Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Release Notes

    Home FortiAnalyzer 6.2.7 Release Notes
    6.2.7
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.9
    5.2.7
    5.2.6
    5.2.5
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.13
    5.0.12
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2
    5.0.1
    4.3.8

    Special Notices

    Special Notices

    This section highlights some of the operational changes that administrators should be aware of in FortiAnalyzer version 6.2.7.

    Newly deployed, factory reset, or disk format may trigger upgrade code on subsequent reboot

    For a newly deployed VM instance or appliance, a disk format or a factory reset on a FortiAnalyzer unit running version 6.2.3 may trigger the upgrade code upon rebooting the system, which in turn may update the database configuration, although no upgrades are required. This issue does not affect FortiAnalyzer units upgraded from versions prior to 6.2.3.

    Workaround: Immediately after deploying a new FortiAnalyzer with version 6.2.3, reboot the system before administering any configuration.

    Maximum ADOM limits for FortiAnalyzer

    FortiAnalyzer hardware devices and VMs display a warning when the recommended maximum number of ADOMs is reached or exceeded. The platform does not enforce the limit; however, adding more ADOMs may affect the performance of the unit. For more details, see Appendix A - Recommended maximum number of ADOMs supported.

    Port 8443 reserved

    Port 8443 is reserved for https-logging from FortiClient EMS for Chromebooks.

    All OFTP connections must be encrypted for FortiAnalyzer 6.2.0 (or higher)

    Prior to upgrading to FortiAnalyzer 6.2, make sure that all FortiGate devices are configured to use encryption when communicating with FortiAnalyzer. Starting with FortiAnalyzer 6.2.0, all OFTP communications must be encrypted.

    Hyper-V FortiAnalyzer-VM running on an AMD CPU

    A Hyper-V FAZ-VM running on a PC with an AMD CPU may experience a kernel panic. Fortinet recommends running VMs on an Intel-based PC.

    SSLv3 on FortiAnalyzer-VM64-AWS

    Due to known vulnerabilities in the SSLv3 protocol, FortiAnalyzer-VM64-AWS only enables TLSv1 by default. All other models enable both TLSv1 and SSLv3. If you wish to disable SSLv3 support, please run:

    config system global

    set ssl-protocol t1sv1

    end

    Pre-processing logic of ebtime

    Logs with the following conditions met are considered usable for the calculation of estimated browsing time:

    Traffic logs with logid of 13 or 2, when logid == 13, hostname must not be empty. The service field should be either HTTP, 80/TCP or 443/TCP.

    If all above conditions are met, then devid, vdom, and user (srcip if user is empty) are combined as a key to identify a user. For time estimation, the current value of duration is calculated against history session start and end time, only un-overlapped part are used as the ebtime of the current log.

    Previous
    Next

    Special Notices

    Special Notices

    This section highlights some of the operational changes that administrators should be aware of in FortiAnalyzer version 6.2.7.

    Newly deployed, factory reset, or disk format may trigger upgrade code on subsequent reboot

    For a newly deployed VM instance or appliance, a disk format or a factory reset on a FortiAnalyzer unit running version 6.2.3 may trigger the upgrade code upon rebooting the system, which in turn may update the database configuration, although no upgrades are required. This issue does not affect FortiAnalyzer units upgraded from versions prior to 6.2.3.

    Workaround: Immediately after deploying a new FortiAnalyzer with version 6.2.3, reboot the system before administering any configuration.

    Maximum ADOM limits for FortiAnalyzer

    FortiAnalyzer hardware devices and VMs display a warning when the recommended maximum number of ADOMs is reached or exceeded. The platform does not enforce the limit; however, adding more ADOMs may affect the performance of the unit. For more details, see Appendix A - Recommended maximum number of ADOMs supported.

    Port 8443 reserved

    Port 8443 is reserved for https-logging from FortiClient EMS for Chromebooks.

    All OFTP connections must be encrypted for FortiAnalyzer 6.2.0 (or higher)

    Prior to upgrading to FortiAnalyzer 6.2, make sure that all FortiGate devices are configured to use encryption when communicating with FortiAnalyzer. Starting with FortiAnalyzer 6.2.0, all OFTP communications must be encrypted.

    Hyper-V FortiAnalyzer-VM running on an AMD CPU

    A Hyper-V FAZ-VM running on a PC with an AMD CPU may experience a kernel panic. Fortinet recommends running VMs on an Intel-based PC.

    SSLv3 on FortiAnalyzer-VM64-AWS

    Due to known vulnerabilities in the SSLv3 protocol, FortiAnalyzer-VM64-AWS only enables TLSv1 by default. All other models enable both TLSv1 and SSLv3. If you wish to disable SSLv3 support, please run:

    config system global

    set ssl-protocol t1sv1

    end

    Pre-processing logic of ebtime

    Logs with the following conditions met are considered usable for the calculation of estimated browsing time:

    Traffic logs with logid of 13 or 2, when logid == 13, hostname must not be empty. The service field should be either HTTP, 80/TCP or 443/TCP.

    If all above conditions are met, then devid, vdom, and user (srcip if user is empty) are combined as a key to identify a user. For time estimation, the current value of duration is calculated against history session start and end time, only un-overlapped part are used as the ebtime of the current log.

    Previous
    Next