Resolved Issues
The following issues have been fixed in FortiAnalyzer version 6.4.8. For inquires about a particular bug, please contact Customer Service & Support.
Device Manager
Bug ID | Description |
---|---|
626506 | When FortiManager sends syslogs to FortiAnalyzer, the FortiManager device may appear twice as unauthenticated devices. |
638080 | FortiAnalyzer ha-member-auto-grouping may not work FortiGate HA devices. |
687527 |
CSF cannot be formed when including FortiGate-6000 or FortiGate-7000 series as blades are not prompted on Device Manager. |
695804 |
Device Manager may not show FortiGate Fabric members under the root Fabric tree. |
749455 |
FortiAnalyzer may incorrectly detect FortiNAC firmware version. |
753567 |
In some rare cases, only some fabric devices may appear in the fabric group tree. |
FortiSOC
Bug ID | Description |
---|---|
784786 | Selecting of the log group returns invalid params error under FortiSoC > Event Monitor >All Event. |
FortiView
Bug ID | Description |
---|---|
579910 | SOC should show AP SSIDs and clients from event logs when the service profile is in bridge mode. |
640553 | FortiView monitor WiFi widget is not showing bridged SSID information. |
678044 |
FortiAnalyzer may not show rescan icon, and drill-down for rescan may show an empty page. |
691570 |
FortiAnalyzer may not be able to cancel IOC re-scan task. |
723799 |
Policy Name may not show up under FortiView > Traffic > Policy Hits > Policy Column for policies with name information. |
727056 |
SD-WAN Monitor may show incorrect bandwidth. |
741910 |
Top Cloud Applications may show 0 KB utilization under the Bandwidth column. |
742005 |
FortiView widgets may take a very long time to load. |
751295 |
FortiView Secure SD-WAN and Secure SD WAN report should display correct information for Health Checker's packet loss. |
753911 |
Monitor should be able to show values with faster response time. |
756502 |
Exporting to report chart may fail for "Top Apps by Installs fails". |
781460 |
Adding filters and drilldown return an error, "Invalid params:" will show for chart or list for "Top Threats". |
Log View
Bug ID | Description |
---|---|
653765 | Some log files under Log Browse may contain a mix of event and traffic messages. |
656507 | FortiAnalyzer may lose sorting when clicking the header column in Log Browse. |
661094 |
In Log View, importing log may fail. |
674027 |
Filtering FortiClient event logs with wildcard "UID" filter returns no data. |
717160 |
FortiAnalyzer may show duplicated entries when filtering real-time logs in Log View. |
726340 |
oftpd may not work properly if many log requests are received at the same time. |
735065 |
FortiAnalyzer may not handle many re-connection requests causing FortiGate devices log system event on disconnecting or connecting. |
740046 |
ADOM archive should not be higher than the configured value. |
745724 |
Bandwidth data from SD-WAN event logs may not be inserted. |
746596 |
FortiAnalyzer may be showing two VDOMs, root and default, in Log Browse for FortiClient devices. |
750515 |
FortiAnalyzer may stop receiving logs every day until it has been rebooted. |
752407 |
FortiAnalyzer Log View filter vanishes after displayed log details and returns to the log page with filter. |
755515 |
ForiGate may show, "Failed to get FAZ's status. Authentication Failed. (-19)", when the device has been authorized and sending logs to FortiAnalyzer. |
755988 |
FortiAnalyzer should support more than 128 characters with the "from" and "to" log fields for FortiMail's History logs. |
759107 |
FortiAnalyzer may gradually stop to receiving logs due to leaks in receiving buffers. |
760597 |
FortiAnalyzer shows improper subject field values for FortiMail logs and in log details when the log has Cyrillic symbols. |
777233 |
FortiAnalyzer stops receiving logs randomly and CPU utilization by OFTPD spikes to 100%. |
781113 |
The custom view should list all the used filters. |
Others
Bug ID |
Description |
---|---|
660310 | Drilldown compromised host from FortiGate may not work. |
676446 |
FortiAnalyzer should change login-max and docker-user-login-max range from 1-32 to 1-256. |
687180 |
When using the operator ">=" for "Greater than or Equal to" in FortiAnalyzer CLI, it does not accept the syntax and throws an error. |
698361 |
SNMPv3 engineBoots may not properly be initialized. |
701753 |
SIEM database should be trimmed at the same time when quota enforcement occurs. |
712159 |
When FortiAnalyzer is changed to Collector mode, siemdb should automatically stop working. |
714991 |
The login interface may crash if user inputs pre-login banner text in encoding other than UTF-8. |
716576 |
User with read-only permissions cannot get the list of ADOMs via JSON request. |
723113 |
High CPU usage has been observed after firmware upgrade (v5.6.8 to v6.4.5). |
726012 |
FortiAnalyzer requires a FortiGuard Indicators of Compromised license in order to see compromised hosts. |
730214 |
The "diag dvm support list" does not have FrotiWeb v6.4.0 GA and FortiMail v7.0.0 GA. |
730554 |
FortiAnalyzer HA may use high memory usage. |
744293 |
Several extra ports are opened when scanning FortiAnalyzer HA cluster's virtual IP. |
744918 |
Fortilogd may not write logs for FortiGate-401E-DC. |
745025 |
HMAC given in log-checksum md5-auth option does not match. |
746022 |
There may be multiple siemdbd crashes on "redisAppendCommand". |
752817 |
Log disk usage may frequently reach 99% due to calculation on the siemdb size. |
755843 |
There may no a lot of errors showing "could not read block 0 in file" in pgsvr.log. |
756659 |
When rebuilding database on the FortiAnalyzer HA's secondary unit, it may stuck at 1%. |
756846 |
Under Microsoft Azure, FortiAnalyzer HA's secondary IP does not move to new primary after HA failover. |
758028 |
FortiAnalyzer may frequently send 'csf-check' requests causing miglogd consuming 99% of the CPU resources. |
758237 |
The sqllogd may take a long time to startup. |
761200 |
Several old files on "/drive0/private" did not clean automatically. |
765146 |
Disk I/O is at 100% with no log insertion due to a device is wrongly recognized as a cell phone with multiple IP addresses. |
784028 |
Due to the FortiClient's log upload, several OFTP long idle sessions have been observed. |
Reports
Bug ID | Description |
---|---|
683353 | After exported report template from FortiAnalyzer 6.2 and imported the template to a later version, FortiAnalyzer may show an error, "Invalid Device or Vdom". |
725119 |
Running the default report User Detailed Browsing Log finishes successfully without displaying any data. |
737878 |
GUI's scrollbar shows up partially on Output Profile configuration. |
756363 |
Template Secure SD-WAN Report may not show a graphic that includes both the SLA Name Object and WAN Interface fields. |
779952 |
Cyber Threat Assessment should show IPS attack count 0 when there are no IPS logs. |
794020 |
Unable delete an incident if the attached report was deleted from Shell. |
System Settings
Bug ID | Description |
---|---|
669402 | FortiAnalyzer may not time out admin a session after many hours. |
682026 | When creating a log forwarding entry, user should be able to select a FortiADC device from GUI. |
693584 |
Syslog server can only send via UDP, and not TCP with TLS option configured. |
710986 |
An existing log forwarding entry is gone after its status changed from On to Off. |
721627 |
FortiAnalyzer HA cluster always uses VIP for log forwarding to server instead of another interface. |
722250 |
When Device Manager's permission is set at Read-Write and System Settings' permission is set at Read-Only, SAML login user cannot create new or edit ADOM. |
730296 |
RADIUS authentication using mschap2 may not work. |
748184 |
FortiAnalyzer may show ADOM that stores logs that exceeds FortiAnalyzer log storage criteria. |
759809 |
FortiAnalyzer should have time zone information for local logs. |
765818 |
The forwarded CEF start time is different than the original timestamp of the log. |
768789 |
Swap file size is restricted and can not be increased when storage is less than 1TB. |
769813 |
Several FortiAnalyzer service and daemons crashed due to the swap file size restriction. |
773055 |
Archive percentage should not exceed more than 100% of the disk space allocated. |
774553 |
FortiAnalyzer's GUI Login "Force to change password upon next log on" feature does not work. |
Common Vulnerabilities and Exposures
Visit https://fortiguard.com/psirt for more information.
Bug ID | CVE references |
---|---|
770573 |
FortiAnalyzer 6.4.8 is no longer vulnerable to the following CVE-Reference:
|