Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Known Issues

The following issues have been identified in FortiAnalyzer version 6.0.0. For inquires about a particular bug or to report a bug, please contact Fortinet Customer Service & Support.

Device Manager

Bug ID

Description

482543

When adding a HA member to an existing device, Device Manager may show both devices with the same serial number.

Event Management

Bug ID

Description

470373

During database rebuilds, alerts that are already triggered may be replayed again.

476489

Viewing the list of alerts triggered by traffic log with catdesc field will trigger system to return an error.

478209

Event filer may not work for some event handlers.

480476

Sorting by Severity may not work.

481556

Users may not be able to search for events.

481566

Event status may always be recognized as Unhandled instead of Blank.

483118

FortiAnalyzer may not be able to load data to display for Custom View.

483225

Right click menu may be missing from Custom View.

483572

Users may not be able to see avatars in the search when a user belongs to multiple end points.

483656

Users may not be able to see avatars on events triggered by FortiClient.

FortiView

Bug ID

Description

473629

Web Sites view with the Domain filter applied should not show the entire threat list.

473826

When FortiGate devices are in HA mode, there should not be duplicated IPv4 & IPv6 local policy 0 entries in Policies view.

474061

When using wildcard expression for srcip with multiple subnets, search returns sporadic results.

476316

FortiAnalyzer should properly display IP address with port number under the Web Sites view.

484312

Top Threats may display threats as numerical values without any detailed information.

484761

Compromised Hosts may show many duplicate entries.

484821

Compromised Hosts may show blank entries for end users.

Log View

Bug ID

Description

473907

FortiAnalyzer should not truncate syslog messages sent from Windows AD server using syslog agent.

473907

FortiAnalyzer should not truncate syslog messages sent from the Windows AD server using the syslog agent.

479688

FortiAnalyzer may always show acknowledged events with duplicated End User entries. Also, UUID may be displayed as the Host Name.

480205

Dot and wildcard are automatically removed when searching text in advanced mode.

481771

FortiWeb logs cannot being received if encryption is enabled.

482909

Application Control Logs and FortiView shows different information when inspecting GTP traffics.

483420

FortiAnalyzer may return an error when a user exports a report from IOC drilldown table.

483611

Column can be misaligned where there are some entries containing attachments.

NOC

Bug ID

Description

483683

The Security Rating Score may not be correct when there is a FortiGate HA failover.

484196

The CVE links under the Critical Vulnerabilities panel may not work in SOC View > Vulnerabilities Monitor page.

484693

The Compromised Hosts Incidents widget displays the No Data warning even when there is data showing in the widget.

Reports

Bug ID

Description

434272

PDF reports size may be bigger after upgrade.

469541

Users cannot import reports from version 5.0 to 6.0.

470616

Rendering of tables in PDF report may display overlapping entries.

470616

Entries may overlap in the reports generated in PDF format.

476000

Reports may not show the full results within specified time period.

480088

Export template under the CLI may not work.

483778

The Bandwidth Summary graph may not be accurate if there are more than twenty eight days included within a report.

484350

The Proxy Applications and Remote Access Application charts in the Cyber Threat Assessment report turns may not show any data after upgrading from 5.6.0.

484863

All report names with underline should concatenated with uuid.

System settings

Bug ID

Description

470489

Under Storage Info, columns may not be displayed properly when doing a search.

474066

When an administrator profile is configured with Read-Write permission for Reports and Read-Only for System Settings, administrators associated with the profile cannot preview or save a chart using the chart builder.

476109

FortiAnalyzer may forward logs with incorrect logid.

476701

Log forwarding sends poluuid value without closing double quotes.

479159

Devices may not display in logging topology when device traffic option is selected.

484194

Forwarded logs should not include excluded log fields.

484349

Fetch session may be paused after approval.

Others

Bug ID

Description

469050

The XML API, getFazGeneratedReport, cannot return report name that contains Unicode.

482508

Console may continuously show the error message: Audit rpt format error.

482751

HA primary unit's HA daemon uses 100% resource on a single CPU core.

483897

Users may not be able to search HA traffics by device name via JSON APIs.

483917

FortiAnalyzer may stuck when rebuilding the database.

Workaround: Run the diagnose test application sqllogd 99 CLI command.

