Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 7.4.5
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Release Notes

    Home FortiAnalyzer 7.4.5 Release Notes
    7.4.5
    8.0.0
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.9
    5.2.7
    5.2.6
    5.2.5
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.13
    5.0.12
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2
    5.0.1
    4.3.8

    Special Notices

    Special Notices

    This section highlights some of the operational changes that administrators should be aware of in FortiAnalyzer version 7.4.5.

    FortiAnalyzer instances deployed on the Azure platform

    FortiAnalyzer instances deployed on the Azure platform (regardless of version) may lose all data—including configuration, logs, and reports—if the VM is deallocated and subsequently reallocated.

    This issue can occur when the VM is deallocated through Azure-level operations (e.g., Azure portal, CLI, or automation). For example, this may happen when an Azure administrator changes the VM SKU (e.g., from Standard_D16_v3 to Standard_D32a_v4), or when the VM is manually stopped (deallocated) from the Azure portal.

    To minimize the risk of data loss, it is strongly recommended to:

    • Perform regular backups of configuration and data via the GUI or native CLI commands on FortiAnalyzer.

    • Shut down the FortiAnalyzer instance, if required, only from within the FortiAnalyzer system itself rather than through Azure-level controls.

    • Before performing any upgrade or modification:

    Run execute lvm info to verify disk composition and ensure no Azure temporary disk is included in LVM, For example:

    Disk 1: 10 TB, Disk 2: 6 TB, ...

    If all listed disks were explicitly added by the faz-admin, this indicates that no temporary disk is part of LVM and the upgrade is considered safe.

    If an unexpected disk is detected (e.g., smaller system disk such as ~128 GB), it is likely the Azure temporary disk. In this case, perform a full backup before proceeding with the upgrade.

    If issues occur after the upgrade:

    • Run execute format disk to rebuild LVM,

    • Use execute restore to recover data from backup.

    The possible root cause may be as follows:

    Prior to version 7.4.2, the system assumed sdb was always the Azure temporary disk and excluded it from LVM. In certain corner cases, a different device (e.g., sda) may have been incorrectly added to LVM. After upgrading, the existing LVM metadata persists on disk. When the VM is later deallocated and reallocated, Azure replaces the temporary disk, causing LVM initialization to fail due to stale metadata. As a result, any data previously stored on the temporary disk is lost.

    Upgrading from 7.4.3 to 7.4.5 with FIPS mode enabled

    When FIPS mode is enabled, upgrading from 7.4.3 to 7.4.5 might fail due to the following error message: "FIPS firmware signature verification failed". The following steps should be taken as workaround:

    1. Backup FortiAnalyzer-v7.4.3-fips-cc mode DB.

    2. Disable FortiAnalyzer-v7.4.3-fips mode to normal mode.

    3. Upgrade FortiAnalyzer-v7.4.3 normal mode to v7.4.5.

    4. FortiAnalyzer-v7.4.5 enable fips-cc mode.

    5. Restore FortiAnalyzer-v7.4.3-fips DB on FortiAnalyzer-v7.4.5-fips.

    Field name when log forwarding to CEF

    The field names no longer include the "ad." prefix when log forwarding to a CEF server.

    Shell access has been removed

    As of FortiAnalyzer 7.4.4, shell access has been removed.

    The following CLI variables have been removed, which were previously used to enable shell access:

    config system admin setting

    set shell-access {enable | disable}

    set shell-password <passwd>

    The following CLI command has been removed, which was previously used to access shell when enabled:

    execute shell

    Events and Incidents FortiView monitors removed

    In FortiAnalyzer 7.4.3, the following FortiView monitors are removed from the GUI:

    • FortiView > Threats & Events > Events

    • FortiView > Threats & Events > Incidents

    Alert notifications generated by FortiAnalyzer and sent by syslog

    Beginning in 7.4.3, alert notifications generated by FortiAnalyzer and sent by syslog will use the RFC-5424 format.

    Additional configuration required for SSO users

    Beginning in 7.4.3, additional configuration is needed for FortiAnalyzer Users declared as wildcard SSO users.

    When configuring Administrators as wildcard SSO users, the ext-auth-accprofile-override and/or ext-auth-adom-override features, under Advanced Options, should be enabled if the intent is to obtain the ADOMs list and/or permission profile from the SAML IdP.

    FortiAnalyzer 7.2.3 and later firmware on FortiGuard

    Starting in FortiAnalyzer 7.2.1, a setup wizard executes to prompt the user for various configuration steps and registration with FortiCare. During the execution, the FortiAnalyzer unit attempts to communicate with FortiGuard for a list of FortiAnalyzer firmware images currently available on FortiGuard – older and newer.

    In the case of FortiAnalyzer 7.2.2, a bug in the GUI prevents the wizard from completing and prevents the user from accessing the FortiAnalyzer unit. The issue has been fixed in 7.2.3 and later and a CLI command has been added to bypass the setup wizard at login time.

    config system admin setting

    set firmware-upgrade-check disable

    end

    Fortinet has not uploaded FortiAnalyzer 7.2.3 and later firmware to FortiGuard in order to work around the GUI bug, however, the firmware is available for download from the Fortinet Support website.

    Configuration backup requires a password

    As of FortiAnalyzer 7.4.2, configuration backup files are automatically encrypted and require you to set a password. The password is required for scheduled backups as well.

    In previous versions, the encryption and password were optional.

    For more information, see the FortiAnalyzer Administration Guide.

    FortiAnalyzer-3500E support

    FortiAnalyzer 7.4.2 and later does not support the FortiAnalyzer-3500E device.

    FortiAnalyzer 7.4.2 introduces an upgrade of the OpenSSL library to address known vulnerabilities in the library. As a result, the SSL connection that is setup between the FortiAnalyzer-3500E device and the Google Map server hosted by Fortinet uses a SHA2 (2048) public key length. The certificate stored on the BIOS that is used during the setup of the SSL connection contains a SHA1 public key length, which causes the connection setup to fail. Running the following command shows the key length.

    FAZ3500E # config system certificate local

    (local)# ed Fortinet_Local

    (Fortinet_Local)# get

    name : Fortinet_Local

    password : *

    comment : Default local certificate

    private-key :

    certificate :

    Subject: C = US, ST = California, L = Sunnyvale, O = Fortinet, OU = FortiAnalyzer, CN = FL3K5E3M15000074, emailAddress = support@fortinet.com

    Issuer: C = US, ST = California, L = Sunnyvale, O = Fortinet, OU = Certificate Authority, CN = support, emailAddress = support@fortinet.com

    Valid from: 2015-03-06 16:22:10 GMT

    Valid to: 2038-01-19 03:14:07 GMT

    Fingerprint: FC:D0:0C:8D:DC:57:B6:16:58:DF:90:22:77:6F:2C:1B

    Public key: rsaEncryption (1024 bits)

    Signature: sha1WithRSAEncryption

    Root CA: No

    Version: 3

    Serial Num:

    1e:07:7a

    Extension 1: X509v3 Basic Constraints:

    CA:FALSE

    ...

    (Fortinet_Local)#

    PostgreSQL database upgrade

    FortiAnalyzer 7.2.6 and 7.4.1 include an upgrade of the PostgreSQL database. By default analytical features, such as Log View, FortiView, Reports, and Event Management are unavailable until the PostgreSQL database finishes upgrading. During this time, FortiAnalyzer will continue to receive new logs, but they will not be inserted into the PostgreSQL database. PostgreSQL database upgrade times depend on the number of ADOM configured and the analytical log volume. Some sample upgrade times are shown below.

    Model Number of ADOMs Analytical Data Size DB Upgrade Time
    FAZ-3700F 1200 5TB one hour
    FAZ-3500G 100 1TB 15 minutes
    FAZ-3000F 1 12TB 10 minutes
    Caution

    Do not reboot or proceed to another upgrade while the PostgreSQL database upgrade is in progress.

