Fortinet ogłosił wydanie aktualizacji do wersji 7.2.5 dla FortiAnalyzer. Wprowadzone usprawnienia dotyczą głównie lepszego zarządzania i bardziej precyzyjnego monitorowania, co przekłada się na zwiększoną efektywność interfejsów użytkownika. Szczególną uwagę poświęcono rozwiązaniu problemów takich jak: błąd zgłaszania nieprawidłowej nazwy użytkownika lub hasła dla urządzeń Security Fabric mimo wprowadzenia poprawnych danych, brak aktualizacji adresu IP na FortiAnalyzerze, gdy FortiGate jest przekierowywany z trybu Collector, oraz wyświetlanie nieprawidłowych informacji dotyczących wersji serwera EMS, adresu IP oraz statusu łączności. Dla głębszego zrozumienia wprowadzonych zmian oraz nowości, zapraszamy do zapoznania się ze szczegółami poniższego przeglądu.
Aktualnie wspierane modele:
| FortiAnalyzer | FAZ-150G, FAZ-300F, FAZ-300G, FAZ-400E, FAZ-800F, FAZ-800G, FAZ-1000F, FAZ2000E, FAZ-3000F, FAZ-3000G, FAZ-3500E, FAZ-3500F, FAZ-3500G, FAZ-3700F, and FAZ-3700G. |
| FortiAnalyzer VM | FAZ_DOCKER, FAZ_VM64, FAZ_VM64_ALI, FAZ_VM64_AWS, FAZ_VM64_AWSOnDemand, FAZ_VM64_Azure, FAZ_VM64_GCP, FAZ_VM64_IBM, FAZ_VM64_HV (including Hyper-V 2016, 2019), FAZ_VM64_KVM, FAZ_VM64_OPC, FAZ_VM64_XEN (for both Citrix and Open Source Xen). |
Rozwiązane problemy:
Device Manager
| Bug ID | Description |
|---|---|
| 861979 | FortiAnalyzer generates „Invalid user/password for Security Fabric device in Device manager” even though the password is correct. |
| 888797 | The IP address is not updated on FortiAnalyzer when the FortiGate is forwarded from Collector mode FortiAnalyzer. |
| 927113 | FortiAnalyzer displays incorrect EMS server version, IP address, and connectivity status. |
| 927747 | Connectivity status of FortiMail/FortiClient EMS shows the status „Unknown”. |
| 937850 | Device Connectivity status is displayed as „Unknown” under the Device Manager. |
| 956536 | Unable to add FortiNAC device to FortiAnalyzer. |
FortiSOC
| Bug ID | Description |
|---|---|
| 783569 | Automation Stitch Action „Ban IP” does not work on FortiGate because FortiAnalyzer did not send the srcip to FortiGate. |
| 959875 | In the Playbook Monitor, the status of the default playbook „Update Asset and Identity Database” is displayed as failed. |
FortiView
| Bug ID | Description |
|---|---|
| 783408 | When selecting „IPSec VPN” login type under the „Top Failed Authentication” tab, it displays No Results. |
| 946188 | Unable to get more details about the Compromised Hosts in FortiView. |
| 954773 | Top Threat Destinations widget doesn’t show expected data according to selected TOP Numbers. |
| 984498 | The device dropdown list on the SD-WAN Summary under FortiView displays, „failed loading data”. |
Log View
| Bug ID | Description |
|---|---|
| 775185 | Duplicated logs have the potential to adversely impact the overall performance of the FortiAnalyzer. |
| 937729 | Log View/Fabric filter does not work with classless subnets. |
| 941273 | When selecting a log attribute for filtering, no value options are provided. |
| 967641 | Intermittent and frequent issues occur when loading the Log View page. This happens when users click on the Log View pane, select FortiGates, or set filters. |
| 974762 | The horizontal scroll bar is missing from the detailed information window for events in Log View. |
Others
| Bug ID | Description |
|---|---|
| 812931 | VIP access is not supported due to the new Azure API changes in HA VRRP. |
| 893699 | Login failed for restapi request due to invalid user/password. |
| 914320 | There are multiple harmful errors displayed on the console’s output during the software upgrade process to 7.2.4. These errors might be related to „FGT-siem„, which is removed from v7.2.3 and v7.4, but it still exists in v7.2.2 and below, v7.0, and v6.4. |
| 922549 | The FortiAnalyzer HA cluster synchronization is stuck at the „HA_SYNC_STATE_SENDING_METADATA” status. |
| 924123 | FortiAnalyzer-1000Fdoes not support FortiWeb-1000F. |
| 927381 | High, constant I/O usage on the FortiAnalyzer may adversely affect the proper functioning of the „oftpd process„. |
| 933475 | Logs of HA secondary are not visible when the HA is a CSF’s member. |
| 942465 | Excessive „oftpd process” usage may adversely affect the proper functioning of the FortiAnalyzer. |
| 950464 | FortiAnalyzer under the event logs displays the following error message „Failed to upgrade alerts table FMGADOM118 from v5 to v6 ret=-1, reboot required.” |
| 950501 | The „execmd” process entering the Zombie state causes temporary slowdown and unresponsiveness in the FortiAnalyzer GUI. |
| 951791 | Continuous crashes for the”fileparsed Application” on FortiAnalyzer HA have been observed. |
| 952295 | FortiAnalyzer does not remove the logs after forwarding then to the cloud storage. |
| 957433 | When creating the FortiManager/FortiAnalyzer docker instances, UUID is missing under the „diagnose debug vminfo„. |
| 965803 | Due to some Redis-related issues, the „diag log device” command displays „Information Not Available” for all ADOMs, and newly generated reports are not visible on the GUI. |
Reports
| Bug ID | Description |
|---|---|
| 932310 | Unable to import report to FortiAnalyzer. |
| 936084 | No data is showed up in report when filter applied to chart in FortiMail ADOM. |
| 952229 | Certain charts in the reports are not employing consistent session counting logic within the base hcache for FGT_DATASET_BASE_TRAFFIC_BANDWIDTH_SESSION. This inconsistency might result in inaccurate results. |
System Settings
| Bug ID | Description |
|---|---|
| 829015 | „Privacy Masking” feature does not work properly for admins whose admin type utilizes „Remote Authentication Server”. |
| 898944 | When the ADOM name is changed, it does not update under the „Log Forward” in the „Select Device Filter„. |
| 927773 | When specific ADOMs are selected as Filters, Log Forwarding stops functioning. |
| 934625 | Adding devices to „Log-forward filter” creates duplicates of previously added devices. |
| 941261 | Users can’t access the „Log Forwarding” section; it displays a „Failed to load” error message. |
| 945233 | Log Forwarding configuration is automatically disabled by FortiAnalyzer when it fails to resolve FQDN addresses due to DNS issues. |
| 953842 | Log Forwarding does not filter logs based on the specific ADOMs. |
| 956884 | FortiAnalyzer’s HA Status consistently switches to „Negotiating” during the process of HA configuration synchronization. |
Notatki producenta: FortiAnalyzer 7.2.5
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie
