Fortianalyzer v6.4.6 Release Notes
Fortianalyzer v6.4.6 Release Notes
Fortianalyzer v6.4.6 Release Notes
Version 6.4.6
FORTINET DOCUMENT LIBRARY
https://docs.fortinet.com
FORTINET BLOG
https://blog.fortinet.com
NSE INSTITUTE
https://training.fortinet.com
FORTIGUARD CENTER
https://www.fortiguard.com
FEEDBACK
Email: techdoc@fortinet.com
July 9, 2021
FortiAnalyzer 6.4.6 Release Notes
05-646-721292-20210709
TABLE OF CONTENTS
Change Log 5
FortiAnalyzer 6.4.6 Release 6
Supported models 6
FortiAnalyzer VM subscription license 6
FortiRecorder 7
Supported models for FortiRecorder 7
Supported cameras 7
Special Notices 8
Hyperscale firewall mode 8
FortiAnalyzer 3700F performance issues 8
Citrix XenServer default limits and upgrade 8
FortiAnalyzer Cloud VM does not support FortiGate 6.4.0 9
FortiAnalyzer VM upgrade requires more memory 9
Maximum ADOM limits for FortiAnalyzer 9
Port 8443 reserved 9
All OFTP connections must be encrypted for FortiAnalyzer 6.2.0 (or higher) 9
Hyper-V FortiAnalyzer-VM running on an AMD CPU 10
SSLv3 on FortiAnalyzer-VM64-AWS 10
Upgrade Information 11
Downgrading to previous versions 11
Firmware image checksums 11
FortiAnalyzer VM firmware 11
SNMP MIB files 13
Product Integration and Support 14
FortiAnalyzer version 6.4.6 support 14
Web browsers 14
FortiOS/FortiOS Carrier 15
FortiADC 15
FortiAnalyzer 15
FortiAuthenticator 15
FortiCache 15
FortiClient 16
FortiDDoS 16
FortiDeceptor 16
FortiMail 16
FortiManager 16
FortiNAC 17
FortiProxy 17
FortiSandbox 17
FortiSwitch ATCA 17
FortiWeb 17
Virtualization 18
Feature support 18
2021-06-02 Moved 613115 from Known Issues to Resolved Issues on page 33.
2021-06-10 Updated FortiGate models on page 20 and added 724625 to Known Issues on page
38.
2021-06-24 Updated FortiGate models on page 20 and FortiCarrier models on page 24.
2021-07-09 Added support for FortiSandbox 4.0 to FortiSandbox on page 17 and FortiSandbox
models on page 30.
This document provides information about FortiAnalyzer version 6.4.6 build 2363.
The recommended minimum screen resolution for the FortiAnalyzer GUI is 1920 x 1080.
Please adjust the screen resolution accordingly. Otherwise, the GUI may not display properly.
Supported models
The FortiAnalyzer VM subscription license supports FortiAnalyzer version 6.4.1 and later. For information about
supported firmware, see FortiAnalyzer VM firmware on page 11.
See also Appendix A - Default and maximum number of ADOMs supported on page 42.
You can use the FortiAnalyzer VM subscription license with new FAZ-VM installations.
For existing FAZ-VM installations, you cannot upgrade to a FortiAnalyzer VM subscription
license. Instead, you must migrate data from the existing FAZ-VM to a new FAZ-VM with
subscription license.
FortiRecorder
This section identifies what FortiAnalyzer models support the FortiRecorder module and what FortiCamera models are
supported.
Below is a list of the FortiAnalyzer appliances that support the FortiRecorder module.
FAZ-200F 4
FAZ-300F 6
FAZ-400E 12
FAZ-800F 16
FAZ-1000E 30
FAZ-1000F 50
FAZ-2000E 40
FAZ-3000F 50
FAZ-3700F 60
FAZ-3500G 50
Supported cameras
This section highlights some of the operational changes that administrators should be aware of in FortiAnalyzer version
6.4.6.
FortiAnalyzer does not support logs from the following models when they have hyperscale firewall mode and netflow
enabled:
l FortiGate-1800F
l FortiGate-1801F
l FortiGate-4200F
l FortiGate-4201F
l FortiGate-4400F
l FortiGate-4401F
FortiAnalyzer only supports logs when the normal firewall mode with standard FortiGate logging are enabled.
