Change Log
| Date | Change Description |
| 2016-12-14 | Initial release of 5.4.2. |
| 2016-12-15 | Added 400028 to Known Issues and 389255 and 383563 to Resolved Issues. Noted that FortiAnalyzer supports Microsoft Hyper-V 2016 in the FortiAnalyzer VM Firmware section. |
Introduction
This document provides the following information for FortiAnalyzer version 5.4.2 build 1151:
l Supported models l What’s new in FortiAnalyzer version 5.4.2 l Special Notices l Upgrade Information l Product Integration and Support l Resolved Issues l Known Issues
For more information on upgrading your FortiAnalyzer device, see the FortiAnalyzer Upgrade Guide.
Supported models
FortiAnalyzer version 5.4.2 supports the following models:
| FortiAnalyzer | FAZ-200D, FAZ-300D, FAZ-400E, FAZ-1000D, FAZ-1000E, FAZ-2000B, FAZ-2000E, FAZ-3000D, FAZ-3000E, FAZ-3000F, FAZ-3500E, FAZ-3500F, FAZ-3900E, and FAZ4000B. |
| FortiAnalyzer VM | FAZ-VM64, FAZ-VM64-AWS, FAZ-VM64-Azure, FAZ-VM64-HV, FAZ-VM64-KVM, and FAZ-VM64-XEN (Citrix XenServer and Open Source Xen). |
Introduction What’s new in FortiAnalyzer version 5.4.2
What’s new in FortiAnalyzer version 5.4.2
The following is a list of new features and enhancements in FortiAnalyzer version 5.4.2.
Security Service—Indicators of Compromise
IOC Enhancement
Improved threat catch rate
FortiView
FortiView improvements
- Improved filters, refresh interval selection and summary headers on drilldown l Performance improvements
- Device-level hcache now supported in FortiView
Reports
SAAS Application Report
Default report template for monitoring sanctioned and unsanctioned SAAS applications
Cyber Threat Assessment Report
New report template for cyber threat assessment Report Usability Improvements
l Simplified template configuration l Streamlined report workflow
Event Management
Events Calendar View
Displays alerts on calendar with weekly/monthly views for quick access and intuitive event monitoring
What’s new in FortiAnalyzer version 5.4.2 Introduction
Log View
Add CVE-ID to Log View
Common Vulnerabilities and Exposures number (CVE ID) for known security threats added to Log View > Security > Intrusion Prevention
System Settings
Dashboard
New widget for collector mode to monitor log forwarding rate
Product Intgration
Support for FortiAuthenticator integration
Help
Links to how-to videos in the Help menu
Special Notices
This section highlights some of the operational changes that administrators should be aware of in FortiAnalyzer version 5.4.2.
IPsec connection to FortiOS for logging
FortiAnalyzer 5.4.2 no longer supports an IPsec connection with FortiOS 5.0/5.2. However UDP or TCP + reliable are supported.
Instead of IPsec, you can use the FortiOS reliable logging feature to encrypt logs and send them to FortiAnalyzer. You can enable the reliable logging feature on FortiOS by using the configure log fortianalyzer setting command. You can also control the encryption method on FortiOS by using the set encalgorithm default/high/low/disable command.
FortiAnalyzer 5.4.1 and earlier does support IPsec connection with FortiOS 5.0/5.2.
Datasets Related to Browse Time
FortiAnalyzer 5.4.2 contains enhancements to calculating the estimated browse time. Due to the changes, cloned datasets that query for browse time may not be able to return any results after upgrade.
System Configuration or VM License is Lost after Upgrade
When upgrading FortiAnalyzer from 5.4.0 or 5.4.1 to 5.4.2, it is imperative to reboot the unit before installing the
5.4.2 firmware image. Please see the FortiAnalyzer Upgrade Guide for details about upgrading. Otherwise, FortiAnalyzer may lose system configuration or VM license after upgrade. There are two options to recover the FortiAnalyzer unit:
- Reconfigure the system configuration or add VM license via CLI with execute add-vm-license <vm license>.
- Restore the 5.4.0 backup and upgrade to 5.4.2.
SSLv3 on FortiAnalyzer-VM64-AWS
Due to known vulnerabilities in the SSLv3 protocol, FortiAnalyzer-VM64-AWS only enables TLSv1 by default. All other models enable both TLSv1 and SSLv3. If you wish to disable SSLv3 support, please run:
config system global set ssl-protocol t1sv1 end
No support for remote SQL database Special Notices
No support for remote SQL database
Starting with FortiAnalyzer software versions 5.0.7 and 5.2.0, remote SQL database support will only cover the insertion of log data into the remote MySQL database. Historical log search and reporting capabilities, which rely on the remote SQL data, will no longer be supported.
Those wishing to use the full set of FortiAnalyzer features are encouraged to switch as soon as possible to storing SQL data locally on the FortiAnalyzer. The local database can be built based upon existing raw logs already stored on the FortiAnalyzer.
Pre-processing logic of ebtime
Logs with the following conditions met are considered usable for the calculation of estimated browsing time:
Traffic logs with logid of 13 or 2, when logid == 13, hostname must not be empty. The service field should be either HTTP, 80/TCP or 443/TCP.
If all above conditions are met, then devid, vdom, and user (srcip if user is empty) are combined as a key to identify a user. For time estimation, the current value of duration is calculated against history session start and end time, only un-overlapped part are used as the ebtime of the current log.
In version 5.0.5 or later, Explicit Proxy logs (logid=10) are checked when calculating the estimated browsing time.
Log Aggregation or Forwarding
Log aggregation or forwarding works from 5.4 to 5.4 or 5.4.1 to 5.4.1. Please use the same FortiAnalyzer version on all the units. Other FortiAnalyzer versions not supported.
Upgrade Information
Upgrading to FortiAnalyzer 5.4.2
You can upgrade FortiAnalyzer 5.2.0 or later directly to 5.4.2.If you are upgrading from versions earlier than 5.2.0, you will need to upgrade to FortiAnalyzer 5.2 first. (We recommend that you upgrade to 5.2.9, the latest version of FortiAnalyzer 5.2.)
Downgrading to previous versions
FortiAnalyzer does not provide a full downgrade path. You can downgrade to a previous firmware release via the GUI or CLI, but doing so results in configuration loss. A system reset is required after the firmware downgrading process has completed. To reset the system, use the following CLI commands via a console port connection:
execute reset all-settings execute format {disk | disk-ext4}
Firmware image checksums
The MD5 checksums for all Fortinet software and firmware releases are available at the Customer Service &
Support portal, https://support.fortinet.com. To verify the integrity of the download, select the Checksum link next to the HTTPS download link. A dialog box will be displayed with the image file name and checksum code. Compare this checksum with the checksum of the firmware image.
FortiAnalyzer VM firmware
Fortinet provides FortiAnalyzer VM firmware images for Amazon AWS, Citrix and Open Source XenServer, Linux KVM, Microsoft Hyper-V Server, and VMware ESX/ESXi virtualization environments.
Amazon Web Services l The 64-bit Amazon Machine Image (AMI) is available on the AWS marketplace.
FortiAnalyzer VM firmware Upgrade Information
Citrix XenServer and Open Source XenServer
- .out: Download the 64-bit firmware image to upgrade your existing FortiAnalyzer VM installation.
- .out.OpenXen.zip: Download the 64-bit package for a new FortiAnalyzer VM installation. This package contains the QCOW2 file for the Open Source Xen Server.
- .out.CitrixXen.zip: Download the 64-bit package for a new FortiAnalyzer VM installation. This package contains the Citrix XenServer Disk (VHD), and OVF files.
Linux KVM
- .out: Download the 64-bit firmware image to upgrade your existing FortiAnalyzer VM installation.
- .out.kvm.zip: Download the 64-bit package for a new FortiAnalyzer VM installation. This package contains QCOW2 that can be used by qemu.
Microsoft Azure
The files for Microsoft Azure have AZURE in the filenames, for example FAZ_VM64_AZURE-v<number>build<number>-FORTINET.out.hyperv.zip.
- .out: Download the firmware image to upgrade your existing FortiAnalyzer VM installation.
- .hyperv.zip: Download the package for a new FortiAnalyzer VM installation. This package contains a Virtual Hard Disk (VHD) file for Microsoft Azure.
Microsoft Hyper-V Server
The files for Microsoft Hyper-V Server have HV in the filenames, for example, FAZ_VM64_HV-v<number>build<number>-FORTINET.out.hyperv.zip.
- .out: Download the firmware image to upgrade your existing FortiAnalyzer VM installation.
- .hyperv.zip: Download the package for a new FortiAnalyzer VM installation. This package contains a Virtual Hard Disk (VHD) file for Microsoft Hyper-V Server.
VMware ESX/ESXi
- .out: Download either the 64-bit firmware image to upgrade your existing VM installation.
- .ovf.zip: Download either the 64-bit package for a new VM installation. This package contains an Open Virtualization Format (OVF) file for VMware and two Virtual Machine Disk Format (VMDK) files used by the OVF file during deployment.
For more information see the FortiManager product data sheet available on the Fortinet web site, http://www.fortinet.com/products/fortimanager/virtual-securitymanagement.html. VM installation guides are available in the Fortinet Document Library.
Upgrade Information SNMP MIB files
SNMP MIB files
You can download the FORTINET-FORTIMANAGER-FORTIANALYZER.mib MIB file in the firmware image file folder. The Fortinet Core MIB file is located in the main FortiAnalyzer v5.00 file folder.
Product Integration and Support
FortiAnalyzer version 5.4.2 support
The following table lists FortiAnalyzer version 5.4.2 product integration and support information:
| Web Browsers | l Microsoft Internet Explorer version 11 l Mozilla Firefox version 50 l Google Chrome version 54
Other web browsers may function correctly, but are not supported by Fortinet. |
| FortiOS/FortiOS Carrier | l 5.4.0 to 5.4.2 l 5.2.0 to 5.2.10 l 5.0.4 to 5.0.12 l 4.3.2 to 4.3.18 |
| FortiAnalyzer | l 5.4.0 to 5.4.2 l 5.2.0 to 5.2.9 l 5.0.0 to 5.0.13 |
| FortiCache | l 4.1.3 l 4.0.4 |
| FortiClient | l 5.2.0 and later l 5.0.4 and later |
| FortiMail | l 5.3.8 l 5.2.9 l 5.1.6 l 5.0.10 |
| FortiManager | l 5.4.0 to 5.4.2 l 5.2.0 and later l 5.0.0 and later |
Feature support
| FortiSandbox | l 2.3.2 l 2.2.2 l 2.1.3 l 2.0.3 l 1.4.0 and later l 1.3.0 l 1.2.0 and 1.2.3 | |
| FortiSwitch ATCA | l 5.0.0 and later l 4.3.0 and later l 4.2.0 and later | |
| FortiWeb | l 5.6.0 l 5.5.4 l 5.4.1 l 5.3.8 l 5.2.4 l 5.1.4 l 5.0.6 | |
| FortiDDoS | l 4.2.3 l 4.1.12 | |
| FortiAuthenticator | l 4.2.0 | |
| Virtualization | l Amazon Web Service AMI, Amazon EC2, Amazon EBS l Citrix XenServer 6.2 l Linux KVM Redhat 6.5 l Microsoft Azure l Microsoft Hyper-V Server 2008 R2, 2012 & 2012 R2 l OpenSource XenServer 4.2.5 l VMware:
l ESX versions 4.0 and 4.1 l ESXi versions 4.0, 4.1, 5.0, 5.1, 5.5, and 6.0 |
Feature support
The following table lists FortiAnalyzer feature support for log devices.
FortiGate Management
| Platform | Log View | FortiView | Event Management | Reports |
| FortiGate | ü | ü | ü | ü |
| FortiCarrier | ü | ü | ü | ü |
| FortiAnalyzer | ü | ü | ||
| FortiCache | ü | ü | ü | |
| FortiClient registered to FortiGate | ü | ü | ü | |
| FortiClient registered to FortiClient EMS | ü | ü | ü | |
| FortiDDoS | ü | ü | ü | ü |
| FortiMail | ü | ü | ü | |
| FortiManager | ü | ü | ||
| FortiSandbox | ü | ü | ü | |
| FortiWeb | ü | ü | ü | |
| Syslog | ü | ü |
FortiGate Management
You can enable FortiManager features on some FortiAnalyzer models. FortiAnalyzer models with FortiManager features enabled can manage a small number of FortiGate devices, and all but a few FortiManager features are enabled on FortiAnalyzer. The following table lists the supported modules for FortiAnalyzer with FortiManager Features enabled:
| FortiManager Management Modules | FortiAnalyzer with FortiManager Features
Enabled |
| Device Manager | ü |
| Policy & Objects | ü |
| AP Manager | ü |
Language support
| FortiManager Management Modules | FortiAnalyzer with FortiManager Features
Enabled |
| FortiClient Manager | ü |
| VPN Manager | ü |
| FortiGuard | |
| FortiMeter | |
| FGT-VM License Activation |
Language support
The following table lists FortiAnalyzer language support information.
| Language | GUI | Reports |
| English | ü | ü |
| Chinese (Simplified) | ü | ü |
| Chinese (Traditional) | ü | ü |
| French | ü | |
| Hebrew | ü | |
| Hungarian | ü | |
| Japanese | ü | ü |
| Korean | ü | ü |
| Portuguese | ü | |
| Russian | ü | |
| Spanish | ü |
To change the FortiAnalyzer language setting, go to System Settings > Admin > Admin Settings, in Administrative Settings > Language select the desired language from the drop-down list. The default value is Auto Detect.
Russian, Hebrew, and Hungarian are not included in the default report languages. You can import language translation files for these languages via the command line interface using one of the following commands:
execute sql-report import-lang <language name> <ftp> <server IP address> <user name> <password> <file name>
execute sql-report import-lang <language name> <sftp <server IP address> <user name>
<password> <file name> execute sql-report import-lang <language name> <scp> <server IP address> <user name>
<password> <file name> execute sql-report import-lang <language name> <tftp> <server IP address> <file name> For more information, see the FortiAnalyzer CLI Reference.
Supported models
The following tables list which FortiGate, FortiCarrier, FortiDDoS, FortiAnalyzer, FortiMail, FortiManager, FortiWeb, FortiCache, and FortiSandbox models and firmware versions can log to a FortiAnalyzer appliance running version 5.4.2. Please ensure that the log devices are supported before completing the upgrade.
