Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Known Issues

The following issues have been identified in FortiAnalyzer version 6.4.2. For inquires about a particular bug or to report a bug, please contact Fortinet Customer Service & Support.

Device Manager

Bug ID Description
613115 Device Manager view may show red icons for VDOMs even when logs are received.

517643

When manually adding a device to a Fabric ADOM, FortiAnalyzer should not display Firmware Version.

523721

FortiAnalyzer should support FortiADC device type.

573684

When EMS is configured to send logs to FortiAnalyzer, EMS IP address is always 0.0.0.0.

639479

FortiGate v6.0 with sub-ca certificate may not be able to establish oftp connection with FortiAnalyzer without sub-ca certificate.

651696

Device Manager > Device > Average Log Rate (Logs/Sec) sort function does not work.

Event Management

Bug ID

Description

632326 Syslog type Event Handler Alert sends an Email that is truncated.
638676 SNMP alert is not generated for event handler is triggered by FortiWeb attack logs.

FortiView

Bug ID

Description

542607 When the user drills down in Applications & Websites > Top Web Sites (FortiClient), the page shows "No entry found".
626530 Bytes Sent/Received should match the Top Destinations and Policy Hit charts under FortiView when filtered by the same policy ID.

539298

Customer may not see data on cloud application bytes in FortiView.

579828

There may be a bandwidth discrepancy under FortiView > Application & websites > Top websites.

616675

Bandwidth may not match between FortiAnalyzer and FortiGate.

616914

Some graphs may not render data in FortiView.

620565

FortiAnalyzer should remove the entry Reserved in Top Country/Region.

638828

Incident of Compromised Hosts may not be triggered.

639523

FortiView DNS Logs may be empty.

640553

FortiView monitor WiFi widget is not showing Bridged SSID information.

641938

Navigation to Monitors > Local System Performance may cause the GUI to not respond.

642837

The GUI should indicate when Sandbox detection only supports FortiGate in Fabric ADOM.

643088

For VPN, the table keeps loading or returns Server error: Invalid request-id ********* for fetching result.

643842

All SD-WAN Rule related widgets or charts may show No Data in Secure SD-WAN Monitor and Secure SD-Wan report.

643843

Monitors > Secure SD-WAN Monitor > SD-WAN Rules Utilization widget always shows No Data.

FortiSoC

Bug ID

Description

632326 Syslog type Event Handler Alert sends an Email that is truncated.
638676 SNMP alert is not generated for event handler triggered by FortiWeb attack logs.

Log View

Bug ID

Description

579871 Restoration of logs does not indicate the correct timestamps under log browse after a NTP out of sync event.
608139 Opening compressed FortiClient traffic file on FortiAnalyzer may cause other compressed FortiClient traffic logs to fail to open.
625306 Hiding column(s) in Log view may cause filters to reference the wrong column.
631527 FortiAnalyzer may show a negative value for sent or received packet count under Log View > Traffic.

591272

Downloaded Logs files from Log View or Browse are not in the correct CSV format.

604850

The remote IP for SSL-VPN is showing as IPsec Remote IP.

633393

Some of the IPS archive files do not contain whole Attack Context but only contain BODY that is partial part of Attack Context.

635598

FortiAnalyzer may not display Traffic Logs in Log View and return Web Server Error 500.

641013

After creating an ADOM for FortiMail, the ADOM is not visible on GUI and mail domain logs are not going to the default FortiMail ADOM.

643858

Actual analytic logs does not match what is observed in log view.

644189

Filters configured in the FortiView summary are not applied to Log View.

646775

Log View > Fabric > All > Source IP filter with unspecific conditions may show No entry found.

650857

Source IP in Add Filter box under Log View is not translated in Japanese.

651256

Username starting with a small case vd letter does not get displayed in the Historical logs.

652076

Searching takes a very long time when using Custom Time Period in Log View.

Others

Bug ID Description
595696 The change of value for system.global.enc-algorithm is not applied to oftpd until a reboot.
617669 File parser may keep crashing every few minutes.

531962

There may be high disk I/O usage on FortiAnalyzer-1000E.

578907

exec log-aggregate all should aggregate all log files without any error.

587988

FortiAnalyzer is unable to send its local logs to FortiManager when FortiAnalyzer feature enabled.

616163

FortiAnalyzer may randomly display menu in Spanish instead of English.

625343

FortiAnalyzer may consume high on I/O resources every hour by fazwatch.

632971

FortiAnalyzer should have the ability to query CPU utilization on individual CPU core.

635984

Database rebuild may be slow.

644034

FortiAnalyzer HA may not synchronize analytics.

651230

SQL database log insertion stops and stops rebuild if there are old archive logs.

652438

FortiAnalyzer may not perform a complete FTP backup because of problems with files.

651057 System may randomly generate PS failure messages on power(PS*) status changed to not-present.

Reports

Bug ID Description
547496 FortiAnalyzer generates a report for selected device with outputs for all devices.
624911 FortiAnalyzer may not be able to generate the SaaS Application Usage Report with Obfuscate User feature.

522729

Report language files may not be fully translated.

621744

Reports may should incorrect columns and format when exporting from SSL Dialup IPSec to chart.

628823

FortiAnalyzer is not generating all local Event logs for reports.

645290

Security Analysis report is not showing Traffic Bandwidth chart.

647868

After upgrade, all default reports and event handler list are lost.

652715

The pre-defined reports items should be created in the new ADOM even when the same name being re-used.

653532

Scheduled report does not run if the report owner has been deleted from the admin list.

System Settings

Bug ID

Description

602422 Test User credentials fail when using RADIUS MSCHAPv2 as authentication type.

597443

FortiAnalyzer should able to forward logs that comply with syslog in RFC 5424 format.

628025

Power off without shutting down OS after clicking shutdown button on Hyper-V manager.

629663

Free text filter does not work when using (~) tilde sign on syslog ADOM for the message field.

630654

Imported logs may not sync to secondary device.

639102

FortiAnalyzer may not apply the Not equal to operator when Log Forwarding > Log Filter is configured using the GUI.

645101

SAML GUI does not populate certificates into the combo-box after the certificates are inserted.

648105

The License Information widget displays Unlimited VM Storage when the correct license is 500 GB.

653371

The CEF log forwarding start time does not match the event time.

647724 FortiAnalyzer may not be able to forward the same amount of logs in CEF format than in Syslog.

Known Issues

The following issues have been identified in FortiAnalyzer version 6.4.2. For inquires about a particular bug or to report a bug, please contact Fortinet Customer Service & Support.

Device Manager

Bug ID Description
613115 Device Manager view may show red icons for VDOMs even when logs are received.

517643

When manually adding a device to a Fabric ADOM, FortiAnalyzer should not display Firmware Version.

523721

FortiAnalyzer should support FortiADC device type.

573684

When EMS is configured to send logs to FortiAnalyzer, EMS IP address is always 0.0.0.0.

639479

FortiGate v6.0 with sub-ca certificate may not be able to establish oftp connection with FortiAnalyzer without sub-ca certificate.

651696

Device Manager > Device > Average Log Rate (Logs/Sec) sort function does not work.

Event Management

Bug ID

Description

632326 Syslog type Event Handler Alert sends an Email that is truncated.
638676 SNMP alert is not generated for event handler is triggered by FortiWeb attack logs.

FortiView

Bug ID

Description

542607 When the user drills down in Applications & Websites > Top Web Sites (FortiClient), the page shows "No entry found".
626530 Bytes Sent/Received should match the Top Destinations and Policy Hit charts under FortiView when filtered by the same policy ID.

539298

Customer may not see data on cloud application bytes in FortiView.

579828

There may be a bandwidth discrepancy under FortiView > Application & websites > Top websites.

616675

Bandwidth may not match between FortiAnalyzer and FortiGate.

616914

Some graphs may not render data in FortiView.

620565

FortiAnalyzer should remove the entry Reserved in Top Country/Region.

638828

Incident of Compromised Hosts may not be triggered.

639523

FortiView DNS Logs may be empty.

640553

FortiView monitor WiFi widget is not showing Bridged SSID information.

641938

Navigation to Monitors > Local System Performance may cause the GUI to not respond.

642837

The GUI should indicate when Sandbox detection only supports FortiGate in Fabric ADOM.

643088

For VPN, the table keeps loading or returns Server error: Invalid request-id ********* for fetching result.

643842

All SD-WAN Rule related widgets or charts may show No Data in Secure SD-WAN Monitor and Secure SD-Wan report.