FortiAnalyzer 3700F models running version 6.0.3 and later may experience high Disk I/O Utilization, large differences
between Insert Rate Vs Receive Rate, and large Log Insert Lag Time.
To prevent these performance issues, FortiAnalyzer allows the disk cache to warm up for 30 minutes before inserting
logs into the SQL database.
Citrix XenServer limits ramdisk to 128M by default. However the FAZ-VM64-XEN image is larger than 128M. Before
updating to FortiAnalyzer 6.4, increase the size of the ramdisk setting on Citrix XenServer.
boot-time = ""
---------------------------
3. Remove the pending files left in /run/xen/pygrub.
FortiManager and FortiAnalyzer Cloud VMs do not currently support FortiGate 6.4.0. Cloud VM users should continue
using FortiGate firmware 6.2 builds. Cloud platforms will be supported in a future 6.4 patch release.
When upgrading FortiAnalyzer VM units from FortiAnalyzer 6.2.x to FortiAnalyzer 6.4.0 and later, the upgrade may fail
because of memory allocation.
Workaround: Before upgrading FortiAnalyzer VM to FortiAnalyzer 6.4.0 and later, change the memory allocation to 8
GB of RAM.
FortiAnalyzer hardware devices and VMs display a warning when the maximum number of ADOMs is reached or
exceeded. The platform does not enforce the limit; however, adding more ADOMs may affect the performance of the
unit. For more details, see Appendix A - Default and maximum number of ADOMs supported on page 42.
Port 8443 is reserved for https-logging from FortiClient EMS for Chromebooks.
Prior to upgrading to FortiAnalyzer 6.2, make sure that all FortiGate devices are configured to use encryption when
communicating with FortiAnalyzer. Starting with FortiAnalyzer 6.2.0, all OFTP communications must be encrypted.
A Hyper-V FAZ-VM running on a PC with an AMD CPU may experience a kernel panic. Fortinet recommends running
VMs on an Intel-based PC.
SSLv3 on FortiAnalyzer-VM64-AWS
Due to known vulnerabilities in the SSLv3 protocol, FortiAnalyzer-VM64-AWS only enables TLSv1 by default. All other
models enable both TLSv1 and SSLv3. If you wish to disable SSLv3 support, please run:
config system global
set ssl-protocol t1sv1
end
For other upgrade paths and details about upgrading your FortiAnalyzer, see FortiAnalyzer
Upgrade Guide.
FortiAnalyzer does not provide a full downgrade path. You can downgrade to a previous firmware release via the GUI or
CLI, but doing so results in configuration loss. A system reset is required after the firmware downgrading process has
completed. To reset the system, use the following CLI commands via a console port connection:
execute reset all-settings
execute format {disk | disk-ext4}
The MD5 checksums for all Fortinet software and firmware releases are available at the Customer Service & Support
portal, https://support.fortinet.com. To verify the integrity of the download, select the Checksum link next to the HTTPS
download link. A dialog box will be displayed with the image file name and checksum code. Compare this checksum with
the checksum of the firmware image.
FortiAnalyzer VM firmware
Fortinet provides FortiAnalyzer VM firmware images for the following virtualization environments: Aliyun, Amazon Web
Services, Citrix and Open Source XenServer, Linux KVM, Microsoft Azure, Microsoft Hyper-V Server, and VMware
ESX/ESXi.
Aliyun
l .out: Download the 64-bit firmware image to upgrade your existing FortiAnalyzer VM installation.
l .out.kvm.zip: Download the 64-bit package for a new FortiAnalyzer VM installation. This package contains
QCOW2 that can be used by qemu.
l The 64-bit Amazon Machine Image (AMI) is available on the AWS marketplace.
l .out: Download the 64-bit firmware image to upgrade your existing FortiAnalyzer VM installation.
l .out.OpenXen.zip: Download the 64-bit package for a new FortiAnalyzer VM installation. This package contains
the QCOW2 file for the Open Source Xen Server.
l .out.CitrixXen.zip: Download the 64-bit package for a new FortiAnalyzer VM installation. This package
contains the Citrix XenServer Disk (VHD), and OVF files.
Linux KVM
l .out: Download the 64-bit firmware image to upgrade your existing FortiAnalyzer VM installation.
l .out.kvm.zip: Download the 64-bit package for a new FortiAnalyzer VM installation. This package contains
QCOW2 that can be used by qemu.