 

Known Issues

The following issues have been identified in FortiAnalyzer version 6.0.0. For inquires about a particular bug or to report a bug, please contact Fortinet Customer Service & Support.

Device Manager

Bug ID

Description

482543

When adding a HA member to an existing device, Device Manager may show both devices with the same serial number.

Event Management

Bug ID

Description

470373

During database rebuilds, alerts that are already triggered may be replayed again.

476489

Viewing the list of alerts triggered by traffic log with catdesc field will trigger system to return an error.

478209

Event filer may not work for some event handlers.

480476

Sorting by Severity may not work.

481556

Users may not be able to search for events.

481566

Event status may always be recognized as Unhandled instead of Blank.

483118

FortiAnalyzer may not be able to load data to display for Custom View.

483225

Right click menu may be missing from Custom View.

483572

Users may not be able to see avatars in the search when a user belongs to multiple end points.

483656

Users may not be able to see avatars on events triggered by FortiClient.

FortiView

Bug ID

Description

473629

Web Sites view with the Domain filter applied should not show the entire threat list.

473826

When FortiGate devices are in HA mode, there should not be duplicated IPv4 & IPv6 local policy 0 entries in Policies view.

474061

When using wildcard expression for srcip with multiple subnets, search returns sporadic results.

476316

FortiAnalyzer should properly display IP address with port number under the Web Sites view.

484312

Top Threats may display threats as numerical values without any detailed information.

484761

Compromised Hosts may show many duplicate entries.

484821

Compromised Hosts may show blank entries for end users.

Log View

Bug ID

Description

473907

FortiAnalyzer should not truncate syslog messages sent from Windows AD server using syslog agent.

473907

FortiAnalyzer should not truncate syslog messages sent from the Windows AD server using the syslog agent.

479688

FortiAnalyzer may always show acknowledged events with duplicated End User entries. Also, UUID may be displayed as the Host Name.

480205

Dot and wildcard are automatically removed when searching text in advanced mode.

481771

FortiWeb logs cannot being received if encryption is enabled.

482909

Application Control Logs and FortiView shows different information when inspecting GTP traffics.

483420

FortiAnalyzer may return an error when a user exports a report from IOC drilldown table.

483611

Column can be misaligned where there are some entries containing attachments.

NOC

Bug ID

Description

483683

The Security Rating Score may not be correct when there is a FortiGate HA failover.

484196

The CVE links under the Critical Vulnerabilities panel may not work in SOC View > Vulnerabilities Monitor page.

484693

The Compromised Hosts Incidents widget displays the No Data warning even when there is data showing in the widget.

Reports

Bug ID

Description

434272

PDF reports size may be bigger after upgrade.

469541

Users cannot import reports from version 5.0 to 6.0.

470616

Rendering of tables in PDF report may display overlapping entries.

470616

Entries may overlap in the reports generated in PDF format.

476000

Reports may not show the full results within specified time period.

480088

Export template under the CLI may not work.

483778

The Bandwidth Summary graph may not be accurate if there are more than twenty eight days included within a report.

484350

The Proxy Applications and Remote Access Application charts in the Cyber Threat Assessment report turns may not show any data after upgrading from 5.6.0.

484863

All report names with underline should concatenated with uuid.

System settings

Bug ID

Description

470489

Under Storage Info, columns may not be displayed properly when doing a search.

474066

When an administrator profile is configured with Read-Write permission for Reports and Read-Only for System Settings, administrators associated with the profile cannot preview or save a chart using the chart builder.

476109

FortiAnalyzer may forward logs with incorrect logid.

476701

Log forwarding sends poluuid value without closing double quotes.

479159

Devices may not display in logging topology when device traffic option is selected.

484194

Forwarded logs should not include excluded log fields.

484349

Fetch session may be paused after approval.

Others

Bug ID

Description

469050

The XML API, getFazGeneratedReport, cannot return report name that contains Unicode.

482508

Console may continuously show the error message: Audit rpt format error.

482751

HA primary unit's HA daemon uses 100% resource on a single CPU core.

483897

Users may not be able to search HA traffics by device name via JSON APIs.

483917

FortiAnalyzer may stuck when rebuilding the database.

Workaround: Run the diagnose test application sqllogd 99 CLI command.