Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Resolved Issues

The following issues have been fixed in FortiAnalyzer version 6.4.6. For inquires about a particular bug, please contact Customer Service & Support.

Device Manager

Bug ID Description
521774 Add and delete function for unregistered devices are greyed out even when the root ADOM is locked.
523721 FortiAnalyzer should support FortiADC device type.
613115 Device Manager view may show red icons for VDOMs even when the log is received.
622649 When a FortiGate HA device is deleted, their log files are not deleted.
676662 Collector may not be showing the same FortiGate device version as analyzer.
681419 Notification icon may still be present for hidden unauthorized devices.

Event Management

Bug ID

Description

504426 Event list shall auto refreshed after events are acknowledged and Show Acknowledged is disabled.

FortiSOC

Bug ID

Description

685426 FortiAnalyzer should be able to see the incident that corresponds to events under the incidents analysis page.

FortiView

Bug ID

Description

633960 Filter is empty in request when drill-down Top Applications(FortiClient) view to Log View.
682485 Policy hit count may be shown as zero while there is traffic.
682657 FortiView may not refresh correctly after switching between ADOMs.
683580 The Not operation may not work for advanced filter.
684131 Top Sources response may be slow when filter by policy ID.
684193 Secure SD-WAN Monitor should not send request when device list fails to load.
685452 The NOT filer filter may not work properly.
688141 FortiAnalyzer should be able to apply multiple negative filters from the same type.
690895 FortiView > Monitors > Secure SD-WAN Monitor > SD-WAN Rules Utilization widget may show No Data for some FortiGates.
692464 While retrieving IPS error log details, FortiAnalyzer may prompt XSS error.
692852 After upgrade, the Secure SD-WAN Monitor may have issues and show No Data for Performance, Jitter, Latency, or Packet loss widget.
702268 When accessing from FortiGate, loading the FortiView page may be very slow when the source is set as FortiAnalyzer.
708006 Monitors Endpoints does not show all FortiClient endpoints as in logs.
711810 SSL Dialup IPSec connection count may not match the connection list.
713083 FortiAnalyzer may show a No Data message for the Worldwide Threat Prevalence chart.

Log View

Bug ID Description
600083 Endpoint Identification should always show the same user tied to the same session.
604850 The remote IP for SSL-VPN is showing as IPsec Remote IP.
652076 Log view may take a while to load with Custom Time Period.
660792 FortiAnalyzer-1000E may take a long time to download a filtered log view file.
686258 FortiAnalyzer may return No entry found when the Log View filter has many devices selected.
686924 Downloading CSV file contains tunnel-up and tunnel-down VPN logs from other devices that belong to different ADOMs.
690922 The event logs filter should display logs only from its own VDOM.
694307 When increasing in memory usage, FortiAnalyzer may stop receiving logs via OFTP from FortiGate devices.
704410 FortiAnalyzer may stop handling logs and the oftpd process becomes non-responsive.
711711 Log filter may show unfiltered values.

Others

Bug ID Description
656370 FortiAnalyzer SCP backup cannot be stopped.
671711 SQL database rebuild may not start and return ERROR: sqlplugind(690):receiver.c:96: socket 70 poll() failed.
677494

FortiAnalyzer may return SQL query error when creating temporary table blklst during ioc-rescan.

Workaround: Please set ioc-rescan days to less than database compression days.

679268 FortiAnalyzer is not able to backup via SFTP on a custom port.
681884 HA synchronization may stall at random percentage.
682997 FortiAnalyzer may show fmgd crash during boot up after upgrade.
686491 Postgres may keep causing OoM with segmentation faults on multiple processes.
690271 The sqllogd daemon may crash.
693161 When frequently accessing different pages, FortiAnalyzer's GUI may become sluggish and pages may not transition.
696211 Secondary FortiAnalyzer accepts FTP connections after disabling FortiRecorder.
697654 FortiAnalyzer may return duplicated data within log view JSON response.
698780 FortiAnalyzer may intermittently provide empty response to FortiView JSON requests.
700562 When creating a system admin user using JSON API, FortiAnalyzer may return an error: The data is invalid for selected url.
702140 The disable-module setting resets to default after reboot.
709699 FortiAnalyzer may contain a few siemdb crashes.
710178 FortiAnalyzer is listening on TCP/3000 even though accept-aggregation is disabled.
713826 The diagnose test application siemdbd 6 command may show wrong information after removing the last ADOM with diagnose siem remove database.