Microsoft Azure
The files for Microsoft Azure have AZURE in the filenames, for example FAZ_VM64_AZURE-v<number>-
build<number>-FORTINET.out.hyperv.zip.
l .out: Download the firmware image to upgrade your existing FortiAnalyzer VM installation.
l .hyperv.zip: Download the package for a new FortiAnalyzer VM installation. This package contains a Virtual
Hard Disk (VHD) file for Microsoft Azure.
The files for Microsoft Hyper-V Server have HV in the filenames, for example, FAZ_VM64_HV-v<number>-
build<number>-FORTINET.out.hyperv.zip.
l .out: Download the firmware image to upgrade your existing FortiAnalyzer VM installation.
l .hyperv.zip: Download the package for a new FortiAnalyzer VM installation. This package contains a Virtual
Hard Disk (VHD) file for Microsoft Hyper-V Server.
VMware ESX/ESXi
l .out: Download either the 64-bit firmware image to upgrade your existing VM installation.
l .ovf.zip: Download either the 64-bit package for a new VM installation. This package contains an Open
Virtualization Format (OVF) file for VMware and two Virtual Machine Disk Format (VMDK) files used by the OVF file
during deployment.
For more information, see the FortiAnalyzer Data Sheet available on the Fortinet web site. VM
installation guides are available in the Fortinet Document Library.
You can download the FORTINET-FORTIMANAGER-FORTIANALYZER.mib MIB file in the firmware image file folder.
The Fortinet Core MIB file is located in the main FortiAnalyzer v5.00 file folder.
This section lists FortiAnalyzer6.4.6 support of other Fortinet products. It also identifies what FortiAnalyzer features are
supported for log devices and what languages FortiAnalyzer GUI and reports support. It also lists which Fortinet models
can send logs to FortiAnalyzer.
The section contains the following topics:
l FortiAnalyzer version 6.4.6 support on page 14
l Feature support on page 18
l Language support on page 19
l Supported models on page 20
This section identifies FortiAnalyzer version 6.4.6 product integration and support information:
l Web browsers on page 14
l FortiOS/FortiOS Carrier on page 15
l FortiAnalyzer on page 15
l FortiAuthenticator on page 15
l FortiCache on page 15
l FortiClient on page 16
l FortiDDoS on page 16
l FortiMail on page 16
l FortiManager on page 16
l FortiProxy on page 17
l FortiSandbox on page 17
l FortiSwitch ATCA on page 17
l FortiWeb on page 17
l Virtualization on page 18
Always review the Release Notes of the supported platform firmware version before upgrading
your device.
Web browsers
This section lists FortiAnalyzer version 6.4.6 product integration and support for web browsers:
l Microsoft Edge 80 (80.0.361 or later)
l Mozilla Firefox version 88
FortiOS/FortiOS Carrier
This section lists FortiAnalyzer version 6.4.6 product integration and support for FortiOS/FortiOS Carrier:
l 6.4.0 and later
l 6.2.0 and later
l 6.0.0 and later
l 5.6.0 and later
l 5.4.0 and later
FortiADC
This section lists FortiAnalyzer version 6.4.6 product integration and support for FortiADC:
l 6.0.2
l 5.4.4
FortiAnalyzer
This section lists FortiAnalyzer version 6.4.6 product integration and support for FortiAnalyzer:
l 6.4.0 to 6.4.5
l 6.2.0 to 6.2.7
l 6.0.0 and later
l 5.6.0 and later
l 5.4.0 and later
FortiAuthenticator
This section lists FortiAnalyzer version 6.4.6 product integration and support for FortiAuthenticator:
l 6.0 to 6.2
l 5.0 to 5.5
l 4.3.0 and later
FortiCache
This section lists FortiAnalyzer version 6.4.6 product integration and support for FortiCache:
l 4.2.9
l 4.1.6
l 4.0.4
FortiClient
This section lists FortiAnalyzer version 6.4.6 product integration and support for FortiClient:
