Fortinet black logo

Known Issues

Known Issues

The following issues have been identified in FortiAnalyzer version 7.2.1. To inquire about a particular bug or to report a bug, please contact Fortinet Customer Service & Support.

Device Manager

Bug ID Description
814008 Sort function for logs and average log rate(logs/sec) does not work in Device Manager.
824296 FortiAnalyzer does not show the "root VDOM" under its Device Manager.
827276 FortiAnalyzer does not let all VDOMs to be added to the Device Manager if FortiGates has more than 10 VDOMs.
833448 The device SYSLOG-00000000 appears repeatedly even after being removed from the unregistered devices.
835653 The FortiGate's IP address and firmware version are not updated when FortiGates are added manually to a non-root ADOM.
837310 FortiAnalyzer does not show the correct IP addresses and firmware versions for its registered FortiGates.
838727 Log Status of the Devices are displayed red when the Primary has a zero lograte.
846904 Under the Device Manager, the Average Log Rates are not displayed.

Event Management

Bug ID Description
825422 FortiAnalyzer Event Handler does not trigger any alerts when "Log Field" has been set to "Virtual Domain (vd)".

FortiSOC

Bug ID Description
757650 Wrong device name (devname) is filled in event email notification.
775589 FortiAnalyzer does not provide any details on status of Fabric Connectors.
833991 FortiOS connector does not display health status of the Security Fabric members.
848284 Despite having relevant event logs, the created playbook does not get triggered.
849070 Playbook run successfully on the FortiAnalyzer but there is not any stitches triggered on the FortiGate.

FortiView

Bug ID Description
744791 "Failed Authentication Attempts" logs under the System tab of FortiView are blanks.
841717 The Data displayed on FortiView is inconsistent with the exported "Top Website Domains" PDF report.
856094 Browsing time displays "0s" for 'streaming media and download' category for the Top Website Categories under the FortiView's Applications & Websites tab.

Log View

Bug ID Description
696451 Detected files by Content Disarm and Reconstruction (CDR) cannot be stored/quarantined to FortiAnalyzer despite quarantine destination is set to FAZ.
712711 Under the Log View, the query result is incorrect when the value for the filter is empty.
816490 In Log Browse, for HA devices, only primary device's log files are displayed.
836777 When admin profile is set as Read-Only, Add Filter under the Log View/FortiView displays no fields.
837554 The Fabric log contains "::ffff:" prefix in front of the value of any IPv4 related fields.
839350 Devices' entries under the Log Group of the Log View are not displayed.
858682 The data icon under the Log View for ADOM FortiMail/FortiWeb do not properly display the log details.

Others

Bug ID Description
779943 High memory usage has been observed when creating dataset or running reports on FortiAnalyzer.
809133 Several process crashes (logfwd/filefwd/clusterd), which have been observed when loading the devices from Device Manager, made FortiAnalyzer unable to show any logs.
818118 Logs between HA members are not synched.
822619 Missing values when retrieving logstats using the JSON API requests.
825927 FortiAnalyzer does not provide access to all available tiles under the FortiAuthenticator ADOM.
827787 The CPU and Disk I/O usage of the FortiAnalyzer appear to be constantly high.
829869 When FortiAnalyzer is working on Collector Mode, system storage size increases over time; hence, FortiAnalyzer might stop receiving new logs.
837657 Creating ADOMs using JSON API, default ADOM configs like report, datasets, charts, etc. are not created.
838031 FortiAnalyzer GUI does not display the "Rebuilding ADOM DB" in progress anymore.
839191 The HA config-sync status issue creates the sync failure frequently.
839910 The diagnose test application oftpd command does not display any outputs for some FortiGate devices registered on FortiAnalyzer.
841622 FortiAnalyzer does not download the IOC DB updates when FortiManager acts as the local FortiGuard Server.
846315 FortiAnalyzer does not display ADOM FortiNAC.
860113 The primary FortiAnalyzer can show the logs in Log View. The synchronization between primary and secondary fails and the secondary doesn't show the last logs.

919088

GUI may not work properly in Google Chrome and Microsoft Edge version 114.