FortiGate models
| Model | Firmware Version |
| FortiGate: FG-30D, FG-30D-POE, FG-30E, FG-30E-3G4G-INTL, FG-30E-
3G4G-NAM, FG-50E, FG-51E, FG-52E, FG-60D, FG-60D-POE, FG-60E, FG-61E, FG-70D, FG-70D-POE, FG-80C, FG-80CM, FG-80D, FG-90D, FG-90D-POE,FG-90E, FG-91E, FG-92D, FG-94D-POE, FG-98D-POE, FG- 100D, FG-100E, FG-101E, FG-140D, FG-140D-POE, FG-200D, FG-200DPOE, FG-240D, FG-240D-POE, FG-280D-POE, FG-200E, FG-201E, FGT- 300D, FG-400D, FG-500D, FG-600C, FG-600D, FG-800C, FG-800D, FG- 900D, FG-1000C, FG-1000D, FG-1200D, FG-1500D, FG-1500DT, FG- 3000D, FG-3100D, FG-3200D, FG-3240C, FG-3600C, FG-3700D, FG3700DX, FG-3810D, FG-3815D, FG-2000E, FG-2500E, FG 3800D, FG7040E-1, FG-7040E-2, FG-7040E-3, FG-7040E-4, FG-7040E-5,FG-7040E6, FG-7060E-1, FG-7060E-2, FG-7060E-3, FG-7060E-4, FG-7060E-5,FG7060E-6 FortiGate 5000 Series: FG-5001C, FG-5001D FortiGate DC: FG-80C-DC, FG-600C-DC, FG-800C-DC, FG-1000C-DC, FG-1500D-DC, FG-3000D-DC, FG-3100D-DC, FG-3200D-DC, FG-3240CDC, FG-3600C-DC, FG-3700D-DC, FG-3800D-DC, FG-3810D-DC FortiGate Low Encryption: FG-80C-LENC, FG-100D-LENC, FG-600CLENC, FG-1000C-LENC FortiWiFi: FWF-30D, FWF-30E, FWF-30E-3G4G-INTL, FWF-30E-3G4G- NAM, FWF-50E, FWF-50E-2R, FWF-51E, FWF-30D-POE, FWF-60D, FWF-60D-POE, FWF-90D, FWF-90D-POE, FWF-92D, FWF-60E, FWF61E, FWF-80CM, FWF-81CM FortiGate VM: FG-VM, FG-VM64, FG-VM64-AWS, FG-VM64AWSONDEMAND, FG-VM64-HV, FG-VM64-KVM, FG-VM64-XEN, FGVMX-Service-Manager FortiGate Rugged: FGR-30D, FGR-35D, FGR-60D, FGR-90D |
5.4 |
| Model | Firmware Version |
| FortiGate: FG-20C, FG-20C-ADSL-A, FG-30D, FG-30D-POE, FG-40C,
FG-60C, FG-60C-POE, FG-60C-SFP, FG-60D, FG-60D-3G4G-VZW, FG- 60D-POE, FG-70D, FG-70D-POE, FG-80C, FG-80CM, FG-80D, FG-90D, FG-90D-POE, FG-92D, FG-94D-POE, FG-98D-POE, FG-100D, FG-110C, FG-111C, FG-140D, FG-140D-POE, FG-140D-POE-T1, FG-200B, FG200B-POE, FG-200D, FG-200D-POE, FG-240D, FG-240D-POE, FG-280D- POE, FG-300C, FG-300D, FG-310B, FG-311B, FG-400D, FG-500D, FG600D, FG-900D, FG-600C, FG-620B, FG-621B, FG-800C, FG-800D, FG- 1000C, FG-1000D, FG-1200D, FG-1240B, FG-1500D, FG-1500DT, FG- 3000D, FG-3016B, FG-3040B, FG-3100D, FG-3140B, FG-3200D, FG- 3240C, FG-3600C,FG-3700D, FG-3700DX, FG-3810A, FG-3810D, FG3815D, FG-3950B, FG-3951B FortiGate 5000 Series: FG-5001A, FG-5001A-SW, FG-5001A-LENC, FG5001A-DW-LENC, FG-5001A-SW-LENC, FG-5001B, FG-5001C, FG5001D, FG-5101C FortiGate DC: FG-80C-DC, FG-300C-DC, FG-310B-DC, FG-600C-DC, FG-620B-DC, FG-621B-DC, FG-800C-DC, FG-1000C-DC, FG-1240B-DC, FGT-1500D-DC, FG-3000D-DC, FG-3040B-DC, FG-3100D-DC, FG-3140B- DC, FG-3200D-DC, FG-3240C-DC, FG-3600C-DC, G-3700D-DC, FG3810A-DC, FG-3810D-DC, FG-3815D-DC, FG-3950B-DC, FG-3951B-DC