l 6.4.0 and later
l 6.2.8
l 6.0.10
l 5.6.6
l 5.4.0 and later
FortiDDoS
This section lists FortiAnalyzer version 6.4.6 product integration and support for FortiDDoS:
l 5.4.1
l 5.3.1
l 5.2.0
l 5.1.0
l 5.0.0
l 4.7.0
l 4.6.0
l 4.5.0
l 4.4.2
l 4.3.2
l 4.2.3
FortiDeceptor
This section lists FortiAnalyzer version 6.4.6 product integration and support for FortiDeceptor:
l 3.1.1
FortiMail
This section lists FortiAnalyzer version 6.4.6 product integration and support for FortiMail:
l 6.4.4
l 6.2.6
l 6.0.10
l 5.4.12
l 5.3.13
FortiManager
This section lists FortiAnalyzer version 6.4.6 product integration and support for FortiManager:
FortiNAC
This section lists FortiAnalyzer version 6.4.6 product integration and support for FortiNAC:
l 8.7.6
l 8.6.5
l 8.5.4
FortiProxy
This section lists FortiAnalyzer version 6.4.6 product integration and support for FortiProxy:
l 1.0 to 1.2
FortiSandbox
This section lists FortiAnalyzer version 6.4.6 product integration and support for FortiSandbox:
l 4.0.0
l 3.2.2
l 3.1.4
l 3.0.6
l 2.5.2
l 2.4.1
l 2.3.3
l 2.2.2
FortiSwitch ATCA
This section lists FortiAnalyzer version 6.4.6 product integration and support for FortiSwitch ATCA:
l 5.0.0 and later
FortiWeb
This section lists FortiAnalyzer version 6.4.6 product integration and support for FortiWeb:
l 6.3.0 to 6.3.10
l 6.2.0 to 6.2.4
l 6.1.0 to 6.1.2
l 6.0.0 to 6.0.7
l 5.9.0 to 5.9.1
l 5.8.0 to 5.8.6
l 5.7.0 to 5.7.1
l 5.6.0 to 5.6.1
l 5.5.0 to 5.5.6
l 5.4.1 to 5.4.1
Virtualization
This section lists FortiAnalyzer version 6.4.6 product integration and support for virtualization:
l Amazon Web Services (AWS)
l Citrix XenServer 6.0+ and Open Source Xen 4.1+
l Linux KVM
l Microsoft Azure
l Microsoft Hyper-V 2008 R2/2012/2012 R2/2016
l VMware ESX/ESXi 5.5/6.0/6.5/6.7/7.0
l Nutanix AHV (AOS 5.10.5)
l Google Cloud (GCP)
l Oracle Cloud Infrastructure (OCI)
l Alibaba Cloud (AliCloud)
Feature support
The following table lists FortiAnalyzer feature support for log devices.
FortiGate ✓ ✓ ✓ ✓
FortiCarrier ✓ ✓ ✓ ✓
FortiADC ✓ ✓
FortiAnalyzer ✓ ✓
FortiAuthenticator ✓
FortiCache ✓ ✓ ✓
FortiClient registered ✓ ✓ ✓
to FortiGate
FortiClient registered ✓ ✓ ✓
to FortiClient EMS
FortiDDoS ✓ ✓ ✓ ✓
FortiMail ✓ ✓ ✓
FortiManager ✓ ✓
FortiProxy ✓ ✓ ✓
FortiSandbox ✓ ✓ ✓
FortiWeb ✓ ✓ ✓
Syslog ✓ ✓ ✓
Language support
English ✓ ✓
Chinese (Simplified) ✓ ✓
Chinese (Traditional) ✓ ✓
French ✓
Hebrew ✓
Hungarian ✓
Japanese ✓ ✓
Korean ✓ ✓
Portuguese ✓
Russian ✓
Spanish ✓
To change the FortiAnalyzer language setting, go to System Settings > Admin > Admin Settings, in Administrative
Settings > Language select the desired language from the drop-down list. The default value is Auto Detect.
Russian, Hebrew, and Hungarian are not included in the default report languages. You can create your own language
translation files for these languages by exporting a predefined language from FortiAnalyzer, modifying the text to a
different language, saving the file as a different language name, and then importing the file into FortiAnalyzer. For more
information, see the FortiAnalyzer Administration Guide.
Supported models
This section identifies which FortiGate, FortiCarrier, FortiDDoS, FortiAnalyzer, FortiMail, FortiSandbox, FortiSwitch,
FortiWeb, FortiCache, and FortiProxy models and firmware versions can send logs to a FortiAnalyzer appliance running
version 6.4.6. Please ensure that the log devices are supported before completing the upgrade.
Software license activated LENC devices are supported, if their platforms are in the supported
models list. For example, support of FG-3200D indicates support of FG-3200D-LENC.