Reports

Bug ID

Description

683668 FortiClient report is always empty after enabled device filter.
692097 Report's sub-charts may not work after upgrade.
704544 Application icons may not be displayed in report.
710409 Top5-Users-By-Bandwidth drill-down chart result may contain SQL error.
713189

Dataset and Intrusions-Timeline-By-Severity, may not list low severity intrusions.

718579 While creating new or editing an Output Profile, the body section does not take any input.

720897

Scheduled Report may not run when the /tmp folder is full.

System Settings

Bug ID Description
560895 FortiAnalyzer should separate the Admin profile setting for Log and SoC views.
613526 FortiAnalyzer VM should prompt a warning when reaching the maximum ADOM limit.
626636 The Allow button may now work in HA configuration page.
631709 Email should successfully sent out from FortiAnalyzer with SMTPS TCP/465.
634253 ADOMs may disappear randomly from ADOM configuration while editing it.
668901 After enabling Collector mode, FortiAnalyzer may not show FortiView.
681321 Avatar may keep synchronizing which results in init sync cannot be finished.
685892 FortiAnalyzer is not sending SMTP EHLO message with fully-qualified hostname.
689824 After upgrade, log filter setting may set to Equal to for log forwarding.
691798 The secondary unit in FortiAnalyzer HA cluster may report HA cluster config-sync DOWN, cause=keepalive failure every couple of days.
696041 FortiAnalyzer SSO should support URI format in entity ID.
708047 They may be multiple devid, devname, or tz columns when log is forwarded in syslog.

Common Vulnerabilities and Exposures

Visit https://fortiguard.com/psirt for more information.

Bug ID CVE references

672953

FortiAnalyzer 6.4.6 is no longer vulnerable to the following CVE-Reference:

  • CVE-2021-24022

Resolved Issues

The following issues have been fixed in FortiAnalyzer version 6.4.6. For inquires about a particular bug, please contact Customer Service & Support.

Device Manager

Bug ID Description
521774 Add and delete function for unregistered devices are greyed out even when the root ADOM is locked.
523721 FortiAnalyzer should support FortiADC device type.
613115 Device Manager view may show red icons for VDOMs even when the log is received.
622649 When a FortiGate HA device is deleted, their log files are not deleted.
676662 Collector may not be showing the same FortiGate device version as analyzer.
681419 Notification icon may still be present for hidden unauthorized devices.

Event Management

Bug ID

Description

504426 Event list shall auto refreshed after events are acknowledged and Show Acknowledged is disabled.

FortiSOC

Bug ID

Description

685426 FortiAnalyzer should be able to see the incident that corresponds to events under the incidents analysis page.

FortiView

Bug ID

Description

633960 Filter is empty in request when drill-down Top Applications(FortiClient) view to Log View.
682485 Policy hit count may be shown as zero while there is traffic.
682657 FortiView may not refresh correctly after switching between ADOMs.
683580 The Not operation may not work for advanced filter.
684131 Top Sources response may be slow when filter by policy ID.
684193 Secure SD-WAN Monitor should not send request when device list fails to load.
685452 The NOT filer filter may not work properly.
688141 FortiAnalyzer should be able to apply multiple negative filters from the same type.
690895 FortiView > Monitors > Secure SD-WAN Monitor > SD-WAN Rules Utilization widget may show No Data for some FortiGates.
692464 While retrieving IPS error log details, FortiAnalyzer may prompt XSS error.
692852 After upgrade, the Secure SD-WAN Monitor may have issues and show No Data for Performance, Jitter, Latency, or Packet loss widget.
702268 When accessing from FortiGate, loading the FortiView page may be very slow when the source is set as FortiAnalyzer.
708006 Monitors Endpoints does not show all FortiClient endpoints as in logs.
711810 SSL Dialup IPSec connection count may not match the connection list.
713083 FortiAnalyzer may show a No Data message for the Worldwide Threat Prevalence chart.