FortiGate Low Encryption: FG-20C-LENC, FG-40C-LENC, FG-60CLENC, FG-80C-LENC, FG-100D-LENC, FG-200B-LENC, FG-300C-LENC, FG-620B-LENC, FG-1000C-LENC, FG-1240B-LENC, FG-3040B-LENC, FG-310B-LENC, FG-600C-LENC, FG-3140B-LENC, FG-3810A-LENC, FG3950B-LENC FortiWiFi: FWF-20C, FWF-20C-ADSL-A, FWF-30D, FWF-30D-POE, FWF- 40C, FWF-60C, FWF-60CM, FWF-60CX-ADSL-A, FWF-60D, FWF-60D3G4G-VZW, FWF-60D-POE, FWF-80CM, FWF-81CM, FWF-90D, FWF90D-POE, FWF-92D FortiGate Rugged: FGR-60D, FGR-100C FortiGate VM: FG-VM-Azure, FG-VM, FG-VM64, FG-VM64-HV, FG- VM64-KVM, FG-VM64-XEN FortiSwitch: FS-5203B, FCT-5902D |
5.2 |
| Model | Firmware Version |
| FortiGate: FG-20C, FG-20C-ADSL-A, FG-30D, FG-30D-POE, FG-40C,
FG-60C, FG-60C-POE, FG-60C-SFP, FG-60D, FG-60D-3G4G-VZW, FG- 60D-POE, FG-70D, FG-70D-POE, FG-80C, FG-80CM, FG-80D, FG-90D, FG-90D-POE, FG-92D, FG-94D-POE, FG-98D-POE, FG-100D, FG-110C, FG-111C, FG-140D, FG-140D-POE, FG-140D-POE-T1, FG-200B, FG200B-POE, FG-200D, FG-200D-POE, FG-240D, FG-240D-POE, FG-280D- POE, FG-300C, FG-300D, FG-310B, FG-311B, FG-500D, FG-600C, FG- 620B, FG-621B, FG-700D, FG-800C, FG-900D, FG-1000C, FG-1000D, FG-1200D, FG-1240B, FG-1500D, FG-3000D, FG-3016B, FG-3040B, FG- 3100D, FG-3140B, FG-3200D, FG-3240C, FG-3600C, FG-3700D, FG3810A, FG-3950B, FG-3951B FortiGate 5000 Series: FG-5001A, FG-5001A-SW, FG-5001A-LENC, FG5001A-DW-LENC, FG-5001A-SW-LENC, FG-5001B, FG-5001C, FG5001D, FG-5101C FortiGate DC: FG-80C-DC, FG-300C-DC, FG-310B-DC, FG-600C-DC, FG-620B-DC, FG-621B-DC, FG-800C-DC, FG-1000C-DC, FG-1240B-DC, FG-3000D-DC, FG-3040B-DC, FG-3100D-DC, FG-3140B-DC, FG-3200D- DC, FG-3240C-DC, FG-3600C-DC, FG-3700D-DC, FG-3810A-DC, FG3950B-DC, FG-3951B-DC FortiGate Low Encryption: FG-20C-LENC, FG-40C-LENC, FG-60CLENC, FG-80C-LENC, FG-100D-LENC, FG-200B-LENC, FG-300C-LENC, FG-310B-LENC, FG-600C-LENC, FG-620B-LENC, FG-1000C-LENC, FG- 1240B-LENC, FG-3040B-LENC, FG-3140B-LENC, FG-3810A-LENC, FG3950B-LENC FortiWiFi:FWF-20C, FWF-20C-ADSL-A, FWF-30D, FWF-30D-POE, FWF- 40C, FWF-60C, FWF-60CM, FWF-60CX-ADSL-A, FWF-60D, FWF-60DPOE, FWF-60D-3G4G-VZW, FWF-80CM, FWF-81CM, FWF-90D, FWF90D-POE, FWF-92D FortiGate Rugged: FGR-60D, FGR-90D, FGR-100C FortiGateVoice: FGV-40D2, FGV-70D4 FortiGate VM: FG-VM, FG-VM64, FG-VM64-AWS, FG-VM64AWSONDEMAND, FG-VM64-HV, FG-VM64-KVM, FG-VM64-XEN FortiSwitch: FS-5203B |
5.0 |
FortiCarrier Models
| Model | Firmware Version |
| FortiCarrier: FCR-3000D, FCR-3100D, FCR-3200D, FCR-3700D, FCR3700DX, FCR-3800D, FCR-3810D, FCR-3815D, FCR-5001C, FCR-5001D,