FortiGate models
FortiCarrier models
FortiADC models
FortiAnalyzer models
FortiAuthenticator models
FortiAuthenticator: FAC-200D, FAC-200E, FAC-400C, FAC-400E, FAC-1000C, FAC- 4.3, 5.0-5.5, 6.0
1000D, FAC-2000E, FAC-3000B, FAC-3000D, FAC-3000E
FortiAuthenticator VM: FAC-VM
FortiCache models
FortiCache: FCH-400C, FCH-400E, FCH-1000C, FCH-1000D, FCH-3000C, FCH-3000D, 4.0, 4.1, 4.2
FCH-3000E, FCH-3900E
FortiCache VM: FCH-VM64, FCH-KVM
FortiDDoS models
FortiDDoS: FI-200B, FI-400B, FI-600B, FI-800B, FI-900B, FI-1000B, FI-1200B, FI-1500B, FI- 5.1
2000B, FI-2000E
FortiDDoS: FI-200B, FI400B, FI-600B, FI-800B, FI-900B, FI-1000B, FI-1200B, FI-2000B, FI- 4.0, 4.1, 4.2, 4.3, 4.4,
3000B 4.5, 4.7
FortiDeceptor models
FortiMail models
FortiMail: FE-60D, FE-200D, FE-200E, FE-400E, FE-1000D, FE-2000E, FE-3000D, FE- 6.4
3000E, FE-3200E, FE-VM, FML-60D, FML-200D, FML-1000D, FML-3000D, FML-200E,
FML-400E, FML-2000E, FML-3000E, FML-3200E, FML-200F, FML-400F, FML-900F
FortiMail VM: FE-VM64, FE-VM64-HV, FE-VM64-XEN
FortiMail: FE-60D, FE-200D, FE-200E, FE-400E, FE-1000D, FE-2000E, FE-3000D, FE- 6.2
3000E, FE-3200E, FE-VM, FML-60D, FML-200D, FML-1000D, FML-3000D, FML-200E,
FML-400E, FML-2000E, FML-3000E, FML-3200E, FML-200F, FML-400F, FML-900F
FortiMail VM: FE-VM64, FE-VM64-HV, FE-VM64-XEN
FortiMail: FE-60D, FE-200D, FE-200E, FE-400E, FE-1000D, FE-2000E, FE-3000D, FE- 6.0
3000E, FE-3200E, FE-VM, FML-200F, FML-400F, FML-900F
FortiMail: FE-60D, FE-200D, FE-200E, FE-400C, FE-400E, FE-1000D, FE-2000B, FE- 5.4
2000E, FE-3000C, FE-3000E, FE-3200E
FortiMail Low Encryption: FE-3000C-LENC
FortiMail: FE-60D, FE-200D, FE-200E, FE-400C, FE-400E, FE-1000D, FE-2000B, FE- 5.3
2000E, FE-3000C, FE-3000D, FE-3000E, FE-3200E, FE-5002B
FortiMail Low Encryption: FE-3000C-LENC
FortiMail VM: FE-VM64, FE-VM64-HV, FE-VM64-XEN
FortiMail: FE-60D, FE-200D, FE-200E, FE-400C, FE-400E, FE-1000D, FE-2000B, FE- 5.2
3000C, FE-3000D, FE-5002B
FortiMail VM: FE-VM64, FE-VM64-HV, FE-VM64-XEN
FortiMail: FE-100C, FE-200D, FE-200E, FE-400B, FE-400C, FE-400E, FE-1000D, FE- 5.1
2000B, FE-3000C, FE-3000D, FE-5001A, FE-5002B
FortiMail VM: FE-VM64
FortiMail: FE-100C, FE-200D, FE-200E, FE-400B, FE-400C, FE-1000D, FE-2000A, FE- 5.0
2000B, FE-3000C, FE-3000D, FE-4000A, FE-5001A, FE-5002B
FortiMail VM: FE-VM64
FortiNAC models
FortiProxy models
FortiSandbox models
FortiWeb models
The following issues have been fixed in FortiAnalyzer version 6.4.6. For inquires about a particular bug, please contact
Customer Service & Support.
Device Manager
Bug ID Description
521774 Add and delete function for unregistered devices are greyed out even when the root ADOM is
locked.