Log View

Bug ID Description
600083 Endpoint Identification should always show the same user tied to the same session.
604850 The remote IP for SSL-VPN is showing as IPsec Remote IP.
652076 Log view may take a while to load with Custom Time Period.
660792 FortiAnalyzer-1000E may take a long time to download a filtered log view file.
686258 FortiAnalyzer may return No entry found when the Log View filter has many devices selected.
686924 Downloading CSV file contains tunnel-up and tunnel-down VPN logs from other devices that belong to different ADOMs.
690922 The event logs filter should display logs only from its own VDOM.
694307 When increasing in memory usage, FortiAnalyzer may stop receiving logs via OFTP from FortiGate devices.
704410 FortiAnalyzer may stop handling logs and the oftpd process becomes non-responsive.
711711 Log filter may show unfiltered values.

Others

Bug ID Description
656370 FortiAnalyzer SCP backup cannot be stopped.
671711 SQL database rebuild may not start and return ERROR: sqlplugind(690):receiver.c:96: socket 70 poll() failed.
677494

FortiAnalyzer may return SQL query error when creating temporary table blklst during ioc-rescan.

Workaround: Please set ioc-rescan days to less than database compression days.

679268 FortiAnalyzer is not able to backup via SFTP on a custom port.
681884 HA synchronization may stall at random percentage.
682997 FortiAnalyzer may show fmgd crash during boot up after upgrade.
686491 Postgres may keep causing OoM with segmentation faults on multiple processes.
690271 The sqllogd daemon may crash.
693161 When frequently accessing different pages, FortiAnalyzer's GUI may become sluggish and pages may not transition.
696211 Secondary FortiAnalyzer accepts FTP connections after disabling FortiRecorder.
697654 FortiAnalyzer may return duplicated data within log view JSON response.
698780 FortiAnalyzer may intermittently provide empty response to FortiView JSON requests.
700562 When creating a system admin user using JSON API, FortiAnalyzer may return an error: The data is invalid for selected url.
702140 The disable-module setting resets to default after reboot.
709699 FortiAnalyzer may contain a few siemdb crashes.
710178 FortiAnalyzer is listening on TCP/3000 even though accept-aggregation is disabled.
713826 The diagnose test application siemdbd 6 command may show wrong information after removing the last ADOM with diagnose siem remove database.

Reports

Bug ID

Description

683668 FortiClient report is always empty after enabled device filter.
692097 Report's sub-charts may not work after upgrade.
704544 Application icons may not be displayed in report.
710409 Top5-Users-By-Bandwidth drill-down chart result may contain SQL error.
713189

Dataset and Intrusions-Timeline-By-Severity, may not list low severity intrusions.

718579 While creating new or editing an Output Profile, the body section does not take any input.

720897

Scheduled Report may not run when the /tmp folder is full.

System Settings

Bug ID Description
560895 FortiAnalyzer should separate the Admin profile setting for Log and SoC views.
613526 FortiAnalyzer VM should prompt a warning when reaching the maximum ADOM limit.
626636 The Allow button may now work in HA configuration page.
631709 Email should successfully sent out from FortiAnalyzer with SMTPS TCP/465.
634253 ADOMs may disappear randomly from ADOM configuration while editing it.
668901 After enabling Collector mode, FortiAnalyzer may not show FortiView.
681321 Avatar may keep synchronizing which results in init sync cannot be finished.
685892 FortiAnalyzer is not sending SMTP EHLO message with fully-qualified hostname.
689824 After upgrade, log filter setting may set to Equal to for log forwarding.
691798 The secondary unit in FortiAnalyzer HA cluster may report HA cluster config-sync DOWN, cause=keepalive failure every couple of days.
696041 FortiAnalyzer SSO should support URI format in entity ID.
708047 They may be multiple devid, devname, or tz columns when log is forwarded in syslog.

Common Vulnerabilities and Exposures

Visit https://fortiguard.com/psirt for more information.

Bug ID CVE references

672953

FortiAnalyzer 6.4.6 is no longer vulnerable to the following CVE-Reference:

  • CVE-2021-24022