643843

Monitors > Secure SD-WAN Monitor > SD-WAN Rules Utilization widget always shows No Data.

FortiSoC

Bug ID

Description

632326 Syslog type Event Handler Alert sends an Email that is truncated.
638676 SNMP alert is not generated for event handler triggered by FortiWeb attack logs.

Log View

Bug ID

Description

579871 Restoration of logs does not indicate the correct timestamps under log browse after a NTP out of sync event.
608139 Opening compressed FortiClient traffic file on FortiAnalyzer may cause other compressed FortiClient traffic logs to fail to open.
625306 Hiding column(s) in Log view may cause filters to reference the wrong column.
631527 FortiAnalyzer may show a negative value for sent or received packet count under Log View > Traffic.

591272

Downloaded Logs files from Log View or Browse are not in the correct CSV format.

604850

The remote IP for SSL-VPN is showing as IPsec Remote IP.

633393

Some of the IPS archive files do not contain whole Attack Context but only contain BODY that is partial part of Attack Context.

635598

FortiAnalyzer may not display Traffic Logs in Log View and return Web Server Error 500.

641013

After creating an ADOM for FortiMail, the ADOM is not visible on GUI and mail domain logs are not going to the default FortiMail ADOM.

643858

Actual analytic logs does not match what is observed in log view.

644189

Filters configured in the FortiView summary are not applied to Log View.

646775

Log View > Fabric > All > Source IP filter with unspecific conditions may show No entry found.

650857

Source IP in Add Filter box under Log View is not translated in Japanese.

651256

Username starting with a small case vd letter does not get displayed in the Historical logs.

652076

Searching takes a very long time when using Custom Time Period in Log View.

Others

Bug ID Description
595696 The change of value for system.global.enc-algorithm is not applied to oftpd until a reboot.
617669 File parser may keep crashing every few minutes.

531962

There may be high disk I/O usage on FortiAnalyzer-1000E.

578907

exec log-aggregate all should aggregate all log files without any error.

587988

FortiAnalyzer is unable to send its local logs to FortiManager when FortiAnalyzer feature enabled.

616163

FortiAnalyzer may randomly display menu in Spanish instead of English.

625343

FortiAnalyzer may consume high on I/O resources every hour by fazwatch.

632971

FortiAnalyzer should have the ability to query CPU utilization on individual CPU core.

635984

Database rebuild may be slow.

644034

FortiAnalyzer HA may not synchronize analytics.

651230

SQL database log insertion stops and stops rebuild if there are old archive logs.

652438

FortiAnalyzer may not perform a complete FTP backup because of problems with files.

651057 System may randomly generate PS failure messages on power(PS*) status changed to not-present.

Reports

Bug ID Description
547496 FortiAnalyzer generates a report for selected device with outputs for all devices.
624911 FortiAnalyzer may not be able to generate the SaaS Application Usage Report with Obfuscate User feature.

522729

Report language files may not be fully translated.

621744

Reports may should incorrect columns and format when exporting from SSL Dialup IPSec to chart.

628823

FortiAnalyzer is not generating all local Event logs for reports.

645290

Security Analysis report is not showing Traffic Bandwidth chart.

647868

After upgrade, all default reports and event handler list are lost.

652715

The pre-defined reports items should be created in the new ADOM even when the same name being re-used.

653532

Scheduled report does not run if the report owner has been deleted from the admin list.

System Settings

Bug ID

Description

602422 Test User credentials fail when using RADIUS MSCHAPv2 as authentication type.

597443

FortiAnalyzer should able to forward logs that comply with syslog in RFC 5424 format.

628025

Power off without shutting down OS after clicking shutdown button on Hyper-V manager.

629663

Free text filter does not work when using (~) tilde sign on syslog ADOM for the message field.

630654

Imported logs may not sync to secondary device.

639102

FortiAnalyzer may not apply the Not equal to operator when Log Forwarding > Log Filter is configured using the GUI.

645101

SAML GUI does not populate certificates into the combo-box after the certificates are inserted.

648105

The License Information widget displays Unlimited VM Storage when the correct license is 500 GB.

653371

The CEF log forwarding start time does not match the event time.

647724 FortiAnalyzer may not be able to forward the same amount of logs in CEF format than in Syslog.