    If you are upgrading from a version prior to 7.2.6 (such as 7.2.0, 7.2.1, 7.2.2, and so on) or 7.4.0, you must wait for the PostgreSQL database upgrade to complete before accessing the analytical features or continuing your upgrade path. For example, if your upgrade path is 7.2.5 > latest 7.2 > 7.4.5, you must wait for the PostgreSQL upgrade to complete in the latest 7.2 before upgrading to FortiAnalyzer 7.4.5.

    For customers who prefer to not wait for accessing the analytical features, such as Log View, FortiView, Reports, and Event Management, for new logs, they can execute a SQL. This command can take a long time to complete depending on the amount of data.

    FAZVM64 # exec sql-local rebuild-db

    Rebuild the entire log SQL database has been requested.

    This operation will remove the log SQL database and rebuild from log data.

    This operation will reboot the device.

    Do you want to continue? (y/n)

    Serial console has changed for FortiAnalyzer deployments on Xen

    In FortiAnalyzer 7.4.1, the serial console for Xen deployments has changed from hvc0 (Xen specific) to ttyS0 (standard).

    OpenXen in PV mode is not supported in FortiAnalyzer 7.4.1

    As of FortiAnalyzer 7.4.1, kernel and rootfs are encrypted. OpenXen in PV mode tries to unzip the kernel and rootfs, but it will fail. Therefore, OpenXen in PV mode cannot be used when deploying or upgrading to FortiAnalyzer 7.4.1. Only HVM (hardware virtual machine) mode is supported for OpenXen in FortiAnalyzer 7.4.1.

    Default GUI theme changed

    As of FortiAnalyzer 7.4.1, the default GUI theme is Jade. The default theme can be changed from System Settings > Settings.

    Management Extensions visibility in the GUI

    As of FortiAnalyzer 7.4.0, the Management Extensions pane is only visible in the GUI when docker status is enabled and at least one management extension application (MEA) is enabled and downloaded. For more information about enabling and using the MEAs, see the Management Extensions documentation in the FortiAnalyzer Documents Library.

    FortiManager Features removed

    FortiAnalyzer 7.2.1 and later no longer supports FortiManager Features. If you have FortiManager Features enabled before upgrading to FortiAnalyzer 7.2.1, FortiManager Features will be permanently disabled after upgrading to FortiAnalyzer 7.2.1.

    Setup wizard requires FortiCare registration

    Starting in FortiAnalyzer 7.2.1, the FortiAnalyzer Setup wizard requires you to complete the Register with FortiCare step before you can access the FortiAnalyzer appliance or VM. Previously the step was optional.

    For FortiAnalyzer units operating in a closed environment, contact customer service to receive an entitlement file, and then load the entitlement file to FortiAnalyzer by using the CLI.

    When FortiManager is managing FortiAnalyzer in a closed environment, FortiManager contains the FortiAnalyzer contract information, and you can point FortiAnalyzer to FortiManager.

    Hyperscale firewall mode

    FortiAnalyzer does not support logs from the following models when they have hyperscale firewall mode and netflow enabled:

    • FortiGate-1800F
    • FortiGate-1801F
    • FortiGate-2600F
    • FortiGate-2601F
    • FortiGate-4200F
    • FortiGate-4201F
    • FortiGate-4400F
    • FortiGate-4401F

    FortiAnalyzer only supports logs when the normal firewall mode with standard FortiGate logging are enabled.

    Modifying the interface status with the CLI

    Starting in verion 7.0.1, the CLI to modify the interface status has been changed from up/down to enable/disable.

    For example:

    config system interface

    edit port2

    set status <enable/disable>

    next

    end

    Citrix XenServer default limits and upgrade

    Citrix XenServer limits ramdisk to 128M by default. However the FAZ-VM64-XEN image is larger than 128M. Before updating to FortiAnalyzer 6.4, increase the size of the ramdisk setting on Citrix XenServer.

