Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Resolved Issues

The following issues have been fixed in FortiAnalyzer version 6.0.7. For inquires about a particular bug, please contact Customer Service & Support.

Device Manager

Bug ID

Description

520018 FortiAnalyzer should properly identify the firmware version after upgraded FortiGate.
520132 FortiAnalyzer may incorrectly add unregistered logging device as FGT-VM32 instead of FGT-VM64.
523875 Two FortiAnalyzer units receiving the same logs are showing sometimes significantly different log receive rates in the GUI.
545197 Device Manager log rate may be displayed incorrectly for a FortiGate HA cluster.
557753 Device Manager may display inaccurate HA status for FortiGate cluster.
559030 There is no visible encryption padlock for an integrated FortiWeb appliance.
561572 FortiAnalyzer may show incorrect device storage information after upgrade.

Event Management

Bug ID

Description

544550 FortiAnalyzer's alert email should show correct file name when malicious file is detected.
562106 Alert email for FSA includes "start scan time" and "end scan time", and they are displayed in UNIX time.

FortiView

Bug ID

Description

515219 Fortiview > FortiSandbox returns status of Pending analyzed file as Invalid () when fetched from FortiAnalyzer.
527076 Application name in FortiView is truncated if _ is used in the service name.
532728 Threat Map is not displayed due to missing longitude and latitude configurations in Device Manager for a FortiGate.
561230 Top websites in FortiView are not showing for certain categories.

Log View

Bug ID Description
466763 Log View should be able to customize default column settings.
506957 Archive indicator becomes invisible after selected more columns to display.
526167 Subnet filter should be supported in real time log view and it should not return "no entry found".
533960 The IP geographical location does not match with the flag shown beside IP address.
540000 The number of log fields for FortiManager event logs displayed in FortiAnalyzer's Log View is less as compared to FortiManager.
556909 Device list drop down option may stick at loading in Log View and Reports.
569841 Admin users should be able to view logs when remote admin authenticates as Realm or admin.

NOC

Bug ID

Description

564650 FortiAnalyzer may crash due to IOC widget - IOC user view sends excessive requests and overloads fazvcd.

Others

Bug ID

Description

531843 DLP File archived on FortiAnalyzer is not readable.
544097 GUI may become unresponsive requires manual killing the fazsvcd process.
545509 Remote logging towards FortiAnalyzer should not saturate the number of admin logins on a MBD/FPC slot.
557200 based on b0292: sqllogd hung on walk through ncmdb.db.adomxxxxx for more than 40 minutes when reboot on 1900+ adoms.
562220 The diagnose dvm check-integrity command may not be able to fix errors caused by missing device databases.
566616 oftpd may hang and does not receive any logs.
575420 FortiAnalyzer may not be able to run diagnose dvm device list when there are many ADOMs.
577503 FortiAnalyzer does not generate local event log when trimming content archive files or IPS archive files without trimming its log files.

Reports

Bug ID

Description

380371 FortiAnalyzer improve report accuracy on high end models.
541820 The bandwidth-app-Top-Dest-By-Bandwidth-Sessions dataset should not split similar destinations into two different distinct destinations.
549915 Completed reports with long names are not being displayed under Report Folders.
555907 FortiAnalyzer may not successfully run all the daily scheduled reports.
558348 FortiAnalyzer is showing inconsistency in the listed report owner when cloning and importing a report.
559662 Report configuration cannot be saved because wildcard admin user name is too long.
562468 Report configuration may be missing for specific ADOM after firmware upgrade.
562926 "devname" does not work as a chart filter.
564117 FortiAnalyzer HA does not upload report to FTP server when load-balance is enabled.
565634 Pending report jobs may disappear when the jobs are running in multiple ADOMs.
568490 Report cover page's background image may be misaligned.
581769 After rebuilding the SQL database, users may now be able to run reports with all available data.
583192 FPC is not able to update Report file list with newly generated report file.

System Settings

Bug ID

Description

421340 Many messages in event log: Device login failed for restapi request due to empty user name.
503215 When "License status" changes to "Duplicate License", FortiAnalyzer does not update its own local event log.
516044 FortiAnalyzer GUI should keep the same behavior as CLI when disable log forwarding setting.
547904 Cluster Members status may be showing both nodes as connection down.
548866 Master unit in FortiAnalyzer HA Cluster responds with VIP only for SNMP traffic.
552614 The Log Insert Lag Time widget may not show data, creating cut-offs on the graph.
554345 FortiAnalyzer may consistently generate event logs stating "Did not receive any log" for devices that changed from standalone to HA.
554890 Log events should consistently end with a dot (.) delimiter.
555211 In FortiAnalyzer HA cluster, backup log insertion may be stuck when asking for UEBA data from master.
559592 Rebuilding SQL takes a very long time after added second slave to cluster.
561896 The data base's time and time zone should change according to system time.
563938 Analytic data should not be removed before quota is reached.
566495 After added log facility for log-forward setting via CLI, the change may not reflected in log data.
574987 ADOM quota retention removes more log data than the applied retention policy.
576867 FortiAnalyzer may remove ntpv3 authentication related settings after a reboot.
577814 FortiAnalyzer does not generate accurate local event log when ADOM retention policy is enforced.

Common Vulnerabilities and Exposures

Visit https://fortiguard.com/psirt for more information.

Bug ID

Description

565903

FortiAnalyzer is no longer vulnerable to the following CVE-Reference:

  • CVE-2019-11477
565942

FortiAnalyzer is no longer vulnerable to the following CVE-Reference:

  • CVE-2019-11478
565963

FortiAnalyzer is no longer vulnerable to the following CVE-Reference:

  • CVE-2019-11479

Resolved Issues

The following issues have been fixed in FortiAnalyzer version 6.0.7. For inquires about a particular bug, please contact Customer Service & Support.

