Producent oprogramowania Fortinet udostępnił najnowsza aktualizacje dla FortiAnalyzera o oznaczeniu 6.4.5. Nowa aktualizacja pozbawiła wielu błędów wcześniejszej wersji. Jednym z głównych problemów dotyczył trybu FortiAnalyzer, gdy pracował w trybie kolektora nie wyświetlał FortiView, zostało to naprawione po aktualizacji. Wersja 6.4.5 skorygowała problem generowania raportów dla zużycia aplikacji SaaS, również błędy dotyczące filtrów w FortiView zostały skorygowany. Po więcej informacji szczegółowych, zapraszam do dalszej części artykułu.
Aktualnie wspierane modele:
| FortiAnalyzer | FAZ-200F, FAZ-300F, FAZ-400E, FAZ-800F, FAZ-1000E, FAZ-2000E, FAZ-3000E, FAZ-1000F, FAZ-3000F, FAZ3000G, FAZ-3500E, FAZ-3500F, FAZ-3500G, FAZ-3700F and FAZ-3900E. |
| FortiAnalyzer VM | FAZ-VM64, FAZ-VM64-Ali, FAZ-VM64-AWS, FAZ-VM64-AWS-OnDemand, FAZ-VM64-Azure, FAZ-VM64-GCP, FAZ-VM64-HV, FAZ-VM64-KVM, , FAZ-VM64-OPC, and FAZ-VM64-XEN (Citrix XenServer and Open Source Xen). |
Rozwiązane problemy:
FortiSOC
| Bug ID | Description |
|---|---|
| 685426 | FortiAnalyzer should be able to see the incident that corresponds to events under the incidents analysis page. |
FortiView
| Bug ID | Description |
|---|---|
| 633960 | Filter is empty in request when drilling -down Top Applications(FortiClient) view to Log View. |
| 678110 | FortiView custom period filter is not able to set lower value for the end-time than that for the start-time. |
Log View
| Bug ID | Description |
|---|---|
| 604850 | The remote IP for SSL-VPN is showing as IPsec Remote IP. |
| 625306 | Hiding column(s) in Log view may cause filters to reference the wrong column. |
| 660792 | FortiAnalyzer-1000E may take a long time to download a filtered log view file. |
| 686924 | Downloading CSV file contains tunnel-up and tunnel-down VPN logs from other devices that belong to different ADOMs. |
Others
| Bug ID | Description |
|---|---|
| 595696 | The change of value for system.global.enc-algorithm is not applied to oftpd until a reboot. |
| 671711 | SQL database rebuild may not start and return ERROR: sqlplugind(690):receiver.c:96: socket 70 poll() failed. |
| 682997 | FortiAnalyzer may show fmgd crash during boot up after upgrade. |
| 683970 | There may be SQL process run more than one day long. |
| 687498 | The fortilogd daemon may consume high memory usage. |
| 687809 | Log insert lag time may go above 5 hours on a properly sized FortiAnalyzer. |
Reports
| Bug ID | Description |
|---|---|
| 624911 | FortiAnalyzer may not be able to generate the SaaS Application Usage Report with Obfuscate User feature. |
System Settings
| Bug ID | Description |
|---|---|
| 560895 | FortiAnalyzer should separate the Admin profile setting for Log and SoC views. |
| 613526 | FortiAnalyzer VM should prompt a warning when reaching the maximum ADOM limit. |
| 626636 | The Allow button may now work in HA configuration page. |
| 668901 | After enabled Collector mode, FortiAnalyzer may not show FortiView. |
Znane problemy:
Device Manager
| Bug ID | Description |
|---|---|
| 521774 | Add and delete function for unregistered devices are greyed out even when the root ADOM is locked. |
| 613115 | Device Manager view may show red icons for VDOMs even when the log is received. |
| 622649 | When a FortiGate HA device is deleted, their log files are not deleted. |
| 639479 | FortiGate v6.0 with sub-ca certificate may not be able to establish oftp connection with FortiAnalyzer without sub-ca certificate. |
| 681419 | Notification icon may still present for hidden unauthorized devices. |
| 696853 | When manually adding a device in FortiNAC ADOM, version v8.8 is not listed in the version option. |
Event Management
| Bug ID | Description |
|---|---|
| 691220 | Event handler may not be triggered correctly when there is more than one match. |
FortiSOC
| Bug ID | Description |
|---|---|
| 668942 | A playbook running AV scan on endpoint may return error: failed results- can not find parameters for connector. |
FortiView
| Bug ID | Description |
|---|---|
| 539298 | Customer may not see data on cloud application bytes in FortiView. |
| 579828 | There may be bandwidth discrepancy under FortiView > Application & websites > Top websites. |
| 616675 | Bandwidth may not match between FortiAnalyzer and FortiGate. |
| 621453 | FortiGate cannot get FortiClient’s vulnerability detail information from FortiAnalyzer. |
| 626530 | Bytes Sent/Received should match between Top Destinations and Policy Hit charts under FortiView when filtered by the same policy ID. |
