This section highlights some of the operational changes that administrators should be aware of in FortiAnalyzer version 6.2.5.
Logver field not added to incoming FortiGate logs resulting in empty charts
FortiAnalyzer adds a
logver field to logs received from FortiGates. In FortiAnalyzer 6.2.5, FortiAnalyzer may stop adding the
logver field in some cases. (See 640634 in Known Issues.) If that happens, all charts that rely on the field are empty when reports are generated.
Upgrading to FortiAnalyzer 6.4.0 or later will resolve this issue.
Other options include:
- As a workaround, modify the underlying datasets so that the
logverfield is not referenced. See technote Missing field 'Logver' in logs causing reports to come out blank.
- Contact technical support to obtain a FortiAnalyzer 6.2 special branch build that includes the fix. The fix for 6.2 is scheduled to be available in an upcoming release.
Newly deployed, factory reset, or disk format may trigger upgrade code on subsequent reboot
For a newly deployed VM instance or appliance, a disk format or a factory reset on a FortiAnalyzer unit running version 6.2.3 may trigger the upgrade code upon rebooting the system, which in turn may update the database configuration, although no upgrades are required. This issue does not affect FortiAnalyzer units upgraded from versions prior to 6.2.3.
Workaround: Immediately after deploying a new FortiAnalyzer with version 6.2.3, reboot the system before administering any configuration.
Maximum ADOM limits for FortiAnalyzer
FortiAnalyzer hardware devices and VMs display a warning when the recommended maximum number of ADOMs is reached or exceeded. The platform does not enforce the limit; however, adding more ADOMs may affect the performance of the unit. For more details, see Appendix A - Recommended maximum number of ADOMs supported.
Port 8443 reserved
Port 8443 is reserved for https-logging from FortiClient EMS for Chromebooks.
All OFTP connections must be encrypted for FortiAnalyzer 6.2.0 (or higher)
Prior to upgrading to FortiAnalyzer 6.2, make sure that all FortiGate devices are configured to use encryption when communicating with FortiAnalyzer. Starting with FortiAnalyzer 6.2.0, all OFTP communications must be encrypted.
Hyper-V FortiAnalyzer-VM running on an AMD CPU
A Hyper-V FAZ-VM running on a PC with an AMD CPU may experience a kernel panic. Fortinet recommends running VMs on an Intel-based PC.
SSLv3 on FortiAnalyzer-VM64-AWS
Due to known vulnerabilities in the SSLv3 protocol, FortiAnalyzer-VM64-AWS only enables TLSv1 by default. All other models enable both TLSv1 and SSLv3. If you wish to disable SSLv3 support, please run:
config system global
set ssl-protocol t1sv1
Pre-processing logic of ebtime
Logs with the following conditions met are considered usable for the calculation of estimated browsing time:
Traffic logs with
logid == 13,
hostname must not be empty. The
service field should be either
If all above conditions are met, then
user is empty) are combined as a key to identify a user. For time estimation, the current value of
duration is calculated against history session start and end time, only un-overlapped part are used as the
ebtime of the current log.