Producent Fortinet udostępnił najnowszą aktualizację dla FortiAnalyzer, o numerze wersji 7.0.0. Dzięki nowej aktualizacji zostały skorygowane problemy z wcześniejszych wersji. Główne naprawy dotyczą raportów, gdzie błędy dotyczyły złego wyświetlania danych. W wersji 7.0.0, skorygowano błędne działanie FortiView, gdzie problem dotyczył błędnych właściwość łącza SD-WAN. Co więcej, poprawiono obsługiwanie urządzeń FortiADC. Po więcej informacji, zapraszam do dalszej części artykułu.
Aktualnie wspierane modele:
| FortiAnalyzer | FAZ-150G, FAZ-300F, FAZ-300G, FAZ-400E, FAZ-800F, FAZ-1000F, FAZ-2000E,
FAZ-3000F, FAZ-3000G, FAZ-3500E, FAZ-3500F, FAZ-3500G, FAZ-3700F, FAZ-3900E |
| FortiAnalyzer VM | FAZ-VM64, FAZ-VM64-AWS, FAZ-VM64-Azure, FAZ-VM64-GCP, FAZ-VM64-HV (including Hyper-V 2016, 2019), FAZ-VM64-KVM, FAZ-VM64-OPC, FAZ-VM64-Xen (for both Citrix and Open Source Xen) |
Rozwiązane problemy:
Device Manager
| Bug ID | Description |
|---|---|
| 521774 | The Add and Delete function for unregistered devices are greyed out even when the root ADOM is locked. |
| 523721 | FortiAnalyzer should support FortiADC device type. |
| 622649 | When a FortiGate HA device is deleted, their log files are not deleted. |
| 696853 | When manually adding a device in FortiNAC ADOM, version v8.8 is not listed in the version option. |
FortiSOC
| Bug ID | Description |
|---|---|
| 656293 | FortiAnalyzer should automatically retrieve all software inventory after EMS connector is created. |
FortiView
| Bug ID | Description |
|---|---|
| 668494 | FortiView may not apply filter correctly for many of the entries. |
| 668922 | Selecting FortiGate in FortiView Traffic logs returns Invalid params: Cannot find device XXX under adom XXX. |
| 670844 | Resources Usage Peak shows higher bandwidth than real usage. |
| 671620 | FortiAnalyzer SD-WAN View is not showing correct SLA output and cannot filter on specific SLA. |
| 673477 | FortiView map may fail to display traffic. |
| 674461 | Within FortiView VPN logs, the Country Flags may be incorrect. |
| 678250 | FortiView may show error when drill-down IOC rescan details. |
| 682485 | Policy hit count may be shown as zero while there is traffic. |
| 682657 | FortiView may not be refreshed correctly after switching between ADOMs. |
| 684131 | Top Sources response may be slow when filtering by Policy ID. |
| 684193 | Secure SD-WAN Monitor should not send a request when device list fails to load. |
| 690895 | FortiView > Monitors > Secure SD-WAN Monitor > SD-WAN Rules Utilization widget may show No Data for some FortiGates. |
| 691570 | FortiAnalyzer may not be able to cancel IOC re-scan task. |
| 692464 | FortiAnalyzer may prompt XSS erro while retrieving IPS error log details. |
| 692852 | After upgrade, the Secure SD-WAN Monitor may show No Data for Performance, Jitter, Latency, or Packet loss widget. |
| 702268 | Loading the FortiView page may be very slow when the Source is set as FortiAnalyzer when accessing it from FortiGate. |
Log View
| Bug ID | Description |
|---|---|
| 522202 | FortiAnalyzer may not able to accept syslog from FortiVoice. |
| 591272 | Downloaded Logs files from Log View or browse are not in the correct CSV format. |
| 600083 | Endpoint Identification should always show the same user tied to the same session. |
| 625306 | Hiding column(s) in Log view may cause filters to reference to incorrect column. |
| 638388 | When two filters are defined and the first filter is removed, clicking on the remaining filter may incorrectly reference a removed filter. |
| 639228 | FortiAnalyzer needs to synchronize FortiClient 6.4.1 new log format changes for Value of Type, Sub-type, and Event Type. |
| 643858 | Actual analytics logs do not match what is observed in log view. |
| 652076 | Log view may take a long time to load with Custom Time Period. |
| 672350 | FortiAnalyzer should able to view the space in between the user name on Log View > Event > VPN > User column. |
| 672763 | Level Column is empty on GUI when switching to Real-time Log on a FortiAnalyzer ADOM. |
| 690922 | The event logs filter should only display logs from its own VDOM. |
Others
| Bug ID | Description |
|---|---|
| 578907 | The exec log-aggregate all should aggregate all log files without any error. |
| 595696 | The change of value for system.global.enc-algorithm is not applied to oftpd until a reboot. |