FCR-3000D-DC, FCR-3100D-DC, FCR-3200D-DC, FCR-3240C, FCR3600C, FCR-3700D-DC, FCR-3810D-DC, FCR-5001C FortiCarrier DC: FCR-3000D-DC, FCR-3100D-DC, FCR-3200D-DC, FCR- 3240C-DC, FCR-3600C-DC, FCR-3700D-DC, FCR-3810D-DC, FCR3815D-DC FortiCarrier VM: FCR-VM, FCR-VM64, FCR-VM64-AWS, FCR-VM64AWSONDEMAND, FCR-VM64-HV, FCR-VM64-KVM |
5.4 |
| FortiCarrier: FCR-3000D, FCR-3100D, FCR-3200D, FCR-3240C, FCR3600C, FCR-3700D, FCR-3700DX, FCR-3810A, FCR-3810D, FCR-3815D,
FCR-3950B, FCR-3951B, FCR-5001A, FCR-5001B, FCR-5001C,FCR5001D, FCR-5101C, FCR5203B, FCR-5902D FortiCarrier DC: FCR-3000D-DC, FCR-3100D-DC, FCR-3200D-DC, FCR- 3700D-DC, FCR-3810D-DC FortiCarrier Low Encryption: FCR-5001A-DW-LENC FortiCarrier VM: FCR-VM, FCR-VM64, FCR-VM64-HV, FCR-VM64-KVM, FCR-Vm64-XEN, FCR-VM64-AWSONDEMAND |
5.2 |
| FortiCarrier: FCR-3240C, FCR-3600C, FCR-3810A, FCR-3950B, FCR3951B, FCR-5001A, FCR-5001B, FCR-5001C, FCR-5001D, FCR-5101C
FortiCarrier DC: FCR-3240C-DC, FCR-3600C-DC, FCR-3810A-DC, FCR- 3950B-DC, FCR-3951B-DC FortiCarrier Low Encryption: FCR-5001A-DW-LENC FortiCarrier VM: FCR-VM, FCR-VM64 |
5.0 |
FortiDDoS models
| Model | Firmware Version |
| FortiDDoS: FI-200B, FI-400B, FI-600B, FI-800B, FI-900B, FI-1000B, FI1200B, FI-2000B | 4.2, 4.1, 4.0 |
FortiAnalyzer models
| Model | Firmware Version |
| FortiAnalyzer: FAZ-200D, FAZ-300D, FAZ-400E, FAZ-1000D, FAZ1000E, FAZ-2000B, FAZ-2000E, FAZ-3000D, FAZ-3000E, FAZ-3000F, FAZ-3500E, FAZ-3500F, FAZ-3900E, and FAZ-4000B.
FortiAnalyzer VM: FAZ-VM64, FAZ-VM64-Azure, FAZ-VM64-HV, FAZVM64-XEN (Citrix XenServer and Open Source Xen), FAZ-VM64-KVM, and FAZ-VM64-AWS. |
5.4 |
| FortiAnalyzer: FAZ-100C, FAZ-200D, FAZ-200E, FAZ-300D, FAZ-400C,
FAZ-400E, FAZ-1000C, FAZ-1000D, FAZ-1000E, FAZ-2000B, FAZ-3000D, FAZ-3000E, FAZ-3000F, FAZ-3500E, FAZ-3500F, FAZ-3900E, FAZ-4000B FortiAnalyzer VM: FAZ-VM, FAZ-VM-AWS, FAZ-VM64, FAZ-VM64- Azure, FAZ-VM64-HV, FAZ-VM64-KVM, FAZ-VM64-XEN |
5.2 |
| FortiAnalyzer: FAZ-100C, FAZ-200D, FAZ-200E, FAZ-300D, FAZ-400B,
FAZ-400C, FAZ-400E, FAZ-1000B, FAZ-1000C, FAZ-1000D, FAZ-1000E, FAZ-2000A, FAZ-2000B, FAZ-3000D, FAZ-3000E, FAZ-3000F, FAZ3500E, FAZ-3500F, FAZ-4000A, FAZ-4000B FortiAnalyzer VM: FAZ-VM, FAZ-VM64, FAZ-VM64-AWS, FAZ-VM64- Azure, FAZ-VM64-HV, FAZ-VM-KVM, FAZ-VM-XEN |
5.0 |
FortiMail models
| Model | Firmware Version |
| FortiMail: FE-60D, FE-200D, FE-200E, FE-400C, FE-400E, FE-1000D, FE-
2000B, FE-2000E, FE-3000C, FE-3000D, FE-3000E, FE-3200E, FE-5002B FortiMail Low Encryption: FE-3000C-LENC FortiMail VM: FE-VM64, FE-VM64-HV, FE-VM64-XEN |
5.3.7 |
| FortiMail: FE-60D, FE-200D, FE-200E, FE-400C, FE-400E, FE-1000D, FE2000B, FE-3000C, FE-3000D, FE-5002B
FortiMail VM: FE-VM64, FE-VM64-HV, FE-VM64-XEN |
5.2.8 |
| FortiMail: FE-100C, FE-200D, FE-200E, FE-400B, FE-400C, FE-400E, FE-
1000D, FE-2000B, FE-3000C, FE-3000D, FE-5001A, FE-5002B FortiMail VM: FE-VM64 |
5.1.6 |
| FortiMail: FE-100C, FE-200D, FE-200E, FE-400B, FE-400C, FE-1000D,
FE-2000A, FE-2000B, FE-3000C, FE-3000D, FE-4000A, FE-5001A, FE5002B FortiMail VM: FE-VM64 |
5.0.10 |
FortiSandbox models
| Model | Firmware Version |
| FortiSandbox: FSA-1000D, FSA-3000D, FSA-3000E, FSA-3500D
FortiSandbox VM: FSA-VM |
2.3.2 |
| FortiSandbox: FSA-1000D, FSA-3000D, FSA-3500D
FortiSandbox VM: FSA-VM |
2.2.0
2.1.0 |
| FortiSandbox: FSA-1000D, FSA-3000D
FortiSandbox VM: FSA-VM |
2.0.0
1.4.2 |
| FortiSandbox: FSA-1000D, FSA-3000D | 1.4.0 and 1.4.1
1.3.0 1.2.0 and later |
FortiSwitch ACTA models
| Model | Firmware Version |
| FortiController: FTCL-5103B, FTCL-5902D, FTCL-5903C, FTCL-59 | 5.2.0 |
| FortiSwitch-ATCA: FS-5003A, FS-5003B
FortiController: FTCL-5103B, FTCL-5903C, FTCL-5913C |
5.0.0 |
| FortiSwitch-ATCA: FS-5003A, FS-5003B | 4.3.0
4.2.0 |
FortiWeb models
| Model | Firmware Version |
| FortiWeb: FWB-2000E | 5.6.0 |
| FortiWeb: FWB-100D, FWB-400C, FWB-400D, FWB-1000C, FWB-1000D,
FWB-3000C, FWB-3000CFSX, FWB-3000D, FWB-3000DFSX, FWB3000E, FWB-3010E, FWB-4000C, FWB-4000D, FWB-4000E FortiWeb VM: FWB-VM-64, FWB-XENAWS, FWB-XENOPEN, FWB- XENSERVER, FWB-HYPERV, FWB-KVM, FWB-AZURE |
5.5.3 |
| Model | Firmware Version |
| FortiWeb: FWB-100D, FWB-400C, FWB-1000C, FWB-3000C, FWB3000CFSX, FWB-3000D, FWB-3000DFSX, FWB-3000E, FWB-4000C, FWB-4000D, FWB-4000E
FortiWeb VM: FWB-VM64, FWB-XENAWS, FWB-XENOPEN, FWB- XENSERVER, FWB-HYPERV |
5.4.1 |
| FortiWeb: FWB-100D, FWB-400B, FWB-400C, FWB-1000B, FWB-1000C,
FWB-1000D, FWB-3000C, FWB-3000CFSX, FWB-3000D, FWB3000DFSX, FWB-3000E, FWB-4000C, FWB-4000D, FWB-4000E FortiWeb VM: FWB-VM64, FWB-XENAWS, FWB-XENOPEN, FWB- XENSERVER, and FWB-HYPERV |
5.3.8 |
| FortiWeb: FWB-100D, FWB-400B, FWB-400C, FWB-1000B, FWB-1000C,
FWB-1000D, FWB-3000C, FWB-3000CFSX, FWB-3000D, FWB3000DFSX, FWB-3000E, FWB-4000C, FWB-4000D, FWB-4000E FortiWeb VM: FWB-VM64, FWB-HYPERV,FWB-XENAWS, FWBXENOPEN, FWB-XENSERVER |
5.2.4 |
FortiCache models
| Model | Firmware Version |
| FortiCache: FCH-400C, FCH-400E, FCH-1000C, FCH-1000D, FCH3000C, FCH-3000D, FCH-3900E FortiCache VM: FCH-VM64 | 4.0 |
Resolved Issues
The following issues have been fixed in FortiAnalyzer version 5.4.2. For inquires about a particular bug, please contact Customer Service & Support.
Device Manager
| Bug ID | Description |
| 382383 | When there are many unregistered devices, they may intermittently disconnect from FortiAnalyzer. |
| 382811 | FortiAnalyzer should be able to sustain stable connections with more than 3500 devices and able to receive logs successfully. |
| 306276 | FortiCarrier ADOM should not be displayed when no device is registered. |
FortiView
| Bug ID | Description |
| 217103 | FortiAnalyzer should allow users to view or download the Application Control archive files. |
| 233869 | There should be an option to clear search history. |
| 371773 | There may be performance issues to view logs when using the scroll bar. |
| 379612 | The filter, [-msg=”Virtual cluster’s vdom is added”], should display the relevant logs in the Log View. |
| 379977 | FortiAnalyzer cannot filter out users for SSL & Dialup IPSec VPNs. |
| 382557 | Drop box may become too narrow to view and select FortiGate device. |
| 386279 | Users need to click on the Go button twice before the log time frame is updated. |
| 308171 | Aggregated Dialed Time is incorrectly calculated in VPN-Top-Dial-Up and VPN-Users-ByDuration datasets. |
| 387209 | FortiGate devices that query FortiGuard should not be flagged as highly suspicious. |
| 390173 | FortiAnalyzer is unable to display part of the DLP content. |
Logging Resolved Issues
| Bug ID | Description |
| 395191 | UTM Deny logs are displayed with no action on FortiAnalyzer’s GUI. |
| 397036 | FortiAnalyzer should accept more characters for log view and policy search. |
Logging
| Bug ID | Description |
| 373262 | FortiAnalyzer should allow users to specify the invoke time to auto delete logs. |
| 381559 | HA device logs are not received in aggregation mode. |
| 383238 | FortiAnalyzer should increase the limit for the number of aggregated clients. |
| 393615 | When using wildcard in the second or third octet for source IP in the Log View filter, incorrect results are returned. |
Reporting
| Bug ID | Description |
| 248563 | Within the WiFi Network Summary report, AP Name should be the FortiAP’s name instead of the VAP interface’s name. |
| 373718 | Reports show devices with their serial numbers instead of hostnames. |
| 377589 | Blocked sites should not be counted within the Top 50 Site By Browsing Time. |
| 383251 | Reports may not contain any user data when a user filter is applied. |
| 234007 | Estimated browsing time dataset should pull log data according to time period specified. |
| 383955 | GUI fails to display chart library if there is a chart with invalid table columns. |
| 397822 | Users may not be able to generate custom reports after resizing FAZ-VM disk and rebuilding DB. |
| 391482 | User changes on LDAP server may not get updated on FortiAnalyzer for the user filter in reports. |
Resolved Issues System Settings
System Settings
| Bug ID | Description |
| 386865 | Sorting for Analytics or Archive does not work on the Storage Info page. |
| 391076 | Qmail server is rejecting Email from FortiAnalyzer as the mail body contains bare LFs. |
| 366224 | FortiAnalyzer generates invalid Event logs on auto deleting policy from ADOM. |
| Bug ID | Description |
| 384180 | FortiAnalyzer 5.4.2 is no longer vulnerable to the following TMP Reference:
2016-0023 Visit https://fortiguard.com/psirt for more information. |
| 380634 | FortiAnalyzer 5.4.2 is no longer vulnerable to the following CVE-Reference:
2016-5387 Visit https://fortiguard.com/psirt for more information. |
Others
| Bug ID | Description |
| 365639 | The XML call to searchFazLog does not return the pktlog information. |
| 366332 | Logs are not imported when there are more than 1000 log files. |
| 376758 | FortiAnalyzer needs a diagnostic command to show supported platforms. |
| 388071 | FortiAnalyzer may not be able to render a proper web GUI page when making a change. |
| 389137 | Port 8900 and 8901 may be open without being in use. |
| 391900 | Scheduled log ftp backup may not be successful. |
Common Vulnerabilities and Exposures
Common Vulnerabilities and Exposures Resolved Issues
| Bug ID | Description |
| 389255 | FortiAnalyzer5.4.2 is no longer vulnerable to the following CVE-References:
l 2016-6308 l 2016-6307 l 2016-6306 l 2016-6305 l 2016-6304 l 2016-6303 l 2016-6302 l 2016-2183 l 2016-2182 l 2016-2181 l 2016-2179 l 2016-2178 l 2016-2177 Visit https://fortiguard.com/psirt for more information. |
| 383563 | FortiAnalyzer 5.4.2 is no longer vulnerable to the following CVE-Reference:
l 2016-5696 Visit https://fortiguard.com/psirt for more information. |
Known Issues
The following issues have been identified in FortiAnalyzer version 5.4.2. For inquires about a particular bug or to report a bug, please contact Fortinet Customer Service & Support.
FortiView
| Bug ID | Description |
| 396699 | Filter should be persistent when changing view from formatted log to raw log or vice versa. |
| Bug ID | Description |
| 395243 | FortiAnalyzer should correctly show the local user and radius wildcard user who is performing delete, download, or import log file actions from Log Browse. |
| 396417 | Test Emails fails when the recipient has a different domain than the account configured under SMTP server settings. |
Logging
| Bug ID | Description |
| 388185 | Log files for Router should include IP addresses for sites that have multiple addresses. |
| 389592 | Filter does not return any results if message is part of the filter. |
| 400028 | Policy UUID is not inserted into SQL DB |
Reporting
| Bug ID | Description |
| 390502 | FortiAnalyzer should allow cloning of the pre-defined reports: User Top 500 Websites by Bandwidth and User Top 500 Websites by Session. |