Producent oprogramowania Fortinet opublikował właśnie najnowszą aktualizację oprogramowania o numerze wersji 7.2.0 dla produktu FortiAnalyzer. W najnowszej wersji produktu FortiAnalyzer uzyskujemy możliwość konfiguracji klastra HA maszyn wirtualnych w Oracle Cloud (OCl), która nie była dostępna w poprzednich wydaniach. W wersji 7.2.0 rozwiązano wiele problemów utrudniających pracę analitykom logów, min. naprawiono błąd wyświetlania logów systemu DOS w zakładce FortiView oraz braku możliwości wyświetlenia logów, gdy filtr jest ustawiony za pomocą menu rozwijanego z wartością wprowadzoną ręcznie. Więcej informacji na temat aktualizacji zapraszamy do dalszej części posta.
Aktualnie wspierane modele:
| FortiAnalyzer | FAZ-150G, FAZ-300F, FAZ-300G, FAZ-400E, FAZ-800F, FAZ-800G, FAZ-1000F, FAZ-2000E,
FAZ-3000F, FAZ-3000G, FAZ-3500E, FAZ-3500F, FAZ-3500G, FAZ-3700F, and FAZ-3700G. |
| FortiAnalyzer VM | FAZ_DOCKER, FAZ-VM64, FAZ-VM64-AWS, FAZ-VM64-AWSOnDemand, FAZ-VM64-Azure, FAZ-VM64-GCP, FAZ-VM64-IBM, FAZ-VM64-HV (including Hyper-V 2016, 2019), FAZ-VM64-KVM, FAZ-VM64-OPC, FAZ-VM64-Xen (for both Citrix and Open Source Xen), |
Rozwiązane problemy:
FortiView
| Bug ID | Description |
|---|---|
| 720908 | FortiAnalyzer does not display DOS related logs under FortiView. |
| 778978 | The „Device filter” under the FortiView > Secure SD-WAN Monitor does not show the proper data. |
| 792161 | Permission error dispute of having write access is displayed when creating subnet on Fabric View. |
Log View
| Bug ID | Description |
|---|---|
| 708842 | FortiAnalyzer fails to complete FortiGate log query when filter is set using drop down menu with value entered manually. |
| 752407 | FortiAnalyzer Log View filter vanishes after displaying log details and returns to the log page with filter. |
| 781113 | The custom view should list all the used filters. |
Others
| Bug ID | Description |
|---|---|
| 766485 | FortiAnalyzer frequently generates error log with message „service:geoip, fgd server 'gip.fortinet.net’ was unreachable.” |
| 778841 | Users should be able to trim or clear kernel logs. |
| 756833 | FortiAnalyzer’s HA is not supported on OCI (Oracle Cloud). |
Reports
| Bug ID | Description |
|---|---|
| 759572 | The default WiFi report does not display the WiFi clients when APs are in the bridged mode. |
| 766505 | Report’s header may not be repositioned. |
| 774764 | The exported report chart should not return error for „Top Resource Usage Drilldown”. |
| 779945 | Report cover page date color may not change according to setting. |
| 781238 | Default font setting change is not reflected in the portrait report cover title. |
| 781240 | SSL VPN Web Mode duration predefined dataset is incorrectly there are multiple sessions. |
System Settings
| Bug ID | Description |
|---|---|
| 693584 | Syslog server can only send via UDP, and not TCP with TLS option configured. |
| 752979 | When changing the unit of allocated disk utilization to GB or TB, FortiAnalyzer always displays the unit in MB. |
| 759809 | FortiAnalyzer should have Time zone information for local logs. |
| 771397 | The information/notification popups do not close automatically after the completion of any task. |
| 774553 | FortiAnalyzer’s GUI login „Force to change password upon next log on” feature not working. |
Znane problemy:
FortiView
| Big ID | Description |
|---|---|
| 641596 | FortiAnalyzer may show „No Data” in „User Vulnerabilities Summary” widget. |
| 768270 | Secure SD-WAN Monitor shows 'No Data’ if only HA member having the SD-WAN logs. |
| 781460 | Adding filters and drill down return an error, „Invalid params:” will show for chart or list for Top Threats. |
Log View
| Bug ID | Description |
|---|---|
| 771086 | FortiAnalyzer displays Invalid log file format error message when importing log backup to FortiAnalyzer. |
| 779893 | „dstowner” field is not allowed for filter in traffic logs. |
Others
| Bug ID | Description |
|---|---|
| 773745 | FortiAnalyzer should try to connect to FortiClient or forticlient-emsproxy.forticloud.com when enabling EMS cloud. |
Reports
| Bug ID | Description |
|---|---|
| 764194 | Playbooks run_report fails with „missing device(s)” if „Playbook Starter” as devices filter is selected. |
| 766123 | „Selected data binding is invalid” is shown for „Data Binding” in the chart details for „Traffic statistic”. |
| 771072 | Secure SD-WAN CSV report does not show device names for charts. |
| 779952 | Cyber Threat Assessment should show IPS attack Count 0 when there are no IPS logs. |
| 783172 | Reports may only show 64 devices report details after upgrade. |
System Settings
| Bug ID | Description |
|---|---|
| 734001 | FortiAnalyzer HA may randomly fail-over. |
| 748107 | Additional timestamp, tz field, is being added to forwarded logs from FortiAnalyzer. |
Notatki producenta: FortiAnalyzer 7.2.0
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie
