not sending NTP client request with hardware platforms. |
| 668901 | After enabling Collector mode, FortiAnalyzer may not show FortiView. |
| 669402 | FortiAnalyzer may not time out admin a session after many hours. |
| 669403 | FortiAnalyzer should not allocating the same session ID to two different users. |
Notatki producenta:FortiAnalyzer 6.4.3
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie
