Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Release Notes

    Home FortiAnalyzer 7.2.1 Release Notes
    7.2.1
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.9
    5.2.7
    5.2.6
    5.2.5
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.13
    5.0.12
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2
    5.0.1
    4.3.8

    Known Issues

    Known Issues

    The following issues have been identified in FortiAnalyzer version 7.2.1. To inquire about a particular bug or to report a bug, please contact Fortinet Customer Service & Support.

    Device Manager

    Bug ID Description
    814008 Sort function for logs and average log rate(logs/sec) does not work in Device Manager.
    824296 FortiAnalyzer does not show the "root VDOM" under its Device Manager.
    827276 FortiAnalyzer does not let all VDOMs to be added to the Device Manager if FortiGates has more than 10 VDOMs.
    833448 The device SYSLOG-00000000 appears repeatedly even after being removed from the unregistered devices.
    835653 The FortiGate's IP address and firmware version are not updated when FortiGates are added manually to a non-root ADOM.
    837310 FortiAnalyzer does not show the correct IP addresses and firmware versions for its registered FortiGates.
    838727 Log Status of the Devices are displayed red when the Primary has a zero lograte.
    846904 Under the Device Manager, the Average Log Rates are not displayed.

    Event Management

    Bug ID Description
    825422 FortiAnalyzer Event Handler does not trigger any alerts when "Log Field" has been set to "Virtual Domain (vd)".

    FortiSOC

    Bug ID Description
    757650 Wrong device name (devname) is filled in event email notification.
    775589 FortiAnalyzer does not provide any details on status of Fabric Connectors.
    833991 FortiOS connector does not display health status of the Security Fabric members.
    848284 Despite having relevant event logs, the created playbook does not get triggered.
    849070 Playbook run successfully on the FortiAnalyzer but there is not any stitches triggered on the FortiGate.

    FortiView

    Bug ID Description
    744791 "Failed Authentication Attempts" logs under the System tab of FortiView are blanks.
    841717 The Data displayed on FortiView is inconsistent with the exported "Top Website Domains" PDF report.
    856094 Browsing time displays "0s" for 'streaming media and download' category for the Top Website Categories under the FortiView's Applications & Websites tab.

    Log View

    Bug ID Description
    696451 Detected files by Content Disarm and Reconstruction (CDR) cannot be stored/quarantined to FortiAnalyzer despite quarantine destination is set to FAZ.
    712711 Under the Log View, the query result is incorrect when the value for the filter is empty.
    816490 In Log Browse, for HA devices, only primary device's log files are displayed.
    836777 When admin profile is set as Read-Only, Add Filter under the Log View/FortiView displays no fields.
    837554 The Fabric log contains "::ffff:" prefix in front of the value of any IPv4 related fields.
    839350 Devices' entries under the Log Group of the Log View are not displayed.
    858682 The data icon under the Log View for ADOM FortiMail/FortiWeb do not properly display the log details.

    Others

    Bug ID Description
    779943 High memory usage has been observed when creating dataset or running reports on FortiAnalyzer.
    809133 Several process crashes (logfwd/filefwd/clusterd), which have been observed when loading the devices from Device Manager, made FortiAnalyzer unable to show any logs.
    818118 Logs between HA members are not synched.
    822619 Missing values when retrieving logstats using the JSON API requests.
    825927 FortiAnalyzer does not provide access to all available tiles under the FortiAuthenticator ADOM.
    827787 The CPU and Disk I/O usage of the FortiAnalyzer appear to be constantly high.
    829869 When FortiAnalyzer is working on Collector Mode, system storage size increases over time; hence, FortiAnalyzer might stop receiving new logs.
    837657 Creating ADOMs using JSON API, default ADOM configs like report, datasets, charts, etc. are not created.
    838031 FortiAnalyzer GUI does not display the "Rebuilding ADOM DB" in progress anymore.
    839191 The HA config-sync status issue creates the sync failure frequently.
    839910 The diagnose test application oftpd command does not display any outputs for some FortiGate devices registered on FortiAnalyzer.
    841622 FortiAnalyzer does not download the IOC DB updates when FortiManager acts as the local FortiGuard Server.
    846315 FortiAnalyzer does not display ADOM FortiNAC.
    860113 The primary FortiAnalyzer can show the logs in Log View. The synchronization between primary and secondary fails and the secondary doesn't show the last logs.

    919088

    GUI may not work properly in Google Chrome and Microsoft Edge version 114.