    To increase the size of the ramdisk setting:
    1. On Citrix XenServer, run the following command:

      xenstore-write /mh/limits/pv-ramdisk-max-size 536,870,912

    2. Confirm the setting is in effect by running xenstore-ls.

      -----------------------

      limits = ""

      pv-kernel-max-size = "33554432"

      pv-ramdisk-max-size = "536,870,912"

      boot-time = ""

      ---------------------------

    3. Remove the pending files left in /run/xen/pygrub.
    Note

    The ramdisk setting returns to the default value after rebooting.

    FortiAnalyzer VM upgrade requires more memory

    When upgrading FortiAnalyzer VM units from a previous version to FortiAnalyzer 7.2.2 or higher, the upgrade may fail because of memory allocation. As of FortiAnalyzer 7.2.2, FortiAnalyzer VM requires 16 GB of RAM and 4 CPU.

    Workaround: Before upgrading FortiAnalyzer VM to FortiAnalyzer 7.2.2, change the memory allocation to 16 GB of RAM.

    Maximum ADOM limits for FortiAnalyzer

    FortiAnalyzer hardware devices and VMs display a warning when the maximum number of ADOMs is reached. For more details, see Appendix A - Default and maximum number of ADOMs supported.

    Port 8443 reserved

    Port 8443 is reserved for https-logging from FortiClient EMS for Chromebooks. See also FortiAnalyzer 7.0 Ports Reference on the Docs Library.

    Hyper-V FortiAnalyzer-VM running on an AMD CPU

    A Hyper-V FAZ-VM running on a PC with an AMD CPU may experience a kernel panic. Fortinet recommends running VMs on an Intel-based PC.

    SSLv3 on FortiAnalyzer-VM64-AWS

    Due to known vulnerabilities in the SSLv3 protocol, FortiAnalyzer-VM64-AWS only enables TLSv1 by default. All other models enable both TLSv1 and SSLv3. If you wish to disable SSLv3 support, please run:

    config system global

    set ssl-protocol t1sv1

    end

    Previous
    Next

    Special Notices

    Special Notices

    This section highlights some of the operational changes that administrators should be aware of in FortiAnalyzer version 7.4.5.

    FortiAnalyzer instances deployed on the Azure platform

    FortiAnalyzer instances deployed on the Azure platform (regardless of version) may lose all data—including configuration, logs, and reports—if the VM is deallocated and subsequently reallocated.

    This issue can occur when the VM is deallocated through Azure-level operations (e.g., Azure portal, CLI, or automation). For example, this may happen when an Azure administrator changes the VM SKU (e.g., from Standard_D16_v3 to Standard_D32a_v4), or when the VM is manually stopped (deallocated) from the Azure portal.

    To minimize the risk of data loss, it is strongly recommended to:

    • Perform regular backups of configuration and data via the GUI or native CLI commands on FortiAnalyzer.

    • Shut down the FortiAnalyzer instance, if required, only from within the FortiAnalyzer system itself rather than through Azure-level controls.

    • Before performing any upgrade or modification:

    Run execute lvm info to verify disk composition and ensure no Azure temporary disk is included in LVM, For example:

    Disk 1: 10 TB, Disk 2: 6 TB, ...

    If all listed disks were explicitly added by the faz-admin, this indicates that no temporary disk is part of LVM and the upgrade is considered safe.

    If an unexpected disk is detected (e.g., smaller system disk such as ~128 GB), it is likely the Azure temporary disk. In this case, perform a full backup before proceeding with the upgrade.

    If issues occur after the upgrade:

    • Run execute format disk to rebuild LVM,

    • Use execute restore to recover data from backup.

    The possible root cause may be as follows:

    Prior to version 7.4.2, the system assumed sdb was always the Azure temporary disk and excluded it from LVM. In certain corner cases, a different device (e.g., sda) may have been incorrectly added to LVM. After upgrading, the existing LVM metadata persists on disk. When the VM is later deallocated and reallocated, Azure replaces the temporary disk, causing LVM initialization to fail due to stale metadata. As a result, any data previously stored on the temporary disk is lost.