| 640553 | FortiView monitor WiFi widget is not showing Bridged SSID information. |
| 641596 | FortiAnalyzer may show No Data in User Vulnerabilities Summary widget. |
| 642837 | The GUI should indicate if Sandbox detection only supports FortiGate in Fabric ADOM. |
| 663930 | Ports status may not be incorrect in Secure SD-WAN Monitor and SD-WAN Performance status. |
| 667076 | FortiView Top Cloud Users may show no entry found message but there is a session graph shown. |
| 683525 | The return lines may be incorrect after adding filters to Top Website Categories. |
| 683580 | The Not operation may not work for advanced filter. |
| 684131 | Top Sources response may be slow when filter by policy ID. |
| 688141 | FortiAnalyzer should be able to apply multiple negative filters from the same type. |
| 688537 | Information End User located in Summary should match with time range and logs. |
| 690895 | FortiView > Monitors > Secure SD-WAN Monitor > SD-WAN Rules Utilization widget may show No Data for some FortiGates. |
| 685452 | The NOT filer filter may not work properly. |
Log View
| Bug ID | Description |
|---|---|
| 608139 | Opening compressed FortiClient traffic file on FortiAnalyzer may cause other compressed FortiClient traffic logs fail to open. |
| 633393 | Some IPS archive files only contain BODY of Attack Context instead of the whole Attack Context. |
| 635598 | FortiAnalyzer may not display Traffic Logs in Log View and return Web Server Error 500. |
| 641013 | After created ADOM for FortiMail, the ADOM is not visible on GUI and mail domain logs are not going to the default FortiMail ADOM. |
| 652076 | Log view may load forever with Custom Time Period. |
| 653765 | Some log files under Log Browse may contain a mix of event and traffic messages. |
| 661094 | In Log View, importing log may fail. |
| 674027 | Filtering FortiClient event logs with wildcard UID filter returns no data. |
| 686258 | FortiAnalyzer may return No entry found when Log View filter with many devices selected. |
| 690922 | The event logs filter should display logs only from its own VDOM. |
Others
| Bug ID | Description |
|---|---|
| 584105 | The /drive0/private/restapi/sync/fgt_intf_stat location may use too much inodes. |
| 616355 | FortiGate may display SSL error or OFTP error when testing connectivity with FortiAnalyzer. |
| 625343 | FortiAnalyzer may consume high on I/O resources every hour by fazwatch. |
| 632971 | FortiAnalyzer should have the ability to query CPU utilization on individual CPU core. |
| 660810 | FortiAnalyzer-200F rebuild may get stuck and sqllogd may crash due to insufficient memory. |
| 677494 | FortiAnalyzer may return SQL query error when creating temporary table blocklist during ioc-rescan. Workaround: Please set ioc-rescan days to less than database compression days. |
| 681884 | HA synchronization may hang at random percentage. |
| 697654 | FortiAnalyzer may return duplicated data within log view JSON response. |
Reports
| Bug ID | Description |
|---|---|
| 628823 | FortiAnalyzer is not generating all local Event logs for reports. |
| 653207 | FortiAnalyzer may have incorrect dataset queries without considering the direction field. |
| 677090 | Report Filter may not work with devname. |
| 683668 | FortiClient report is always empty after enabled device filter. |
System Settings
| Bug ID | Description |
|---|---|
| 560895 | FortiAnalyzer should separate the Admin profile setting for Log and SoC views. |
| 629663 | Free text filter does not work when using (~) tilde sign on syslog ADOM for the msg field. |
| 630654 | Imported logs may not sync to slave. |
| 634253 | ADOMs may disappear randomly from ADOM configuration while editing it. |
| 638380 | FortiAnalyzer may accept invalid which may break some widgets. |
| 653371 | CEF log forwarding start time does not match with event time. |
| 666767 | When log forwarding is enabled, there may be logfwd crashes with high log rate. |
| 669402 | FortiAnalyzer may not time out admin a session after many hours. |
| 673591 | FortiAnalyzer may return error, cfgerror:1, when editing and saving an admin user. |
| 685892 | FortiAnalyzer is not sending SMTP EHLO message with fully-qualified hostname. |
| 689824 | After upgrade, log filter setting may set to Equal to for log forwarding. |
Notatki producenta: FortiAnalyzer 6.4.5
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie
