Fortinet black logo

Release Notes

Home FortiAnalyzer 7.2.2 Release Notes
7.2.2
7.4.2
7.4.1
7.4.0
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.3
6.2.2
6.2.1
6.2.0
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.11
5.6.10
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.4.7
5.4.6
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0
5.2.10
5.2.9
5.2.7
5.2.6
5.2.5
5.2.4
5.2.3
5.2.2
5.2.1
5.2.0
5.0.13
5.0.12
5.0.11
5.0.10
5.0.9
5.0.8
5.0.7
5.0.6
5.0.5
5.0.4
5.0.3
5.0.2
5.0.1
4.3.8

Resolved Issues

Resolved Issues

The following issues have been fixed in FortiAnalyzer version 7.2.2. To inquire about a particular bug, please contact Customer Service & Support.

Device Manager

Bug ID Description
798197 Under the Device Manager, FortiAnalyzer does not show the color of the logging devices properly (red or green).

814008

Sort function for logs and average log rate (logs/sec) does not work in Device Manager.
819664 Under Device Manager, Average Log Rate is displayed zero for FortiGates HA Cluster.

824296

FortiAnalyzer does not show the "root VDOM" under its Device Manager.
827276 FortiAnalyzer does not let all VDOMs to be added to the Device Manager if FortiGates has more than 10 VDOMs.

833448

The device SYSLOG-00000000 appears repeatedly even after being removed from the unregistered devices.
835653 The FortiGate's IP address and firmware version are not updated when FortiGates are added manually to a non-root ADOM.
837310 FortiAnalyzer does not show the correct IP addresses and firmware versions for its registered FortiGates.

838727

Log Status of the Devices are displayed red when the Primary has a zero lograte.

846904

Under the Device Manager, the Average Log Rates are not displayed.

Event Management

Bug ID Description
825422 FortiAnalyzer Event Handler does not trigger any alerts when Log Field has been set to Virtual Domain (vd).

FortiSOC

Bug ID Description
757650 Wrong device name (devname) is filled in event email notification.

775589

FortiAnalyzer does not provide any details on status of Fabric Connectors.
833991 FortiOS connector does not display health status of the Security Fabric members.
848284 Despite having relevant event logs, created playbook does not get triggered.
849070 Playbook runs successfully on the FortiAnalyzer, but there is not any stitches triggered on the FortiGate.

FortiView

Bug ID Description
727056 SD-WAN Monitor may show incorrect bandwidth.

744791

"Failed Authentication Attempts" logs under the System tab of FortiView are blanks.
798347 The Filter in FortiView does not properly work for Compromised Hosts.
798471 Top SD-WAN Device Throughput widget is displaying wrong numbers.
818077 Top application axis labels are not displayed correctly in Monitor section.

841717

The Data displayed on FortiView is inconsistent with the exported "Top Website Domains" PDF report.

856094

Browsing time displayed "0s" for 'streaming media and download' category in the 'Top Website Categories' under the FortiView's 'Applications & Websites' tab.

Log View

Bug ID Description
696451 Detected files by Content Disarm and Reconstruction (CDR) cannot be stored/quarantined to FortiAnalyzer despite quarantine destination set to FortiAnalyzer.
797985 After downloading the IPS logs, the "cve field" is missing.
816490 In Log Browse, for HA devices, only primary device's log files are displayed .
836777 When admin profile is set as "Read-Only", Add Filter under the LogView/FortiView displays no fields.
837554 The Fabric log contains "::ffff:" prefix in front of the value of any IPv4 related fields.
839350 Devices' entries under the Log Group of the Log View are not displayed.

855783

FortiAnalyzer event log file cannot be downloaded in CSV format.

858682

The data icon under the Log View for ADOM FortiMail/FortiWeb do not properly display the log details.

Others

Bug ID Description
779943 High memory usage has been observed when creating dataset or running reports on FortiAnalyzer.
809133 Several process crashes (logfwd/filefwd/clusterd), which have been observed when loading the devices from Device Manager, made FortiAnalyzer unable to show any logs.
818118 Logs between HA members are not synched.
822619 Missing values when retrieving logstats using the JSON API requests.
825927 FortiAnalyzer does not provide access to all available tiles under the FortiAuthenticator ADOM.
827787 The CPU and Disk I/O usage of the FortiAnalyzer appear to be constantly high.
829869 When FortiAnalyzer is working on Collector Mode, system storage size increases over time; hence, FortiAnalyzer might stop receiving new logs.
837657 Creating ADOMs using JSON API, default ADOM configs like report, datasets, charts, etc. are not created.
838031 FortiAnalyzer GUI does not display the "Rebuilding ADOM DB" in progress anymore.

838182

Logs are not being inserted into the secondary FortiAnalyzer.

839191

The HA config-sync status issue creates the sync failure frequently.
839910 The diagnose test application oftpd command does not display any outputs for some FortiGate devices registered on FortiAnalyzer.
841622 FortiAnalyzer does not download the IOC DB updates when FortiManager acts as the local FortiGuard Server.

845871

FortiAnalyzer stopped accepting logs and status of the devices turned into red.

846315

FortiAnalyzer does not display ADOM FortiNAC.

860113

The primary FortiAnalyzer can show the logs in Log View. The synchronization between primary and secondary fails and the secondary doesn't show the last logs.

Reports

Bug ID Description
704187 "Bandwidth and Application" Report's data does not match with the Top Application data on FortiView.
722233 The generated report does not display data but its dataset query contains data.
764194 Playbooks run_report fails with "missing device(s)" if "Playbook Starter" as devices filter is selected.
768843 FortiAnalyzer does not support importing outbreak alert reports to ADOM type FortiGate.

771072

Secure SD-WAN CSV report does not show device names for charts.
788801 "Throughput utilization billing report" does not display the complete data for the "yesterday" time-period.
835422 FortiAnalyzer does not display any data on its report when group filter and LDAP query is being used.
837395 "Show Top" & "Drilldown Top" preview features under the "Edit Chart" do not display the chart based on the selected values.

841750

The report does not display any data for its tables.
844563 Hodex Time shown on table chart does not match with the configured time period for the previous XX days in report.
844975 The command "execute remove reports" does not remove the reports.
848573 When specifying FortiWiFi as devices, "SD-WAN Device Link Bandwidth" and "SD-WAN Device Rules Donut Bandwidth" charts do not display any data.

876136

When running reports for all devices "Unknown SN" on the detailed device list can be observed.

System Settings

Bug ID Description
478401 FortiAnalyzer shows an unnecessary warning message "Analytic is using 0% of allocated disk space", which can be very confusing.

630654

Imported logs may not sync to slave.
752111 Traffic, Security, and Event logs section under the Log View tab are missing for Primary HA.
759601 FortiAnalyzer using Azure AD SAML SSO may show "invalid_logout_response_error" after logout.

782431

SNMPv3 stopped working after upgrading.
803074 The sorting feature does not work correctly for storage info columns under the System Settings.
817558 Log Forwarding/Device filter window does not allow users to save/cancel the changes.
829015 "Privacy Masking" feature does not work properly for admins whose admin type utilizes "Remote Authentication Server".
832973 Analytics and Archive details are missing from "Edit Log Storage Policy".
837203 Unable to fetch logs between FortiAnalyzer devices due to Invalid cross-device link error.
842943 After upgrading FortiAnalyzer, "fortinet-ca2" is missing under the CA Certificates; this prevents devices to establish connections to FortiAnalyzer.

849824

Under the Event's System logs, adding Filter "Fortiguard web filter services are NOT reachable" does not display any logs.

853855

The log forwarding filter does not seem to work properly as expected on FortiAnalyzer.

Common Vulnerabilities and Exposures

Visit https://fortiguard.com/psirt for more information.

Bug ID CVE references

839861

FortiAnalyzer 7.2.2 is no longer vulnerable to the following CVE Reference:

  • CVE-2023-23776

862266

FortiAnalyzer 7.2.2 is no longer vulnerable to the following CVE Reference:

  • CVE-2023-25606

866168

FortiAnalyzer 7.2.2 is no longer vulnerable to the following CVE Reference:

  • CVE-2023-25609

868880

FortiAnalyzer 7.2.2 is no longer vulnerable to the following CVE Reference:

  • CVE-2023-25611

872712

FortiAnalyzer 7.2.2 is no longer vulnerable to the following CVE Reference:

  • CVE-2023-22642
Previous
Next

Resolved Issues

The following issues have been fixed in FortiAnalyzer version 7.2.2. To inquire about a particular bug, please contact Customer Service & Support.

Device Manager

Bug ID Description
798197 Under the Device Manager, FortiAnalyzer does not show the color of the logging devices properly (red or green).

814008

Sort function for logs and average log rate (logs/sec) does not work in Device Manager.
819664 Under Device Manager, Average Log Rate is displayed zero for FortiGates HA Cluster.

824296

FortiAnalyzer does not show the "root VDOM" under its Device Manager.
827276 FortiAnalyzer does not let all VDOMs to be added to the Device Manager if FortiGates has more than 10 VDOMs.

833448

The device SYSLOG-00000000 appears repeatedly even after being removed from the unregistered devices.
835653 The FortiGate's IP address and firmware version are not updated when FortiGates are added manually to a non-root ADOM.
837310 FortiAnalyzer does not show the correct IP addresses and firmware versions for its registered FortiGates.

838727

Log Status of the Devices are displayed red when the Primary has a zero lograte.

846904

Under the Device Manager, the Average Log Rates are not displayed.

Event Management

Bug ID Description
825422 FortiAnalyzer Event Handler does not trigger any alerts when Log Field has been set to Virtual Domain (vd).

FortiSOC

Bug ID Description
757650 Wrong device name (devname) is filled in event email notification.

775589

FortiAnalyzer does not provide any details on status of Fabric Connectors.
833991 FortiOS connector does not display health status of the Security Fabric members.
848284 Despite having relevant event logs, created playbook does not get triggered.
849070 Playbook runs successfully on the FortiAnalyzer, but there is not any stitches triggered on the FortiGate.

FortiView

Bug ID Description
727056 SD-WAN Monitor may show incorrect bandwidth.

744791

"Failed Authentication Attempts" logs under the System tab of FortiView are blanks.
798347 The Filter in FortiView does not properly work for Compromised Hosts.
798471 Top SD-WAN Device Throughput widget is displaying wrong numbers.
818077 Top application axis labels are not displayed correctly in Monitor section.

841717

The Data displayed on FortiView is inconsistent with the exported "Top Website Domains" PDF report.

856094

Browsing time displayed "0s" for 'streaming media and download' category in the 'Top Website Categories' under the FortiView's 'Applications & Websites' tab.

Log View

Bug ID Description
696451 Detected files by Content Disarm and Reconstruction (CDR) cannot be stored/quarantined to FortiAnalyzer despite quarantine destination set to FortiAnalyzer.
797985 After downloading the IPS logs, the "cve field" is missing.
816490 In Log Browse, for HA devices, only primary device's log files are displayed .
836777 When admin profile is set as "Read-Only", Add Filter under the LogView/FortiView displays no fields.
837554 The Fabric log contains "::ffff:" prefix in front of the value of any IPv4 related fields.
839350 Devices' entries under the Log Group of the Log View are not displayed.

855783

FortiAnalyzer event log file cannot be downloaded in CSV format.

858682

The data icon under the Log View for ADOM FortiMail/FortiWeb do not properly display the log details.

Others

Bug ID Description
779943 High memory usage has been observed when creating dataset or running reports on FortiAnalyzer.
809133 Several process crashes (logfwd/filefwd/clusterd), which have been observed when loading the devices from Device Manager, made FortiAnalyzer unable to show any logs.
818118 Logs between HA members are not synched.
822619 Missing values when retrieving logstats using the JSON API requests.
825927 FortiAnalyzer does not provide access to all available tiles under the FortiAuthenticator ADOM.
827787 The CPU and Disk I/O usage of the FortiAnalyzer appear to be constantly high.
829869 When FortiAnalyzer is working on Collector Mode, system storage size increases over time; hence, FortiAnalyzer might stop receiving new logs.
837657 Creating ADOMs using JSON API, default ADOM configs like report, datasets, charts, etc. are not created.
838031 FortiAnalyzer GUI does not display the "Rebuilding ADOM DB" in progress anymore.

838182

Logs are not being inserted into the secondary FortiAnalyzer.

839191

The HA config-sync status issue creates the sync failure frequently.
839910 The diagnose test application oftpd command does not display any outputs for some FortiGate devices registered on FortiAnalyzer.
841622 FortiAnalyzer does not download the IOC DB updates when FortiManager acts as the local FortiGuard Server.

845871

FortiAnalyzer stopped accepting logs and status of the devices turned into red.

846315

FortiAnalyzer does not display ADOM FortiNAC.

860113

The primary FortiAnalyzer can show the logs in Log View. The synchronization between primary and secondary fails and the secondary doesn't show the last logs.

Reports

Bug ID Description
704187 "Bandwidth and Application" Report's data does not match with the Top Application data on FortiView.
722233 The generated report does not display data but its dataset query contains data.
764194 Playbooks run_report fails with "missing device(s)" if "Playbook Starter" as devices filter is selected.
768843 FortiAnalyzer does not support importing outbreak alert reports to ADOM type FortiGate.

771072

Secure SD-WAN CSV report does not show device names for charts.
788801 "Throughput utilization billing report" does not display the complete data for the "yesterday" time-period.
835422 FortiAnalyzer does not display any data on its report when group filter and LDAP query is being used.
837395 "Show Top" & "Drilldown Top" preview features under the "Edit Chart" do not display the chart based on the selected values.

841750

The report does not display any data for its tables.
844563 Hodex Time shown on table chart does not match with the configured time period for the previous XX days in report.
844975 The command "execute remove reports" does not remove the reports.
848573 When specifying FortiWiFi as devices, "SD-WAN Device Link Bandwidth" and "SD-WAN Device Rules Donut Bandwidth" charts do not display any data.

876136

When running reports for all devices "Unknown SN" on the detailed device list can be observed.

System Settings

Bug ID Description
478401 FortiAnalyzer shows an unnecessary warning message "Analytic is using 0% of allocated disk space", which can be very confusing.

630654

Imported logs may not sync to slave.
752111 Traffic, Security, and Event logs section under the Log View tab are missing for Primary HA.
759601 FortiAnalyzer using Azure AD SAML SSO may show "invalid_logout_response_error" after logout.

782431

SNMPv3 stopped working after upgrading.
803074 The sorting feature does not work correctly for storage info columns under the System Settings.
817558 Log Forwarding/Device filter window does not allow users to save/cancel the changes.
829015 "Privacy Masking" feature does not work properly for admins whose admin type utilizes "Remote Authentication Server".
832973 Analytics and Archive details are missing from "Edit Log Storage Policy".
837203 Unable to fetch logs between FortiAnalyzer devices due to Invalid cross-device link error.
842943 After upgrading FortiAnalyzer, "fortinet-ca2" is missing under the CA Certificates; this prevents devices to establish connections to FortiAnalyzer.

849824

Under the Event's System logs, adding Filter "Fortiguard web filter services are NOT reachable" does not display any logs.

853855

The log forwarding filter does not seem to work properly as expected on FortiAnalyzer.

Common Vulnerabilities and Exposures

Visit https://fortiguard.com/psirt for more information.

Bug ID CVE references

839861

FortiAnalyzer 7.2.2 is no longer vulnerable to the following CVE Reference:

  • CVE-2023-23776

862266

FortiAnalyzer 7.2.2 is no longer vulnerable to the following CVE Reference:

  • CVE-2023-25606

866168

FortiAnalyzer 7.2.2 is no longer vulnerable to the following CVE Reference:

  • CVE-2023-25609

868880

FortiAnalyzer 7.2.2 is no longer vulnerable to the following CVE Reference:

  • CVE-2023-25611

872712

FortiAnalyzer 7.2.2 is no longer vulnerable to the following CVE Reference:

  • CVE-2023-22642
Previous
Next