    Reports

    Bug ID Description
    704187 "Bandwidth and Application" Report's data does not match with the Top Application data on FortiView.
    722233 The generated report does not display data but its dataset query contains data.
    764194

    Playbooks run_report fails with missing device(s) if Playbook Starter as device filter is selected.
    768843 FortiAnalyzer does not support importing outbreak alert reports to ADOM type FortiGate.

    771072

    Secure SD-WAN CSV report does not show device names for charts.
    788801 "Throughput utilization billing report" does not display the complete data for the "yesterday" time-period.
    835422 FortiAnalyzer does not display any data on its report when group filter and LDAP query is being used.
    837395 "Show Top" & "Drilldown Top" preview features under the "Edit Chart" do not display the chart based on the selected values.
    841750 The report does not display any data for its tables.
    844563 Hodex Time shown on table chart does not match with the configured time period for the previous XX days in report.
    844975 The command execute remove reports does not remove the reports.
    848573 When specifying FortiWiFi as devices, "SD-WAN Device Link Bandwidth" and "SD-WAN Device Rules Donut Bandwidth" charts do not display any data.

    System Settings

    Bug ID Description
    478401 FortiAnalyzer shows an unnecessary warning message "Analytic is using 0% of allocated disk space", which can be very confusing.
    630654 Imported logs may not sync to slave.
    752111 Traffic, Security, and Event logs section under the Logview tab are missing for Primary HA.
    759601 FortiAnalyzer using Azure AD SAML SSO may show 'invalid_logout_response_error' after logout.
    782431 SNMPv3 stopped working after upgrading.
    803074 The sorting feature does not work correctly for storage info columns under the System Settings.
    829015 "Privacy Masking" feature does not work properly for admins whose admin type utilizes "Remote Authentication Server".
    832973 Analytics and Archive details are missing from "Edit Log Storage Policy".
    837203 Unable to fetch logs between FortiAnalyzer devices due to Invalid cross-device link error.
    842943 After upgrading FortiAnalyzer, "fortinet-ca2" is missing under the CA Certificates; this prevents devices to establish connections to FortiAnalyzer.
    849824 Under the Event's System logs, Adding Filter "Fortiguard web filter services are NOT reachable" does not display any logs.
    853855 The log forwarding filter does not seem to work properly as expected on FortiAnalyzer.
    Previous
    Next

    Known Issues

    Known Issues

    The following issues have been identified in FortiAnalyzer version 7.2.1. To inquire about a particular bug or to report a bug, please contact Fortinet Customer Service & Support.

    Device Manager

    Bug ID Description
    814008 Sort function for logs and average log rate(logs/sec) does not work in Device Manager.
    824296 FortiAnalyzer does not show the "root VDOM" under its Device Manager.
    827276 FortiAnalyzer does not let all VDOMs to be added to the Device Manager if FortiGates has more than 10 VDOMs.
    833448 The device SYSLOG-00000000 appears repeatedly even after being removed from the unregistered devices.
    835653 The FortiGate's IP address and firmware version are not updated when FortiGates are added manually to a non-root ADOM.
    837310 FortiAnalyzer does not show the correct IP addresses and firmware versions for its registered FortiGates.
    838727 Log Status of the Devices are displayed red when the Primary has a zero lograte.
    846904 Under the Device Manager, the Average Log Rates are not displayed.

    Event Management

    Bug ID Description
    825422 FortiAnalyzer Event Handler does not trigger any alerts when "Log Field" has been set to "Virtual Domain (vd)".

    FortiSOC

    Bug ID Description
    757650 Wrong device name (devname) is filled in event email notification.
    775589 FortiAnalyzer does not provide any details on status of Fabric Connectors.
    833991 FortiOS connector does not display health status of the Security Fabric members.
    848284 Despite having relevant event logs, the created playbook does not get triggered.
    849070 Playbook run successfully on the FortiAnalyzer but there is not any stitches triggered on the FortiGate.

    FortiView

    Bug ID Description
    744791 "Failed Authentication Attempts" logs under the System tab of FortiView are blanks.
    841717 The Data displayed on FortiView is inconsistent with the exported "Top Website Domains" PDF report.
    856094 Browsing time displays "0s" for 'streaming media and download' category for the Top Website Categories under the FortiView's Applications & Websites tab.

