Fortinet black logo

Release Notes

Home FortiAnalyzer 6.4.0 Release Notes

Resolved Issues

6.4.0
7.4.2
7.4.1
7.4.0
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.3
6.2.2
6.2.1
6.2.0
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.11
5.6.10
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.4.7
5.4.6
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0
5.2.10
5.2.9
5.2.7
5.2.6
5.2.5
5.2.4
5.2.3
5.2.2
5.2.1
5.2.0
5.0.13
5.0.12
5.0.11
5.0.10
5.0.9
5.0.8
5.0.7
5.0.6
5.0.5
5.0.4
5.0.3
5.0.2
5.0.1
4.3.8
Copy Link
Copy Doc ID 25728568-6f77-11ea-9384-00505692583a:291684
Download PDF

Resolved Issues

The following issues have been fixed in FortiAnalyzer version 6.4.0. For inquires about a particular bug, please contact Customer Service & Support.

Device Manager

Bug ID

Description
296528 Sorting with Device Manager's Log Status column may not work properly.
496394 Users may not be able to delete a VDOM from the GUI or API.
536856 Device IP address under Device Manager may get randomly auto-updated.

545264

FortiAnalyzer may not show Device Lists.
589646 FortiAnalyzer should be able to add FortiProxy device with firmware version 1.2.

596832

FortiGate Cluster is removed from log forwarding on failover when FortiAnalyzer is managed by a FortiManager.

Event Management

Build ID

Description
537678 FortiAnalyzer should support Event Handler group-by options for non FortiGate device types.
560818 Email filter event with group by subject may show unreadable characters due to some non-ASCII strings.
563514 Build 1050: Event handler does not work properly for FortiSandbox.
590383 Event handler does not accept Email with "+" sign in the address.

FortiView

Bug ID

Description
535682 FortiView Compromised Host Last Detected time is displayed as GMT time instead of local time.
562834 On FortiView > Top Sources, FortiAnalyzer displays incorrect data when trying to filter logs with Source and User.
574836 FortiAnalyzer may not be able to show the Compromised Hosts.
577941 Compromised host should be removed from the list after being acknowledged.
593374 Exported PDF should take into consideration on how data is sorted.
594107 The time shown in Last Detected is only in 12 hour format and it does not include AM or PM.

602387

FortiAnalyzer may use high CPU resources when viewing logs from FortiGate.

611019

Filter is not working when the user drills down from "Top Threats".

Log View

Build ID

Description

542933

FortiView does not search logs for the time entered in custom time.

550523

Downloading logs from Log View randomly fails.
573281 Unregistered syslog device appears with FortiMail's IP after adding a FortiMail device.

586929

FortiAnalyzer may not insert logs when the IP changes often for endpoints due to DHCP.
589840 When source column is not selected, the log view cannot display log details.

591077

FortiAnalyzer may not be able to quickly insert logs when IP changes often for endpoints due to DHCP.

592340

FortiAnalyzer may have performance issue to display system logs in Log View.
592808 When FortiAnalyzer tries to display Traffic Log details, the details pane is completely empty.
596229 Log Filter should allow the user to choose and filter "DNS" log type when Log Forwarding is enabled.
597192 Downloading logs may take longer than log search.

608652

Event alert logs cannot be inserted into database successfully on HA master unit.

Others

Build

Description
508597 FortiAnalyzer with no devices may occupy high CPU resources by sqllogd.
529711 FortiAnalyzer may connect to map server and GeoIP server directly even when web-proxy is enabled.
544516 FortiAnalyzer with Hyper-V live migration does not display the GUI.

551198

The command, execute restore reports-config, may not run correctly.
560746 The default value for "hcache-max-fv-row" should be set based on available memory.
562540 FortiAnalyzer's diagnostic report should also include IO statistics.

569707

Device may hang and lost of accessibility including console.
578038 After upgrade, FortiAnalyzer is slow when searching for information.
588074 FortiAnalyzer may stop receiving logs and event logs, and continuously display oftpd re-initialization.
590368 FortiAnalyzer may stop receiving logs after oftpd crashed.
590503 The new CLI process may crash due to commands "execute tac report" and "diagnose dvm check-integrity".

590630

Backing up all ADOM logs via FTP may stop with no error printed.