Reports

Bug ID Description
704187 "Bandwidth and Application" Report's data does not match with the Top Application data on FortiView.
722233 The generated report does not display data but its dataset query contains data.
764194

Playbooks run_report fails with missing device(s) if Playbook Starter as device filter is selected.

768843 FortiAnalyzer does not support importing outbreak alert reports to ADOM type FortiGate.

771072

Secure SD-WAN CSV report does not show device names for charts.

788801 "Throughput utilization billing report" does not display the complete data for the "yesterday" time-period.
835422 FortiAnalyzer does not display any data on its report when group filter and LDAP query is being used.
837395 "Show Top" & "Drilldown Top" preview features under the "Edit Chart" do not display the chart based on the selected values.
841750 The report does not display any data for its tables.
844563 Hodex Time shown on table chart does not match with the configured time period for the previous XX days in report.
844975 The command execute remove reports does not remove the reports.
848573 When specifying FortiWiFi as devices, "SD-WAN Device Link Bandwidth" and "SD-WAN Device Rules Donut Bandwidth" charts do not display any data.

System Settings

Bug ID Description
478401 FortiAnalyzer shows an unnecessary warning message "Analytic is using 0% of allocated disk space", which can be very confusing.
630654 Imported logs may not sync to slave.
752111 Traffic, Security, and Event logs section under the Logview tab are missing for Primary HA.
759601 FortiAnalyzer using Azure AD SAML SSO may show 'invalid_logout_response_error' after logout.
782431 SNMPv3 stopped working after upgrading.
803074 The sorting feature does not work correctly for storage info columns under the System Settings.
829015 "Privacy Masking" feature does not work properly for admins whose admin type utilizes "Remote Authentication Server".
832973 Analytics and Archive details are missing from "Edit Log Storage Policy".
837203 Unable to fetch logs between FortiAnalyzer devices due to Invalid cross-device link error.
842943 After upgrading FortiAnalyzer, "fortinet-ca2" is missing under the CA Certificates; this prevents devices to establish connections to FortiAnalyzer.
849824 Under the Event's System logs, Adding Filter "Fortiguard web filter services are NOT reachable" does not display any logs.
853855 The log forwarding filter does not seem to work properly as expected on FortiAnalyzer.

Known Issues

The following issues have been identified in FortiAnalyzer version 7.2.1. To inquire about a particular bug or to report a bug, please contact Fortinet Customer Service & Support.

Device Manager

Bug ID Description
814008 Sort function for logs and average log rate(logs/sec) does not work in Device Manager.
824296 FortiAnalyzer does not show the "root VDOM" under its Device Manager.
827276 FortiAnalyzer does not let all VDOMs to be added to the Device Manager if FortiGates has more than 10 VDOMs.
833448 The device SYSLOG-00000000 appears repeatedly even after being removed from the unregistered devices.
835653 The FortiGate's IP address and firmware version are not updated when FortiGates are added manually to a non-root ADOM.
837310 FortiAnalyzer does not show the correct IP addresses and firmware versions for its registered FortiGates.
838727 Log Status of the Devices are displayed red when the Primary has a zero lograte.
846904 Under the Device Manager, the Average Log Rates are not displayed.

Event Management

Bug ID Description
825422 FortiAnalyzer Event Handler does not trigger any alerts when "Log Field" has been set to "Virtual Domain (vd)".

FortiSOC

Bug ID Description
757650 Wrong device name (devname) is filled in event email notification.
775589 FortiAnalyzer does not provide any details on status of Fabric Connectors.
833991 FortiOS connector does not display health status of the Security Fabric members.
848284 Despite having relevant event logs, the created playbook does not get triggered.
849070 Playbook run successfully on the FortiAnalyzer but there is not any stitches triggered on the FortiGate.

FortiView

Bug ID Description
744791 "Failed Authentication Attempts" logs under the System tab of FortiView are blanks.
841717 The Data displayed on FortiView is inconsistent with the exported "Top Website Domains" PDF report.
856094 Browsing time displays "0s" for 'streaming media and download' category for the Top Website Categories under the FortiView's Applications & Websites tab.