613115 Device Manager view may show red icons for VDOMs even when the log is received.
622649 When a FortiGate HA device is deleted, their log files are not deleted.
676662 Collector may not be showing the same FortiGate device version as analyzer.
681419 Notification icon may still be present for hidden unauthorized devices.
Event Management
Bug ID Description
504426 Event list shall auto refreshed after events are acknowledged and Show Acknowledged is
disabled.
FortiSOC
Bug ID Description
685426 FortiAnalyzer should be able to see the incident that corresponds to events under the
incidents analysis page.
FortiView
Bug ID Description
633960 Filter is empty in request when drill-down Top Applications(FortiClient) view to Log View.
682485 Policy hit count may be shown as zero while there is traffic.
682657 FortiView may not refresh correctly after switching between ADOMs.
683580 The Not operation may not work for advanced filter.
684131 Top Sources response may be slow when filter by policy ID.
684193 Secure SD-WAN Monitor should not send request when device list fails to load.
688141 FortiAnalyzer should be able to apply multiple negative filters from the same type.
690895 FortiView > Monitors > Secure SD-WAN Monitor > SD-WAN Rules Utilization widget may
show No Data for some FortiGates.
692464 While retrieving IPS error log details, FortiAnalyzer may prompt XSS error.
692852 After upgrade, the Secure SD-WAN Monitor may have issues and show No Data for
Performance, Jitter, Latency, or Packet loss widget.
702268 When accessing from FortiGate, loading the FortiView page may be very slow when the
source is set as FortiAnalyzer.
708006 Monitors Endpoints does not show all FortiClient endpoints as in logs.
711810 SSL Dialup IPSec connection count may not match the connection list.
713083 FortiAnalyzer may show a No Data message for the Worldwide Threat Prevalence chart.
Log View
Bug ID Description
600083 Endpoint Identification should always show the same user tied to the same session.
652076 Log view may take a while to load with Custom Time Period.
660792 FortiAnalyzer-1000E may take a long time to download a filtered log view file.
686258 FortiAnalyzer may return No entry found when the Log View filter has many devices selected.
686924 Downloading CSV file contains tunnel-up and tunnel-down VPN logs from other
devices that belong to different ADOMs.
Bug ID Description
690922 The event logs filter should display logs only from its own VDOM.
694307 When increasing in memory usage, FortiAnalyzer may stop receiving logs via OFTP from
FortiGate devices.
704410 FortiAnalyzer may stop handling logs and the oftpd process becomes non-responsive.
Others
Bug ID Description
671711 SQL database rebuild may not start and return ERROR: sqlplugind(690):receiver.c:96: socket
70 poll() failed.
677494 FortiAnalyzer may return SQL query error when creating temporary table blklst during ioc-
rescan.
Workaround: Please set ioc-rescan days to less than database compression days.
682997 FortiAnalyzer may show fmgd crash during boot up after upgrade.
686491 Postgres may keep causing OoM with segmentation faults on multiple processes.
687809 Log insert lag time may go above 5 hours on a properly sized FortiAnalyzer.
693161 When frequently accessing different pages, FortiAnalyzer's GUI may become sluggish and
pages may not transition.
697654 FortiAnalyzer may return duplicated data within log view JSON response.
698780 FortiAnalyzer may intermittently provide empty response to FortiView JSON requests.
700562 When creating a system admin user using JSON API, FortiAnalyzer may return an error: The
data is invalid for selected url.
713826 The diagnose test application siemdbd 6 command may show wrong information
after removing the last ADOM with diagnose siem remove database.
Reports
Bug ID Description
713189 Dataset and Intrusions-Timeline-By-Severity, may not list low severity intrusions.
718579 While creating new or editing an Output Profile, the body section does not take any input.
720897 Scheduled Report may not run when the /tmp folder is full.
System Settings
Bug ID Description
560895 FortiAnalyzer should separate the Admin profile setting for Log and SoC views.
613526 FortiAnalyzer VM should prompt a warning when reaching the maximum ADOM limit.
631709 Email should successfully sent out from FortiAnalyzer with SMTPS TCP/465.
634253 ADOMs may disappear randomly from ADOM configuration while editing it.
668901 After enabling Collector mode, FortiAnalyzer may not show FortiView.
681321 Avatar may keep synchronizing which results in init sync cannot be finished.
685892 FortiAnalyzer is not sending SMTP EHLO message with fully-qualified hostname.
689824 After upgrade, log filter setting may set to Equal to for log forwarding.
691798 The secondary unit in FortiAnalyzer HA cluster may report HA cluster config-sync DOWN,
cause=keepalive failure every couple of days.