591594

snmpd may frequently crash.
592593 FortiAnalyzer may update ADOM disk allocation or create ADOM without any checks when request is made via JSON API.
596192 FortiAnalyzer may return incorrect value for SNMP MIB sysObjectID.
596252 The clustered daemon may consume high CPU resources.
597093 Mib file for FortiAnalyzer should not contain duplicated object ID.
601093 After upgrade, FortiManager may not receive logs from one FortiGate cluster that is running FortiOS 6.0.

Reports

Build ID

Description
380371 FortiAnalyzer improved report accuracy on high end models.
552414 Read-write permissions are required to view and download reports through API calls.
557388 There are discrepancies in Bandwidth and Applications Report for predefined datasets with the same report time period.
581769 After rebuilding the SQL database, users may now be able to run reports with all available data.

588590

FortiAnalyzer should print a detailed message when importing report fails.
589496 FortiAnalyzer may generate different results when running a report with the same time period, either with a custom time-period or selecting a specific time period from the dropdown list.

608819

A report cache cannot be used on scheduled report when running on specific device.

System Settings

Build ID

Description
516044 FortiAnalyzer GUI should keep the same behavior as CLI when the user disables the log forwarding setting.

559592

Rebuilding SQL takes a very long time after adding a second slave to a cluster.
571412 Logging topology is misleading when collector mode FortiAnalyzer is deployed.
574987 ADOM quota retention removes more log data than the applied retention policy.
577814 FortiAnalyzer does not generate accurate local event logs when the ADOM retention policy is enforced.
587702 Restricted user with Specify ADOM permission cannot access Device Manager.
590109 Some time zones are formatted incorrectly when forwarding as syslog.
593588 GUI should not allow creating a Local Certificate with Certificate Name containing more than 35 characters.
594693 FortiAnalyzer may show many messages on Alert Console: "re-obtained table size for FGTADOM1391-Elog-1553532000 size=8192".
600639 FortiAnalyzer may not be able to move a VDOM with long name from the Root ADOM to another ADOM.
603346 FortiAnalyzer should not allow user to set to 0 day for data retention policy.

612328

When there are overlapping trust hosts, the incorrect IP and subnet might be used in the IP table.

Common Vulnerabilities and Exposures

Visit https://fortiguard.com/psirt for more information.

Bug ID CVE references

511903

FortiAnalyzer 6.4.0 is no longer vulnerable to the following CVE-Reference:

  • CVE-2004-0230

597311

FortiAnalyzer 6.4.0 is no longer vulnerable to the following CVE-Reference:

  • CVE-2004-1653

606144

FortiAnalyzer 6.4.0 is no longer vulnerable to the following CVE-Reference:

  • CVE-2019-9193

603255

FortiAnalyzer6.4.0 is no longer vulnerable to the following CVE-Reference:

  • CVE-2020-12811
Previous
Next

Resolved Issues

The following issues have been fixed in FortiAnalyzer version 6.4.0. For inquires about a particular bug, please contact Customer Service & Support.

Device Manager

Bug ID

Description
296528 Sorting with Device Manager's Log Status column may not work properly.
496394 Users may not be able to delete a VDOM from the GUI or API.
536856 Device IP address under Device Manager may get randomly auto-updated.

545264

FortiAnalyzer may not show Device Lists.
589646 FortiAnalyzer should be able to add FortiProxy device with firmware version 1.2.

596832

FortiGate Cluster is removed from log forwarding on failover when FortiAnalyzer is managed by a FortiManager.

Event Management

Build ID

Description
537678 FortiAnalyzer should support Event Handler group-by options for non FortiGate device types.
560818 Email filter event with group by subject may show unreadable characters due to some non-ASCII strings.
563514 Build 1050: Event handler does not work properly for FortiSandbox.
590383 Event handler does not accept Email with "+" sign in the address.

FortiView

Bug ID

Description
535682 FortiView Compromised Host Last Detected time is displayed as GMT time instead of local time.
562834 On FortiView > Top Sources, FortiAnalyzer displays incorrect data when trying to filter logs with Source and User.
574836 FortiAnalyzer may not be able to show the Compromised Hosts.
577941 Compromised host should be removed from the list after being acknowledged.
593374 Exported PDF should take into consideration on how data is sorted.
594107 The time shown in Last Detected is only in 12 hour format and it does not include AM or PM.

602387

FortiAnalyzer may use high CPU resources when viewing logs from FortiGate.

611019

Filter is not working when the user drills down from "Top Threats".

Log View

Build ID

Description

542933

FortiView does not search logs for the time entered in custom time.

550523

Downloading logs from Log View randomly fails.
573281 Unregistered syslog device appears with FortiMail's IP after adding a FortiMail device.

586929

FortiAnalyzer may not insert logs when the IP changes often for endpoints due to DHCP.
589840 When source column is not selected, the log view cannot display log details.

591077

FortiAnalyzer may not be able to quickly insert logs when IP changes often for endpoints due to DHCP.

592340

FortiAnalyzer may have performance issue to display system logs in Log View.
592808 When FortiAnalyzer tries to display Traffic Log details, the details pane is completely empty.
596229 Log Filter should allow the user to choose and filter "DNS" log type when Log Forwarding is enabled.
597192 Downloading logs may take longer than log search.

608652

Event alert logs cannot be inserted into database successfully on HA master unit.

Others

Build

Description
508597 FortiAnalyzer with no devices may occupy high CPU resources by sqllogd.
529711 FortiAnalyzer may connect to map server and GeoIP server directly even when web-proxy is enabled.
544516 FortiAnalyzer with Hyper-V live migration does not display the GUI.

551198

The command, execute restore reports-config, may not run correctly.
560746 The default value for "hcache-max-fv-row" should be set based on available memory.
562540 FortiAnalyzer's diagnostic report should also include IO statistics.

569707

Device may hang and lost of accessibility including console.
578038 After upgrade, FortiAnalyzer is slow when searching for information.
588074 FortiAnalyzer may stop receiving logs and event logs, and continuously display oftpd re-initialization.
590368 FortiAnalyzer may stop receiving logs after oftpd crashed.
590503 The new CLI process may crash due to commands "execute tac report" and "diagnose dvm check-integrity".

590630

Backing up all ADOM logs via FTP may stop with no error printed.

591594

snmpd may frequently crash.
592593 FortiAnalyzer may update ADOM disk allocation or create ADOM without any checks when request is made via JSON API.
596192 FortiAnalyzer may return incorrect value for SNMP MIB sysObjectID.
596252 The clustered daemon may consume high CPU resources.
597093 Mib file for FortiAnalyzer should not contain duplicated object ID.
601093 After upgrade, FortiManager may not receive logs from one FortiGate cluster that is running FortiOS 6.0.

Reports

Build ID

Description
380371 FortiAnalyzer improved report accuracy on high end models.
552414 Read-write permissions are required to view and download reports through API calls.
557388 There are discrepancies in Bandwidth and Applications Report for predefined datasets with the same report time period.
581769 After rebuilding the SQL database, users may now be able to run reports with all available data.

588590

FortiAnalyzer should print a detailed message when importing report fails.
589496 FortiAnalyzer may generate different results when running a report with the same time period, either with a custom time-period or selecting a specific time period from the dropdown list.

608819

A report cache cannot be used on scheduled report when running on specific device.

System Settings

Build ID

Description
516044 FortiAnalyzer GUI should keep the same behavior as CLI when the user disables the log forwarding setting.

559592

Rebuilding SQL takes a very long time after adding a second slave to a cluster.
571412 Logging topology is misleading when collector mode FortiAnalyzer is deployed.
574987 ADOM quota retention removes more log data than the applied retention policy.
577814 FortiAnalyzer does not generate accurate local event logs when the ADOM retention policy is enforced.
587702 Restricted user with Specify ADOM permission cannot access Device Manager.
590109 Some time zones are formatted incorrectly when forwarding as syslog.
593588 GUI should not allow creating a Local Certificate with Certificate Name containing more than 35 characters.
594693 FortiAnalyzer may show many messages on Alert Console: "re-obtained table size for FGTADOM1391-Elog-1553532000 size=8192".
600639 FortiAnalyzer may not be able to move a VDOM with long name from the Root ADOM to another ADOM.
603346 FortiAnalyzer should not allow user to set to 0 day for data retention policy.

612328

When there are overlapping trust hosts, the incorrect IP and subnet might be used in the IP table.

Common Vulnerabilities and Exposures

Visit https://fortiguard.com/psirt for more information.

Bug ID CVE references

511903

FortiAnalyzer 6.4.0 is no longer vulnerable to the following CVE-Reference:

  • CVE-2004-0230

597311

FortiAnalyzer 6.4.0 is no longer vulnerable to the following CVE-Reference:

  • CVE-2004-1653

606144

FortiAnalyzer 6.4.0 is no longer vulnerable to the following CVE-Reference:

  • CVE-2019-9193

603255

FortiAnalyzer6.4.0 is no longer vulnerable to the following CVE-Reference:

  • CVE-2020-12811
Previous
Next