Device Manager

Bug ID

Description

520018 FortiAnalyzer should properly identify the firmware version after upgraded FortiGate.
520132 FortiAnalyzer may incorrectly add unregistered logging device as FGT-VM32 instead of FGT-VM64.
523875 Two FortiAnalyzer units receiving the same logs are showing sometimes significantly different log receive rates in the GUI.
545197 Device Manager log rate may be displayed incorrectly for a FortiGate HA cluster.
557753 Device Manager may display inaccurate HA status for FortiGate cluster.
559030 There is no visible encryption padlock for an integrated FortiWeb appliance.
561572 FortiAnalyzer may show incorrect device storage information after upgrade.

Event Management

Bug ID

Description

544550 FortiAnalyzer's alert email should show correct file name when malicious file is detected.
562106 Alert email for FSA includes "start scan time" and "end scan time", and they are displayed in UNIX time.

FortiView

Bug ID

Description

515219 Fortiview > FortiSandbox returns status of Pending analyzed file as Invalid () when fetched from FortiAnalyzer.
527076 Application name in FortiView is truncated if _ is used in the service name.
532728 Threat Map is not displayed due to missing longitude and latitude configurations in Device Manager for a FortiGate.
561230 Top websites in FortiView are not showing for certain categories.

Log View

Bug ID Description
466763 Log View should be able to customize default column settings.
506957 Archive indicator becomes invisible after selected more columns to display.
526167 Subnet filter should be supported in real time log view and it should not return "no entry found".
533960 The IP geographical location does not match with the flag shown beside IP address.
540000 The number of log fields for FortiManager event logs displayed in FortiAnalyzer's Log View is less as compared to FortiManager.
556909 Device list drop down option may stick at loading in Log View and Reports.
569841 Admin users should be able to view logs when remote admin authenticates as Realm or admin.

NOC

Bug ID

Description

564650 FortiAnalyzer may crash due to IOC widget - IOC user view sends excessive requests and overloads fazvcd.

Others

Bug ID

Description

531843 DLP File archived on FortiAnalyzer is not readable.
544097 GUI may become unresponsive requires manual killing the fazsvcd process.
545509 Remote logging towards FortiAnalyzer should not saturate the number of admin logins on a MBD/FPC slot.
557200 based on b0292: sqllogd hung on walk through ncmdb.db.adomxxxxx for more than 40 minutes when reboot on 1900+ adoms.
562220 The diagnose dvm check-integrity command may not be able to fix errors caused by missing device databases.
566616 oftpd may hang and does not receive any logs.
575420 FortiAnalyzer may not be able to run diagnose dvm device list when there are many ADOMs.
577503 FortiAnalyzer does not generate local event log when trimming content archive files or IPS archive files without trimming its log files.

Reports

Bug ID

Description

380371 FortiAnalyzer improve report accuracy on high end models.
541820 The bandwidth-app-Top-Dest-By-Bandwidth-Sessions dataset should not split similar destinations into two different distinct destinations.
549915 Completed reports with long names are not being displayed under Report Folders.
555907 FortiAnalyzer may not successfully run all the daily scheduled reports.
558348 FortiAnalyzer is showing inconsistency in the listed report owner when cloning and importing a report.
559662 Report configuration cannot be saved because wildcard admin user name is too long.
562468 Report configuration may be missing for specific ADOM after firmware upgrade.
562926 "devname" does not work as a chart filter.
564117 FortiAnalyzer HA does not upload report to FTP server when load-balance is enabled.
565634 Pending report jobs may disappear when the jobs are running in multiple ADOMs.
568490 Report cover page's background image may be misaligned.
581769 After rebuilding the SQL database, users may now be able to run reports with all available data.
583192 FPC is not able to update Report file list with newly generated report file.

System Settings

Bug ID

Description

421340 Many messages in event log: Device login failed for restapi request due to empty user name.
503215 When "License status" changes to "Duplicate License", FortiAnalyzer does not update its own local event log.
516044 FortiAnalyzer GUI should keep the same behavior as CLI when disable log forwarding setting.
547904 Cluster Members status may be showing both nodes as connection down.
548866 Master unit in FortiAnalyzer HA Cluster responds with VIP only for SNMP traffic.
552614 The Log Insert Lag Time widget may not show data, creating cut-offs on the graph.
554345 FortiAnalyzer may consistently generate event logs stating "Did not receive any log" for devices that changed from standalone to HA.
554890 Log events should consistently end with a dot (.) delimiter.
555211 In FortiAnalyzer HA cluster, backup log insertion may be stuck when asking for UEBA data from master.
559592 Rebuilding SQL takes a very long time after added second slave to cluster.
561896 The data base's time and time zone should change according to system time.
563938 Analytic data should not be removed before quota is reached.
566495 After added log facility for log-forward setting via CLI, the change may not reflected in log data.
574987 ADOM quota retention removes more log data than the applied retention policy.
576867 FortiAnalyzer may remove ntpv3 authentication related settings after a reboot.
577814 FortiAnalyzer does not generate accurate local event log when ADOM retention policy is enforced.

Common Vulnerabilities and Exposures

Visit https://fortiguard.com/psirt for more information.

Bug ID

Description

565903

FortiAnalyzer is no longer vulnerable to the following CVE-Reference:

  • CVE-2019-11477
565942

FortiAnalyzer is no longer vulnerable to the following CVE-Reference:

  • CVE-2019-11478
565963

FortiAnalyzer is no longer vulnerable to the following CVE-Reference:

  • CVE-2019-11479