Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 7.0.16
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Release Notes

    Home FortiAnalyzer 7.0.16 Release Notes
    7.0.16
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.9
    5.2.7
    5.2.6
    5.2.5
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.13
    5.0.12
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2
    5.0.1
    4.3.8

    Special Notices

    Special Notices

    This section highlights some of the operational changes that administrators should be aware of in FortiAnalyzer version 7.0.16.

    legacy-auth-mode command added

    A new CLI command, legacy-auth-mode, has been introduced in FortiAnalyzer 7.0.14 and later to enhance the flexibility of OFTP connections between devices and FortiAnalyzer when needed. By default, FortiAnalyzer enforces certificate-based authentication for OFTP connections and validates the device's certificate by checking the Common Name (CN) field — if the CN matches the device's serial number (SN), the connection is accepted.

    However, for devices like FortiWeb, FortiMail, and FortiADC, the certificate CN often does not match the SN, causing the OFTP connection to fail. When legacy-auth-mode is enabled, FortiAnalyzer allows OFTP connections to fall back to username/password authentication if the certificate CN does not match the SN. This enables compatibility with devices whose certificates use alternative CN formats while still providing a level of authentication. In line with security best practices, the OFTP port should not be exposed when legacy-auth-mode is enabled unless proper access restrictions are applied.

    config system log settings

    (settings)# set legacy-auth-mode ?

    disable - Disable support for legacy authentication mode.

    enable - Enable support for legacy authentication mode.

    MEAs removed in FortiAnalyzer 7.0.14

    There is no support for MEAs in FortiAnalyzer 7.0.14 and later.

    The following management extension applications (MEAs) are removed in FortiAnalyzer 7.0.14:

    • FortiSIEM

    • FortiSOAR

    Field name when log forwarding to CEF

    The field names no longer include the "ad." prefix when log forwarding to a CEF server.

    FortiAnalyzer 7.2.3 and later firmware on FortiGuard

    Starting in FortiAnalyzer 7.2.1, a setup wizard executes to prompt the user for various configuration steps and registration with FortiCare. During the execution, the FortiAnalyzer unit attempts to communicate with FortiGuard for a list of FortiAnalyzer firmware images currently available on FortiGuard – older and newer.

    In the case of FortiAnalyzer 7.2.2, a bug in the GUI prevents the wizard from completing and prevents the user from accessing the FortiAnalyzer unit. The issue has been fixed in 7.2.3 and later and a CLI command has been added to bypass the setup wizard at login time.

    config system admin setting

    set firmware-upgrade-check disable

    end

    Fortinet has not uploaded FortiAnalyzer 7.2.3 and later firmware to FortiGuard in order to work around the GUI bug, however, the firmware is available for download from the Fortinet Support web site https://support.fortinet.com.

    Configuration backup requires a password

    As of FortiAnalyzer 7.0.11, configuration backup files are automatically encrypted and require you to set a password. The password is required for scheduled backups as well.

    In previous versions, the encryption and password were optional.

    For more information, see the FortiAnalyzer Administration Guide.

    Device Manager GUI: quick status bar replaced with a world map of devices

    As of FortiAnalyzer v7.0.0, the quick status bar at the top of the Device Manager pane in the GUI has been replaced with a world map. This world map displays the locations of the registered devices. For more information about the world map in Device Manager, see the FortiAnalyzer Administration Guide.

    Hyperscale firewall mode

    FortiAnalyzer does not support logs from the following models when they have hyperscale firewall mode and netflow enabled:

    • FortiGate-1800F
    • FortiGate-1801F
    • FortiGate-2600F
    • FortiGate-2601F
    • FortiGate-4200F
    • FortiGate-4201F
    • FortiGate-4400F
    • FortiGate-4401F

    FortiAnalyzer only supports logs when the normal firewall mode with standard FortiGate logging are enabled.

    Modifying the interface status with the CLI

    Starting in verion 7.0.1, the CLI to modify the interface status has been changed from up/down to enable/disable.