    Upgrading from 7.4.3 to 7.4.5 with FIPS mode enabled

    When FIPS mode is enabled, upgrading from 7.4.3 to 7.4.5 might fail due to the following error message: "FIPS firmware signature verification failed". The following steps should be taken as workaround:

    1. Backup FortiAnalyzer-v7.4.3-fips-cc mode DB.

    2. Disable FortiAnalyzer-v7.4.3-fips mode to normal mode.

    3. Upgrade FortiAnalyzer-v7.4.3 normal mode to v7.4.5.

    4. FortiAnalyzer-v7.4.5 enable fips-cc mode.

    5. Restore FortiAnalyzer-v7.4.3-fips DB on FortiAnalyzer-v7.4.5-fips.

    Field name when log forwarding to CEF

    The field names no longer include the "ad." prefix when log forwarding to a CEF server.

    Shell access has been removed

    As of FortiAnalyzer 7.4.4, shell access has been removed.

    The following CLI variables have been removed, which were previously used to enable shell access:

    config system admin setting

    set shell-access {enable | disable}

    set shell-password <passwd>

    The following CLI command has been removed, which was previously used to access shell when enabled:

    execute shell

    Events and Incidents FortiView monitors removed

    In FortiAnalyzer 7.4.3, the following FortiView monitors are removed from the GUI:

    • FortiView > Threats & Events > Events

    • FortiView > Threats & Events > Incidents

    Alert notifications generated by FortiAnalyzer and sent by syslog

    Beginning in 7.4.3, alert notifications generated by FortiAnalyzer and sent by syslog will use the RFC-5424 format.

    Additional configuration required for SSO users

    Beginning in 7.4.3, additional configuration is needed for FortiAnalyzer Users declared as wildcard SSO users.

    When configuring Administrators as wildcard SSO users, the ext-auth-accprofile-override and/or ext-auth-adom-override features, under Advanced Options, should be enabled if the intent is to obtain the ADOMs list and/or permission profile from the SAML IdP.

    FortiAnalyzer 7.2.3 and later firmware on FortiGuard

    Starting in FortiAnalyzer 7.2.1, a setup wizard executes to prompt the user for various configuration steps and registration with FortiCare. During the execution, the FortiAnalyzer unit attempts to communicate with FortiGuard for a list of FortiAnalyzer firmware images currently available on FortiGuard – older and newer.

    In the case of FortiAnalyzer 7.2.2, a bug in the GUI prevents the wizard from completing and prevents the user from accessing the FortiAnalyzer unit. The issue has been fixed in 7.2.3 and later and a CLI command has been added to bypass the setup wizard at login time.

    config system admin setting

    set firmware-upgrade-check disable

    end

    Fortinet has not uploaded FortiAnalyzer 7.2.3 and later firmware to FortiGuard in order to work around the GUI bug, however, the firmware is available for download from the Fortinet Support website.

    Configuration backup requires a password

    As of FortiAnalyzer 7.4.2, configuration backup files are automatically encrypted and require you to set a password. The password is required for scheduled backups as well.

    In previous versions, the encryption and password were optional.

    For more information, see the FortiAnalyzer Administration Guide.

    FortiAnalyzer-3500E support

    FortiAnalyzer 7.4.2 and later does not support the FortiAnalyzer-3500E device.

    FortiAnalyzer 7.4.2 introduces an upgrade of the OpenSSL library to address known vulnerabilities in the library. As a result, the SSL connection that is setup between the FortiAnalyzer-3500E device and the Google Map server hosted by Fortinet uses a SHA2 (2048) public key length. The certificate stored on the BIOS that is used during the setup of the SSL connection contains a SHA1 public key length, which causes the connection setup to fail. Running the following command shows the key length.

