Fortinet black logo

Special Notices

Special Notices

This section highlights some of the operational changes that administrators should be aware of in FortiAnalyzer version 7.0.5.

FortiAnalyzer 7.2.3 and later firmware on FortiGuard

Starting in FortiAnalyzer 7.2.1, a setup wizard executes to prompt the user for various configuration steps and registration with FortiCare. During the execution, the FortiAnalyzer unit attempts to communicate with FortiGuard for a list of FortiAnalyzer firmware images currently available on FortiGuard – older and newer.

In the case of FortiAnalyzer 7.2.2, a bug in the GUI prevents the wizard from completing and prevents the user from accessing the FortiAnalyzer unit. The issue has been fixed in 7.2.3 and later and a CLI command has been added to bypass the setup wizard at login time.

config system admin setting

set firmware-upgrade-check disable

end

Fortinet has not uploaded FortiAnalyzer 7.2.3 and later firmware to FortiGuard in order to work around the GUI bug, however, the firmware is available for download from the Fortinet Support web site https://support.fortinet.com.

Device Manager GUI: quick status bar replaced with a world map of devices

As of FortiAnalyzer v7.0.0, the quick status bar at the top of the Device Manager pane in the GUI has been replaced with a world map. This world map displays the locations of the registered devices. For more information about the world map in Device Manager, see the FortiAnalyzer Administration Guide.

Fortinet verified publisher docker image

FortiAnalyzer 7.0.1 docker image is available for download from Fortinet’s Verified Publisher public repository on dockerhub.

To download the FortiAnalyzer image from dockerhub:
  1. Go to dockerhub at https://hub.docker.com/.

    The dockerhub home page is displayed.

  2. In the banner, click Explore.
  3. In the search box, type Fortinet, and press Enter.

    The fortinet/fortimanager and fortinet/fortianalyzer options are displayed.

  4. Click fortinet/fortianalyzer.

    The fortinet/fortianalyzer page is displayed, and two tabs are available: Overview and Tags. The Overview tab is selected by default.

  5. On the Overview tab, copy the docker pull command, and use it to download the image.

    The CLI command from the Overview tab points to the latest available image. Use the Tags tab to access different versions when available.

Hyperscale firewall mode

FortiAnalyzer does not support logs from the following models when they have hyperscale firewall mode and netflow enabled:

  • FortiGate-1800F
  • FortiGate-1801F
  • FortiGate-2600F
  • FortiGate-2601F
  • FortiGate-4200F
  • FortiGate-4201F
  • FortiGate-4400F
  • FortiGate-4401F

FortiAnalyzer only supports logs when the normal firewall mode with standard FortiGate logging are enabled.

Modifying the interface status with the CLI

Starting in verion 7.0.1, the CLI to modify the interface status has been changed from up/down to enable/disable.

For example:

config system interface

edit port2

set status <enable/disable>

next

end

Citrix XenServer default limits and upgrade

Citrix XenServer limits ramdisk to 128M by default. However the FAZ-VM64-XEN image is larger than 128M. Before updating to FortiAnalyzer 6.4, increase the size of the ramdisk setting on Citrix XenServer.

To increase the size of the ramdisk setting:
  1. On Citrix XenServer, run the following command:

    xenstore-write /mh/limits/pv-ramdisk-max-size 536,870,912

  2. Confirm the setting is in effect by running xenstore-ls.

    -----------------------

    limits = ""

    pv-kernel-max-size = "33554432"

    pv-ramdisk-max-size = "536,870,912"

    boot-time = ""

    ---------------------------

  3. Remove the pending files left in /run/xen/pygrub.
Note

The ramdisk setting returns to the default value after rebooting.

FortiAnalyzer VM upgrade requires more memory

When upgrading FortiAnalyzer VM units from FortiAnalyzer 6.2.x to FortiAnalyzer 6.4.0 and later, the upgrade may fail because of memory allocation.

Workaround: Before upgrading FortiAnalyzer VM to FortiAnalyzer 6.4.0 and later, change the memory allocation to 8 GB of RAM.

Maximum ADOM limits for FortiAnalyzer

FortiAnalyzer hardware devices and VMs display a warning when the maximum number of ADOMs is reached or exceeded. The platform does not enforce the limit; however, adding more ADOMs may affect the performance of the unit. For more details, see Appendix A - Default and maximum number of ADOMs supported.

Port 8443 reserved

Port 8443 is reserved for https-logging from FortiClient EMS for Chromebooks. See also FortiAnalyzer 7.0 Ports Reference on the Docs Library.

Hyper-V FortiAnalyzer-VM running on an AMD CPU

A Hyper-V FAZ-VM running on a PC with an AMD CPU may experience a kernel panic. Fortinet recommends running VMs on an Intel-based PC.

SSLv3 on FortiAnalyzer-VM64-AWS

Due to known vulnerabilities in the SSLv3 protocol, FortiAnalyzer-VM64-AWS only enables TLSv1 by default. All other models enable both TLSv1 and SSLv3. If you wish to disable SSLv3 support, please run:

config system global

set ssl-protocol t1sv1

end

Special Notices

This section highlights some of the operational changes that administrators should be aware of in FortiAnalyzer version 7.0.5.