708047 They may be multiple devid, devname, or tz columns when log is forwarded in syslog.
The following issues have been identified in FortiAnalyzer version 6.4.6. For inquires about a particular bug or to report a
bug, please contact Fortinet Customer Service & Support.
Device Manager
Bug ID Description
639479 FortiGate v6.0 with sub-ca certificate may not be able to establish oftp connection with
FortiAnalyzer without sub-ca certificate.
696853 When manually adding a device in FortiNAC ADOM, version v8.8 is not listed in the version
option.
716486 FortiAnalyzer still populating unauthorized device list even after detect-unregistered-
log-device is set to disable.
Event Management
Bug ID Description
691220 Event handler may not be triggered correctly when there is more than one match.
FortiSOC
Bug ID Description
668942 A playbook running AV scan on endpoint may return error: failed results- can not find
parameters for connector.
FortiView
Bug ID Description
539298 Customer may not see data on cloud application bytes in FortiView.
579828 There may be bandwidth discrepancy under FortiView > Application & websites > Top
websites.
626530 Bytes Sent/Received should match between Top Destinations and Policy Hit charts under
FortiView when filtered by the same policy ID.
640553 FortiView monitor WiFi widget is not showing Bridged SSID information.
642837 The GUI should indicate if Sandbox detection only supports FortiGate in Fabric ADOM.
663930 Ports status may not be incorrect in Secure SD-WAN Monitor and SD-WAN Performance
status.
667076 FortiView Top Cloud Users may show no entry found message but there is a session graph
shown.
683525 The return lines may be incorrect after adding filters to Top Website Categories.
688537 Information End User located in Summary should match with time range and logs.
707480 Top Threats(FortiClient) may only display Threat level LOW and Allowed incidents.
721008 Threats > Compromised Hosts may not be able to acknowledge compromised hosts when the
end user is not a known IP.
Log View
Bug ID Description
608139 Opening compressed FortiClient traffic file on FortiAnalyzer may cause other compressed
FortiClient traffic logs fail to open.
633393 Some IPS archive files only contain BODY of Attack Context instead of the whole Attack
Context.
635598 FortiAnalyzer may not display Traffic Logs in Log View and return Web Server Error 500.
641013 After created ADOM for FortiMail, the ADOM is not visible on GUI and mail domain logs are
not going to the default FortiMail ADOM.
653765 Some log files under Log Browse may contain a mix of event and traffic messages.
Bug ID Description
674027 Filtering FortiClient event logs with wildcard UID filter returns no data.
704206 When filtering with Action and Source IP under the Traffic menu, the filter output may be
incorrect with the combination of smart action with any other field.
Others
Bug ID Description
616355 FortiGate may display SSL error or OFTP error when testing connectivity with FortiAnalyzer.
632971 FortiAnalyzer should have the ability to query CPU utilization on individual CPU core.
660810 FortiAnalyzer-200F rebuild may get stuck and sqllogd may crash due to insufficient memory.
701753 SIEM database should be trimmed at the same time when quota enforcement occurs.
724625 Upgrade from 6.4.6 to 7.0.0 will result in all configuration being lost.
Reports
Bug ID Description
628823 FortiAnalyzer is not generating all local Event logs for reports.
653207 FortiAnalyzer may have incorrect dataset queries without considering the direction field.
System Settings
Bug ID Description
629663 Free text filter does not work when using (~) tilde sign on syslog ADOM for the msg field.
638380 FortiAnalyzer may accept invalid which may break some widgets.
Bug ID Description
653371 CEF log forwarding start time does not match with event time.
669402 FortiAnalyzer may not time out admin a session after many hours.
717524 Users may not be able to add a username which contains a Slash "/" inside Device Log
Setting.
This section identifies the supported number of ADOMs for FortiAnalyzer hardware models and virtual machines.
See also the FortiAnalyzer Data Sheet.
Hardware models
Desktop models 1 - 1
150G Series 3 - 3
200F/300F/400E 25 - 25
300G Series 25 - 25
800F/1000F Series 50 - 50
Virtual Machines
Five (5) ADOMs are included with FortiAnalyzer VM subscription licenses. Licenses are non-stackable. Additional
ADOMs can be purchased with an ADOM subscription license.
FAZ-VM-BASE (1 GB/Day) 5