    FAZ3500E # config system certificate local

    (local)# ed Fortinet_Local

    (Fortinet_Local)# get

    name : Fortinet_Local

    password : *

    comment : Default local certificate

    private-key :

    certificate :

    Subject: C = US, ST = California, L = Sunnyvale, O = Fortinet, OU = FortiAnalyzer, CN = FL3K5E3M15000074, emailAddress = support@fortinet.com

    Issuer: C = US, ST = California, L = Sunnyvale, O = Fortinet, OU = Certificate Authority, CN = support, emailAddress = support@fortinet.com

    Valid from: 2015-03-06 16:22:10 GMT

    Valid to: 2038-01-19 03:14:07 GMT

    Fingerprint: FC:D0:0C:8D:DC:57:B6:16:58:DF:90:22:77:6F:2C:1B

    Public key: rsaEncryption (1024 bits)

    Signature: sha1WithRSAEncryption

    Root CA: No

    Version: 3

    Serial Num:

    1e:07:7a

    Extension 1: X509v3 Basic Constraints:

    CA:FALSE

    ...

    (Fortinet_Local)#

    PostgreSQL database upgrade

    FortiAnalyzer 7.2.6 and 7.4.1 include an upgrade of the PostgreSQL database. By default analytical features, such as Log View, FortiView, Reports, and Event Management are unavailable until the PostgreSQL database finishes upgrading. During this time, FortiAnalyzer will continue to receive new logs, but they will not be inserted into the PostgreSQL database. PostgreSQL database upgrade times depend on the number of ADOM configured and the analytical log volume. Some sample upgrade times are shown below.

    Model Number of ADOMs Analytical Data Size DB Upgrade Time
    FAZ-3700F 1200 5TB one hour
    FAZ-3500G 100 1TB 15 minutes
    FAZ-3000F 1 12TB 10 minutes
    Caution

    Do not reboot or proceed to another upgrade while the PostgreSQL database upgrade is in progress.

    If you are upgrading from a version prior to 7.2.6 (such as 7.2.0, 7.2.1, 7.2.2, and so on) or 7.4.0, you must wait for the PostgreSQL database upgrade to complete before accessing the analytical features or continuing your upgrade path. For example, if your upgrade path is 7.2.5 > latest 7.2 > 7.4.5, you must wait for the PostgreSQL upgrade to complete in the latest 7.2 before upgrading to FortiAnalyzer 7.4.5.

    For customers who prefer to not wait for accessing the analytical features, such as Log View, FortiView, Reports, and Event Management, for new logs, they can execute a SQL. This command can take a long time to complete depending on the amount of data.

    FAZVM64 # exec sql-local rebuild-db

    Rebuild the entire log SQL database has been requested.

    This operation will remove the log SQL database and rebuild from log data.

    This operation will reboot the device.

    Do you want to continue? (y/n)

    Serial console has changed for FortiAnalyzer deployments on Xen

    In FortiAnalyzer 7.4.1, the serial console for Xen deployments has changed from hvc0 (Xen specific) to ttyS0 (standard).

    OpenXen in PV mode is not supported in FortiAnalyzer 7.4.1

    As of FortiAnalyzer 7.4.1, kernel and rootfs are encrypted. OpenXen in PV mode tries to unzip the kernel and rootfs, but it will fail. Therefore, OpenXen in PV mode cannot be used when deploying or upgrading to FortiAnalyzer 7.4.1. Only HVM (hardware virtual machine) mode is supported for OpenXen in FortiAnalyzer 7.4.1.

    Default GUI theme changed

    As of FortiAnalyzer 7.4.1, the default GUI theme is Jade. The default theme can be changed from System Settings > Settings.

    Management Extensions visibility in the GUI

    As of FortiAnalyzer 7.4.0, the Management Extensions pane is only visible in the GUI when docker status is enabled and at least one management extension application (MEA) is enabled and downloaded. For more information about enabling and using the MEAs, see the Management Extensions documentation in the FortiAnalyzer Documents Library.