FortiAnalyzer 7.2.3 and later firmware on FortiGuard

Starting in FortiAnalyzer 7.2.1, a setup wizard executes to prompt the user for various configuration steps and registration with FortiCare. During the execution, the FortiAnalyzer unit attempts to communicate with FortiGuard for a list of FortiAnalyzer firmware images currently available on FortiGuard – older and newer.

In the case of FortiAnalyzer 7.2.2, a bug in the GUI prevents the wizard from completing and prevents the user from accessing the FortiAnalyzer unit. The issue has been fixed in 7.2.3 and later and a CLI command has been added to bypass the setup wizard at login time.

config system admin setting

set firmware-upgrade-check disable

end

Fortinet has not uploaded FortiAnalyzer 7.2.3 and later firmware to FortiGuard in order to work around the GUI bug, however, the firmware is available for download from the Fortinet Support web site https://support.fortinet.com.

Device Manager GUI: quick status bar replaced with a world map of devices

As of FortiAnalyzer v7.0.0, the quick status bar at the top of the Device Manager pane in the GUI has been replaced with a world map. This world map displays the locations of the registered devices. For more information about the world map in Device Manager, see the FortiAnalyzer Administration Guide.

Fortinet verified publisher docker image

FortiAnalyzer 7.0.1 docker image is available for download from Fortinet’s Verified Publisher public repository on dockerhub.

To download the FortiAnalyzer image from dockerhub:
  1. Go to dockerhub at https://hub.docker.com/.

    The dockerhub home page is displayed.

  2. In the banner, click Explore.
  3. In the search box, type Fortinet, and press Enter.

    The fortinet/fortimanager and fortinet/fortianalyzer options are displayed.

  4. Click fortinet/fortianalyzer.

    The fortinet/fortianalyzer page is displayed, and two tabs are available: Overview and Tags. The Overview tab is selected by default.

  5. On the Overview tab, copy the docker pull command, and use it to download the image.

    The CLI command from the Overview tab points to the latest available image. Use the Tags tab to access different versions when available.

Hyperscale firewall mode

FortiAnalyzer does not support logs from the following models when they have hyperscale firewall mode and netflow enabled:

  • FortiGate-1800F
  • FortiGate-1801F
  • FortiGate-2600F
  • FortiGate-2601F
  • FortiGate-4200F
  • FortiGate-4201F
  • FortiGate-4400F
  • FortiGate-4401F

FortiAnalyzer only supports logs when the normal firewall mode with standard FortiGate logging are enabled.

Modifying the interface status with the CLI

Starting in verion 7.0.1, the CLI to modify the interface status has been changed from up/down to enable/disable.

For example:

config system interface

edit port2

set status <enable/disable>

next

end

Citrix XenServer default limits and upgrade

Citrix XenServer limits ramdisk to 128M by default. However the FAZ-VM64-XEN image is larger than 128M. Before updating to FortiAnalyzer 6.4, increase the size of the ramdisk setting on Citrix XenServer.

To increase the size of the ramdisk setting:
  1. On Citrix XenServer, run the following command:

    xenstore-write /mh/limits/pv-ramdisk-max-size 536,870,912

  2. Confirm the setting is in effect by running xenstore-ls.

    -----------------------

    limits = ""

    pv-kernel-max-size = "33554432"

    pv-ramdisk-max-size = "536,870,912"

    boot-time = ""

    ---------------------------

  3. Remove the pending files left in /run/xen/pygrub.
Note

The ramdisk setting returns to the default value after rebooting.

FortiAnalyzer VM upgrade requires more memory

When upgrading FortiAnalyzer VM units from FortiAnalyzer 6.2.x to FortiAnalyzer 6.4.0 and later, the upgrade may fail because of memory allocation.

Workaround: Before upgrading FortiAnalyzer VM to FortiAnalyzer 6.4.0 and later, change the memory allocation to 8 GB of RAM.

Maximum ADOM limits for FortiAnalyzer

FortiAnalyzer hardware devices and VMs display a warning when the maximum number of ADOMs is reached or exceeded. The platform does not enforce the limit; however, adding more ADOMs may affect the performance of the unit. For more details, see Appendix A - Default and maximum number of ADOMs supported.

Port 8443 reserved

Port 8443 is reserved for https-logging from FortiClient EMS for Chromebooks. See also FortiAnalyzer 7.0 Ports Reference on the Docs Library.

Hyper-V FortiAnalyzer-VM running on an AMD CPU

A Hyper-V FAZ-VM running on a PC with an AMD CPU may experience a kernel panic. Fortinet recommends running VMs on an Intel-based PC.

SSLv3 on FortiAnalyzer-VM64-AWS

Due to known vulnerabilities in the SSLv3 protocol, FortiAnalyzer-VM64-AWS only enables TLSv1 by default. All other models enable both TLSv1 and SSLv3. If you wish to disable SSLv3 support, please run:

config system global

set ssl-protocol t1sv1

end