    For example:

    config system interface

    edit port2

    set status <enable/disable>

    next

    end

    Citrix XenServer default limits and upgrade

    Citrix XenServer limits ramdisk to 128M by default. However the FAZ-VM64-XEN image is larger than 128M. Before updating to FortiAnalyzer 6.4, increase the size of the ramdisk setting on Citrix XenServer.

    To increase the size of the ramdisk setting:
    1. On Citrix XenServer, run the following command:

      xenstore-write /mh/limits/pv-ramdisk-max-size 536,870,912

    2. Confirm the setting is in effect by running xenstore-ls.

      -----------------------

      limits = ""

      pv-kernel-max-size = "33554432"

      pv-ramdisk-max-size = "536,870,912"

      boot-time = ""

      ---------------------------

    3. Remove the pending files left in /run/xen/pygrub.
    Note

    The ramdisk setting returns to the default value after rebooting.

    FortiAnalyzer VM upgrade requires more memory

    When upgrading FortiAnalyzer VM units from FortiAnalyzer 6.2.x to FortiAnalyzer 6.4.0 and later, the upgrade may fail because of memory allocation.

    Workaround: Before upgrading FortiAnalyzer VM to FortiAnalyzer 6.4.0 and later, change the memory allocation to 8 GB of RAM.

    Maximum ADOM limits for FortiAnalyzer

    FortiAnalyzer hardware devices and VMs display a warning when the maximum number of ADOMs is reached. For more details, see Appendix A - Default and maximum number of ADOMs supported.

    Port 8443 reserved

    Port 8443 is reserved for https-logging from FortiClient EMS for Chromebooks. See also FortiAnalyzer 7.0 Ports Reference on the Docs Library.

    Hyper-V FortiAnalyzer-VM running on an AMD CPU

    A Hyper-V FAZ-VM running on a PC with an AMD CPU may experience a kernel panic. Fortinet recommends running VMs on an Intel-based PC.

    SSLv3 on FortiAnalyzer-VM64-AWS

    Due to known vulnerabilities in the SSLv3 protocol, FortiAnalyzer-VM64-AWS only enables TLSv1 by default. All other models enable both TLSv1 and SSLv3. If you wish to disable SSLv3 support, please run:

    config system global

    set ssl-protocol t1sv1

    end

    Previous
    Next

    Special Notices

    Special Notices

    This section highlights some of the operational changes that administrators should be aware of in FortiAnalyzer version 7.0.16.

    legacy-auth-mode command added

    A new CLI command, legacy-auth-mode, has been introduced in FortiAnalyzer 7.0.14 and later to enhance the flexibility of OFTP connections between devices and FortiAnalyzer when needed. By default, FortiAnalyzer enforces certificate-based authentication for OFTP connections and validates the device's certificate by checking the Common Name (CN) field — if the CN matches the device's serial number (SN), the connection is accepted.

    However, for devices like FortiWeb, FortiMail, and FortiADC, the certificate CN often does not match the SN, causing the OFTP connection to fail. When legacy-auth-mode is enabled, FortiAnalyzer allows OFTP connections to fall back to username/password authentication if the certificate CN does not match the SN. This enables compatibility with devices whose certificates use alternative CN formats while still providing a level of authentication. In line with security best practices, the OFTP port should not be exposed when legacy-auth-mode is enabled unless proper access restrictions are applied.

    config system log settings

    (settings)# set legacy-auth-mode ?

    disable - Disable support for legacy authentication mode.

    enable - Enable support for legacy authentication mode.

    MEAs removed in FortiAnalyzer 7.0.14

    There is no support for MEAs in FortiAnalyzer 7.0.14 and later.

    The following management extension applications (MEAs) are removed in FortiAnalyzer 7.0.14:

    • FortiSIEM

    • FortiSOAR

    Field name when log forwarding to CEF

    The field names no longer include the "ad." prefix when log forwarding to a CEF server.

    FortiAnalyzer 7.2.3 and later firmware on FortiGuard

    Starting in FortiAnalyzer 7.2.1, a setup wizard executes to prompt the user for various configuration steps and registration with FortiCare. During the execution, the FortiAnalyzer unit attempts to communicate with FortiGuard for a list of FortiAnalyzer firmware images currently available on FortiGuard – older and newer.