Log View

Bug ID Description
696451 Detected files by Content Disarm and Reconstruction (CDR) cannot be stored/quarantined to FortiAnalyzer despite quarantine destination is set to FAZ.
712711 Under the Log View, the query result is incorrect when the value for the filter is empty.
816490 In Log Browse, for HA devices, only primary device's log files are displayed.
836777 When admin profile is set as Read-Only, Add Filter under the Log View/FortiView displays no fields.
837554 The Fabric log contains "::ffff:" prefix in front of the value of any IPv4 related fields.
839350 Devices' entries under the Log Group of the Log View are not displayed.
858682 The data icon under the Log View for ADOM FortiMail/FortiWeb do not properly display the log details.

Others

Bug ID Description
779943 High memory usage has been observed when creating dataset or running reports on FortiAnalyzer.
809133 Several process crashes (logfwd/filefwd/clusterd), which have been observed when loading the devices from Device Manager, made FortiAnalyzer unable to show any logs.
818118 Logs between HA members are not synched.
822619 Missing values when retrieving logstats using the JSON API requests.
825927 FortiAnalyzer does not provide access to all available tiles under the FortiAuthenticator ADOM.
827787 The CPU and Disk I/O usage of the FortiAnalyzer appear to be constantly high.
829869 When FortiAnalyzer is working on Collector Mode, system storage size increases over time; hence, FortiAnalyzer might stop receiving new logs.
837657 Creating ADOMs using JSON API, default ADOM configs like report, datasets, charts, etc. are not created.
838031 FortiAnalyzer GUI does not display the "Rebuilding ADOM DB" in progress anymore.
839191 The HA config-sync status issue creates the sync failure frequently.
839910 The diagnose test application oftpd command does not display any outputs for some FortiGate devices registered on FortiAnalyzer.
841622 FortiAnalyzer does not download the IOC DB updates when FortiManager acts as the local FortiGuard Server.
846315 FortiAnalyzer does not display ADOM FortiNAC.
860113 The primary FortiAnalyzer can show the logs in Log View. The synchronization between primary and secondary fails and the secondary doesn't show the last logs.

919088

GUI may not work properly in Google Chrome and Microsoft Edge version 114.

Reports

Bug ID Description
704187 "Bandwidth and Application" Report's data does not match with the Top Application data on FortiView.
722233 The generated report does not display data but its dataset query contains data.
764194

Playbooks run_report fails with missing device(s) if Playbook Starter as device filter is selected.

768843 FortiAnalyzer does not support importing outbreak alert reports to ADOM type FortiGate.

771072

Secure SD-WAN CSV report does not show device names for charts.

788801 "Throughput utilization billing report" does not display the complete data for the "yesterday" time-period.
835422 FortiAnalyzer does not display any data on its report when group filter and LDAP query is being used.
837395 "Show Top" & "Drilldown Top" preview features under the "Edit Chart" do not display the chart based on the selected values.
841750 The report does not display any data for its tables.
844563 Hodex Time shown on table chart does not match with the configured time period for the previous XX days in report.
844975 The command execute remove reports does not remove the reports.
848573 When specifying FortiWiFi as devices, "SD-WAN Device Link Bandwidth" and "SD-WAN Device Rules Donut Bandwidth" charts do not display any data.

System Settings

Bug ID Description
478401 FortiAnalyzer shows an unnecessary warning message "Analytic is using 0% of allocated disk space", which can be very confusing.
630654 Imported logs may not sync to slave.
752111 Traffic, Security, and Event logs section under the Logview tab are missing for Primary HA.
759601 FortiAnalyzer using Azure AD SAML SSO may show 'invalid_logout_response_error' after logout.
782431 SNMPv3 stopped working after upgrading.
803074 The sorting feature does not work correctly for storage info columns under the System Settings.
829015 "Privacy Masking" feature does not work properly for admins whose admin type utilizes "Remote Authentication Server".
832973 Analytics and Archive details are missing from "Edit Log Storage Policy".
837203 Unable to fetch logs between FortiAnalyzer devices due to Invalid cross-device link error.
842943 After upgrading FortiAnalyzer, "fortinet-ca2" is missing under the CA Certificates; this prevents devices to establish connections to FortiAnalyzer.
849824 Under the Event's System logs, Adding Filter "Fortiguard web filter services are NOT reachable" does not display any logs.
853855 The log forwarding filter does not seem to work properly as expected on FortiAnalyzer.