    Log View

    Bug ID Description
    696451 Detected files by Content Disarm and Reconstruction (CDR) cannot be stored/quarantined to FortiAnalyzer despite quarantine destination is set to FAZ.
    712711 Under the Log View, the query result is incorrect when the value for the filter is empty.
    816490 In Log Browse, for HA devices, only primary device's log files are displayed.
    836777 When admin profile is set as Read-Only, Add Filter under the Log View/FortiView displays no fields.
    837554 The Fabric log contains "::ffff:" prefix in front of the value of any IPv4 related fields.
    839350 Devices' entries under the Log Group of the Log View are not displayed.
    858682 The data icon under the Log View for ADOM FortiMail/FortiWeb do not properly display the log details.

    Others

    Bug ID Description
    779943 High memory usage has been observed when creating dataset or running reports on FortiAnalyzer.
    809133 Several process crashes (logfwd/filefwd/clusterd), which have been observed when loading the devices from Device Manager, made FortiAnalyzer unable to show any logs.
    818118 Logs between HA members are not synched.
    822619 Missing values when retrieving logstats using the JSON API requests.
    825927 FortiAnalyzer does not provide access to all available tiles under the FortiAuthenticator ADOM.
    827787 The CPU and Disk I/O usage of the FortiAnalyzer appear to be constantly high.
    829869 When FortiAnalyzer is working on Collector Mode, system storage size increases over time; hence, FortiAnalyzer might stop receiving new logs.
    837657 Creating ADOMs using JSON API, default ADOM configs like report, datasets, charts, etc. are not created.
    838031 FortiAnalyzer GUI does not display the "Rebuilding ADOM DB" in progress anymore.
    839191 The HA config-sync status issue creates the sync failure frequently.
    839910 The diagnose test application oftpd command does not display any outputs for some FortiGate devices registered on FortiAnalyzer.
    841622 FortiAnalyzer does not download the IOC DB updates when FortiManager acts as the local FortiGuard Server.
    846315 FortiAnalyzer does not display ADOM FortiNAC.
    860113 The primary FortiAnalyzer can show the logs in Log View. The synchronization between primary and secondary fails and the secondary doesn't show the last logs.

    919088

    GUI may not work properly in Google Chrome and Microsoft Edge version 114.

    Reports

    Bug ID Description
    704187 "Bandwidth and Application" Report's data does not match with the Top Application data on FortiView.
    722233 The generated report does not display data but its dataset query contains data.
    764194

    Playbooks run_report fails with missing device(s) if Playbook Starter as device filter is selected.
    768843 FortiAnalyzer does not support importing outbreak alert reports to ADOM type FortiGate.

    771072

    Secure SD-WAN CSV report does not show device names for charts.
    788801 "Throughput utilization billing report" does not display the complete data for the "yesterday" time-period.
    835422 FortiAnalyzer does not display any data on its report when group filter and LDAP query is being used.
    837395 "Show Top" & "Drilldown Top" preview features under the "Edit Chart" do not display the chart based on the selected values.
    841750 The report does not display any data for its tables.
    844563 Hodex Time shown on table chart does not match with the configured time period for the previous XX days in report.
    844975 The command execute remove reports does not remove the reports.
    848573 When specifying FortiWiFi as devices, "SD-WAN Device Link Bandwidth" and "SD-WAN Device Rules Donut Bandwidth" charts do not display any data.

    System Settings

    Bug ID Description
    478401 FortiAnalyzer shows an unnecessary warning message "Analytic is using 0% of allocated disk space", which can be very confusing.
    630654 Imported logs may not sync to slave.
    752111 Traffic, Security, and Event logs section under the Logview tab are missing for Primary HA.
    759601 FortiAnalyzer using Azure AD SAML SSO may show 'invalid_logout_response_error' after logout.
    782431 SNMPv3 stopped working after upgrading.
    803074 The sorting feature does not work correctly for storage info columns under the System Settings.
    829015 "Privacy Masking" feature does not work properly for admins whose admin type utilizes "Remote Authentication Server".
    832973 Analytics and Archive details are missing from "Edit Log Storage Policy".
    837203 Unable to fetch logs between FortiAnalyzer devices due to Invalid cross-device link error.
    842943 After upgrading FortiAnalyzer, "fortinet-ca2" is missing under the CA Certificates; this prevents devices to establish connections to FortiAnalyzer.
    849824 Under the Event's System logs, Adding Filter "Fortiguard web filter services are NOT reachable" does not display any logs.
    853855 The log forwarding filter does not seem to work properly as expected on FortiAnalyzer.
    Previous
    Next