| 610161 | FortiAnalyzer may unexpectedly set Don’t Fragment flag with jumbo frame related packets in OFTP communications and in log forwarding. |
| 621473 | FortiSOC is missing in cloud-based VMs. |
| 653646 | When formatting disk, database server may fail to shut down. |
| 656370 | FortiAnalyzer SCP backup cannot be stopped. |
| 665273 | The diagnose system ntp status command may return error /bin/ntpq: read: Connection refused. |
| 666940 | ADOM Mode Information has outdated wording about Reduced operation. |
| 673224 | The sqllogd may keep crashing after upgrading FAZ-3700F secondary unit. |
| 675273 | FortiAnalyzer to add SFTP and port support for all export commands. |
| 675930 | When calling an API, FortiAnalyzer may not update the progress with correct percentage. |
| 676103 | Webhook Fabric Connector sends the wrong Sever Name Indication (SNI) in the TLSv1.2 Client Hello. |
| 677494 | FortiAnalyzer may return SQL query error when creating temporary table blklst during ioc-rescan. Workaround: Please set ioc-rescan days to less than database compression days. |
| 678200 | FortiAnalyzer may stop inserting logs using high CPU usage. |
| 681884 | HA synchronization may stall at a random percentage. |
| 682997 | FortiAnalyzer may show fmgd crash during boot up after upgrade. |
| 687809 | Log insert lag time may go above 5 hours on a properly sized FortiAnalyzer. |
| 693161 | When frequently accessing different pages, FortiAnalyzer’s GUI may become sluggish and pages may not transition. |
| 696211 | Secondary FortiAnalyzer accepts FTP connections after disabling FortiRecorder. |
| 697654 | FortiAnalyzer may return duplicated data within log view JSON response. |
| 702140 | The disable-module setting resets to default after reboot. |
Reports
| Bug ID | Description |
|---|---|
| 547496 | FortiAnalyzer generates a report for selected device with outputs for all devices. |
| 624911 | FortiAnalyzer may not be able to generate the SaaS Application Usage Reportwith Obfuscate User feature. |
| 647868 | After upgrade, all default reports and event handler list are lost. |
| 662442 | FortiAnalyzer should show report, template, chart library, and dataset under report section. |
| 677060 | Default Reports, Templates, Chart Library, Macro Library, or Datasets are missing on newly created ADOMs. |
| 677109 | Graphics may not be complete for FortiGate Performance Statistics Report. |
| 695960 | When accessing Throughout Utilization Billing Report, FortiAnalyzer may show a vertical line on the Interface Throughout Distribution chart when there is no interface data available. |
| 704544 | Application icons may not be displayed in report. |
System Settings
| Bug ID | Description |
|---|---|
| 560895 | FortiAnalyzer should separate the Admin profile setting for Log and SoC views. |
| 580629 | Chromebooks are unable to log to FortiAnalyzer if the admin has trusted hosts configured. |
| 627683 | The GB/day displayed in License Widget may not be correct. |
| 631709 | Email should be sent successfully from FortiAnalyzer with SMTPS TCP/465. |
| 660798 | Device Log Settings > Upload to FTP may not working correctly in collector-analyzer setup. |
| 668067 | NTPv3 enabled with authentication is not sending NTP client request with hardware platforms. |
| 672633 | FortiAnalyzer HA primary unit may stop log insertion when there is postgres UPDATE on IOC. |
| 681321 | Avatar may always synchronizing resulting in init sync cannot be finished. |
| 681622 | SMTP server password should not be limited to 63 characters. |
| 689824 | After upgrade, log filter setting may set to Equal to„for log forwarding. |
| 691798 | The secondary unit in FortiAnalyzer HA cluster may report HA cluster config-sync DOWN, cause=keepalive failure every couple of days. |
| 708047 | There may be multiple devid, devname, or tz columns when logs are forwarded in syslog. |
Znane problemy do rozwiązania:
Device Manager
| Bug ID | Description |
|---|---|
| 639479 | FortiGate v6.0 with sub-ca certificate may not be able to establish oftp connection with FortiAnalyzer without sub-ca certificate. |
Event Management
| Bug ID | Description |
|---|---|
| 691220 | Event handler may not be triggered correctly when there is more than one match. |
FortiView
| Bug ID | Description |
|---|---|
| 579910 | SOC should show AP SSIDs and clients from Event Logs when the Service Profile is in Bridge mode. |