    FortiManager Features removed

    FortiAnalyzer 7.2.1 and later no longer supports FortiManager Features. If you have FortiManager Features enabled before upgrading to FortiAnalyzer 7.2.1, FortiManager Features will be permanently disabled after upgrading to FortiAnalyzer 7.2.1.

    Setup wizard requires FortiCare registration

    Starting in FortiAnalyzer 7.2.1, the FortiAnalyzer Setup wizard requires you to complete the Register with FortiCare step before you can access the FortiAnalyzer appliance or VM. Previously the step was optional.

    For FortiAnalyzer units operating in a closed environment, contact customer service to receive an entitlement file, and then load the entitlement file to FortiAnalyzer by using the CLI.

    When FortiManager is managing FortiAnalyzer in a closed environment, FortiManager contains the FortiAnalyzer contract information, and you can point FortiAnalyzer to FortiManager.

    Hyperscale firewall mode

    FortiAnalyzer does not support logs from the following models when they have hyperscale firewall mode and netflow enabled:

    • FortiGate-1800F
    • FortiGate-1801F
    • FortiGate-2600F
    • FortiGate-2601F
    • FortiGate-4200F
    • FortiGate-4201F
    • FortiGate-4400F
    • FortiGate-4401F

    FortiAnalyzer only supports logs when the normal firewall mode with standard FortiGate logging are enabled.

    Modifying the interface status with the CLI

    Starting in verion 7.0.1, the CLI to modify the interface status has been changed from up/down to enable/disable.

    For example:

    config system interface

    edit port2

    set status <enable/disable>

    next

    end

    Citrix XenServer default limits and upgrade

    Citrix XenServer limits ramdisk to 128M by default. However the FAZ-VM64-XEN image is larger than 128M. Before updating to FortiAnalyzer 6.4, increase the size of the ramdisk setting on Citrix XenServer.

    To increase the size of the ramdisk setting:
    1. On Citrix XenServer, run the following command:

      xenstore-write /mh/limits/pv-ramdisk-max-size 536,870,912

    2. Confirm the setting is in effect by running xenstore-ls.

      -----------------------

      limits = ""

      pv-kernel-max-size = "33554432"

      pv-ramdisk-max-size = "536,870,912"

      boot-time = ""

      ---------------------------

    3. Remove the pending files left in /run/xen/pygrub.
    Note

    The ramdisk setting returns to the default value after rebooting.

    FortiAnalyzer VM upgrade requires more memory

    When upgrading FortiAnalyzer VM units from a previous version to FortiAnalyzer 7.2.2 or higher, the upgrade may fail because of memory allocation. As of FortiAnalyzer 7.2.2, FortiAnalyzer VM requires 16 GB of RAM and 4 CPU.

    Workaround: Before upgrading FortiAnalyzer VM to FortiAnalyzer 7.2.2, change the memory allocation to 16 GB of RAM.

    Maximum ADOM limits for FortiAnalyzer

    FortiAnalyzer hardware devices and VMs display a warning when the maximum number of ADOMs is reached. For more details, see Appendix A - Default and maximum number of ADOMs supported.

    Port 8443 reserved

    Port 8443 is reserved for https-logging from FortiClient EMS for Chromebooks. See also FortiAnalyzer 7.0 Ports Reference on the Docs Library.

    Hyper-V FortiAnalyzer-VM running on an AMD CPU

    A Hyper-V FAZ-VM running on a PC with an AMD CPU may experience a kernel panic. Fortinet recommends running VMs on an Intel-based PC.

    SSLv3 on FortiAnalyzer-VM64-AWS

    Due to known vulnerabilities in the SSLv3 protocol, FortiAnalyzer-VM64-AWS only enables TLSv1 by default. All other models enable both TLSv1 and SSLv3. If you wish to disable SSLv3 support, please run:

    config system global

    set ssl-protocol t1sv1

    end

    Previous
    Next