    In the case of FortiAnalyzer 7.2.2, a bug in the GUI prevents the wizard from completing and prevents the user from accessing the FortiAnalyzer unit. The issue has been fixed in 7.2.3 and later and a CLI command has been added to bypass the setup wizard at login time.

    config system admin setting

    set firmware-upgrade-check disable

    end

    Fortinet has not uploaded FortiAnalyzer 7.2.3 and later firmware to FortiGuard in order to work around the GUI bug, however, the firmware is available for download from the Fortinet Support web site https://support.fortinet.com.

    Configuration backup requires a password

    As of FortiAnalyzer 7.0.11, configuration backup files are automatically encrypted and require you to set a password. The password is required for scheduled backups as well.

    In previous versions, the encryption and password were optional.

    For more information, see the FortiAnalyzer Administration Guide.

    Device Manager GUI: quick status bar replaced with a world map of devices

    As of FortiAnalyzer v7.0.0, the quick status bar at the top of the Device Manager pane in the GUI has been replaced with a world map. This world map displays the locations of the registered devices. For more information about the world map in Device Manager, see the FortiAnalyzer Administration Guide.

    Hyperscale firewall mode

    FortiAnalyzer does not support logs from the following models when they have hyperscale firewall mode and netflow enabled:

    • FortiGate-1800F
    • FortiGate-1801F
    • FortiGate-2600F
    • FortiGate-2601F
    • FortiGate-4200F
    • FortiGate-4201F
    • FortiGate-4400F
    • FortiGate-4401F

    FortiAnalyzer only supports logs when the normal firewall mode with standard FortiGate logging are enabled.

    Modifying the interface status with the CLI

    Starting in verion 7.0.1, the CLI to modify the interface status has been changed from up/down to enable/disable.

    For example:

    config system interface

    edit port2

    set status <enable/disable>

    next

    end

    Citrix XenServer default limits and upgrade

    Citrix XenServer limits ramdisk to 128M by default. However the FAZ-VM64-XEN image is larger than 128M. Before updating to FortiAnalyzer 6.4, increase the size of the ramdisk setting on Citrix XenServer.

    To increase the size of the ramdisk setting:
    1. On Citrix XenServer, run the following command:

      xenstore-write /mh/limits/pv-ramdisk-max-size 536,870,912

    2. Confirm the setting is in effect by running xenstore-ls.

      -----------------------

      limits = ""

      pv-kernel-max-size = "33554432"

      pv-ramdisk-max-size = "536,870,912"

      boot-time = ""

      ---------------------------

    3. Remove the pending files left in /run/xen/pygrub.
    Note

    The ramdisk setting returns to the default value after rebooting.

    FortiAnalyzer VM upgrade requires more memory

    When upgrading FortiAnalyzer VM units from FortiAnalyzer 6.2.x to FortiAnalyzer 6.4.0 and later, the upgrade may fail because of memory allocation.

    Workaround: Before upgrading FortiAnalyzer VM to FortiAnalyzer 6.4.0 and later, change the memory allocation to 8 GB of RAM.

    Maximum ADOM limits for FortiAnalyzer

    FortiAnalyzer hardware devices and VMs display a warning when the maximum number of ADOMs is reached. For more details, see Appendix A - Default and maximum number of ADOMs supported.

    Port 8443 reserved

    Port 8443 is reserved for https-logging from FortiClient EMS for Chromebooks. See also FortiAnalyzer 7.0 Ports Reference on the Docs Library.

    Hyper-V FortiAnalyzer-VM running on an AMD CPU

    A Hyper-V FAZ-VM running on a PC with an AMD CPU may experience a kernel panic. Fortinet recommends running VMs on an Intel-based PC.

    SSLv3 on FortiAnalyzer-VM64-AWS

    Due to known vulnerabilities in the SSLv3 protocol, FortiAnalyzer-VM64-AWS only enables TLSv1 by default. All other models enable both TLSv1 and SSLv3. If you wish to disable SSLv3 support, please run:

    config system global

    set ssl-protocol t1sv1

    end

    Previous
    Next