| 616675 | Bandwidth may not match between FortiAnalyzer and FortiGate. |
| 621453 | FortiGate cannot get FortiClient’s vulnerability detail information from FortiAnalyzer. |
| 626530 | Bytes Sent/Received should match between Top Destinations and Policy Hit charts under FortiView when filtered by the same policy ID. |
| 640553 | FortiView monitor WiFi widget is not showing Bridged SSID information. |
| 641596 | FortiAnalyzer may show No Data in User Vulnerabilities Summary widget. |
| 642837 | If Sandbox detection only supports FortiGate in Fabric ADOM, there should be an indication on GUI. |
| 663930 | Ports status is not correct in Secure SD-WAN monitor and SD-WAN Performance status. |
| 667076 | FortiView Top Cloud Users may show „no entry found” message but there is a session graph shown. |
| 683525 | The return lines may be incorrect after adding filters to Top Website Categories. |
| 683580 | The Not operation may not work for advanced filter. |
| 685452 | The Not filer filter may not work properly. |
| 688141 | FortiAnalyzer should be able to apply multiple negative filters from the same type. |
| 707480 | Top Threats (FortiClient) may only display Threat level LOW and Allowed incidents. |
| 708006 | Monitors > Endpoints does not show all FortiClient endpoints in the logs. |
| 711810 | SSL Dialup IPSec connection count may not match with connection list. |
| 713083 | FortiAnalyzer may show a No Data message for the Worldwide Threat Prevalence chart. |
Log View
| Bug ID | Description |
|---|---|
| 608139 | Opening compressed FortiClient traffic file on FortiAnalyzer may cause other compressed FortiClient traffic logs to fail to open. |
| 633393 | Some IPS archive files do not contain whole Attack Context but only contain BODY that is part of Attack Context. |
| 635598 | FortiAnalyzer may not display Traffic Logs in Log View and return Web Server Error 500. |
| 641013 | After creating an ADOM for FortiMail, the ADOM is not visible on GUI and mail domain logs are not going to the default FortiMail ADOM. |
| 653765 | Some log files under Log Browse may contain a mix of event and traffic messages. |
| 661094 | In Log View, importing log may fail. |
| 674027 | Filtering FortiClient event logs with wildcard UID filter returns no data. |
| 686924 | Downloading CSV file contains tunnel-up and tunnel-down VPN logs from other devices that belong to different ADOMs. |
| 704206 | When filtering with Action and Source IP under the Traffic menu, the filter output may be incorrect with the combination of smart action with any other field. |
| 711711 | Log filter may show unfiltered values. |
Others
| Bug ID | Description |
|---|---|
| 584105 | The /drive0/private/restapi/sync/fgt_intf_stat location may use too many inodes. |
| 616355 | FortiGate may display „SSL error” or „OFTP error” when testing connectivity with FortiAnalyzer. |
| 625343 | FortiAnalyzer may consume high on I/O resources every hour by fazwatch. |
| 632971 | FortiAnalyzer should have the ability to query CPU utilization on individual CPU core. |
| 700562 | When creating a system admin user using JSON API, FortiAnalyzer may return an error: The data is invalid for selected url. |
| 701753 | SIEM database should be trimmed at the same time when quota enforcement occurs. |
Reports
| Bug ID | Description |
|---|---|
| 628823 | FortiAnalyzer is not generating all local Event logs for reports. |
| 653207 | FortiAnalyzer may have incorrect dataset queries without considering the direction field. |
| 677090 | Report filter may not work with devname. |
| 683668 | The FortiClient report is always empty after enabling device filter. |
| 692097 | Report sub-charts may not work after upgrade. |
System Settings
| Bug ID | Description |
|---|---|
| 630654 | Imported logs may not sync to slave. |
| 634253 | ADOMs may disappear randomly from ADOM configuration while editing it. |
| 638380 | FortiAnalyzer may accept invalid dashboard configurations which may break some widgets. |
| 666767 | When log forwarding is enabled, there may be logfwd crashes with high log rate. |
| 669402 | FortiAnalyzer may not time out admin session after many hours. |
| 673591 | FortiAnalyzer may return error, cfgerror:1, when editing and saving an admin user. |
Notatki producenta: FortiAnalyzer 7.0.0
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie
