What’s new in Release 4.2.3
This release addresses several issues and enhancements on top of 4.2.2 release.
Note: To upgrade to this release, migrate to 4.2.1 first and then upgrade to 4.2.3. It is not possible to directly upgrade from 3.7.x or earlier releases to 4.2.2 because of the Linux Operating System changes.
The following are the key issues that are addressed in this release:
Bug 9211: Windows log and metric pulling via WMI has been optimized to be roughly 4x faster and more robust
Bug 11459: Checkpoint LEA log collection agent occasionally restarts
Bug 11631: VMware log pulling sometimes stops after encountering an exception in the API
Bug 11699: QueryMaster module memory grows to be large when there are over large number of devices (over 2500) in summary dashboard.
Other addressed issues include the following:
General GUI related fixes and enhancements
Bug 11353: App server stops picking discovery result xml files when malware site/IP auto update failed
Bug 11517: Windows server version in device selector UI can not be seen completely
Bug 11526: Delete custom event attribute or custom event type – the custom dashboard column not removed
Bug 11586: Footer shows wrong language when browser’s OS language is not in English
Bug 11654: Custom Property Attribute not populating in query conditions
Bug 11655: CMDB/Performance page shows CPU green at 100% utilization
Bug 11735: App Server Exception for incidents with custom event attribute causes performance issues
Platform related fixes and enhancements
Bug 11435: Handle error: “File does not exist: /var/www/html/favicon.ico”
Bug 11574: Include misc debugging tools: nfsiostat, iostat, screen, ntop
Bug 11812: Custom group is not editable after migration
Performance Monitoring / STM related fixes and enhancements
Bug 11336: Add sent bits/sec and received bits/sec to Netflow metrics
Bug 11410: Nessus vulnerability scanner reports are not parsed correctly
Bug 11422: Add “Diff” system transform for custom SNMP and WMI performance monitoring
Bug 11426: Possible memory leak issue in VMware performance pulling agent
Bug 11428: Add use cases for Linux syslog monitoring – detect “yum update”, system going down, network interface up/down, process killed by kernel because of out of memory
Bug 11449: The NMAP check during Flow based service detection can cause unnecessary probing traffic from AccelOps. Remove the nmap test or make it optional.
Bug 11450: VMware monitoring enhancements:
Add Cluster names and VCenter IP to all VMware host events
Add Folder to show VM performance metrics on the right hand side in VMware view
Add folder information to VMware guest and ESX events
Capture VMware tools version including it is out of date or not Add cluster balance information
Bug 11470: Exclude Mounted Volumes from disk space monitoring at client machine. The mounted volume disk space has to be monitored at the server side.
Bug 11620: Some interfaces (like Serial) have send/recv bytes only from regular IF-MIB and not from high speed MIB; so need to pick interface speed from regular IF-MIB and not from high speed MIB. Currently speed for T1 interfaces is picked from high speed MIB and so it is 2Mbps instead of 1536Mbps.
Rule / Query / Report Engine related fixes and enhancements
Bug 10934: The rule “Concurrent VPN Authentications To Same Account From Different Cities” need to be enhanced to cover the case where user attribute is not present in the log.
Bug 11360: Some pre-defined rules does not map Reporting IP to Destination IP in incident events – this may cause notification policy to trigger
Bug 11456: Include Reporting IP for consideration in Notification policy > Affected Objects. Currently Affected Object check includes only Destination IP and Host IP.
Bug 11483: Rule synch – new worker causes performance issues
Bug 11594: Should restart phRuleMaster when failed to retrieve rule exception
Bug 11775: Incident fails to trigger when host name contains special characters which are not acceptable in XML e.g. &, <, > etc
Parsing related fixes and enhancements
Bug 10418: User name in Windows MSSQL Server Event 18453 is not parsed
Bug 11230: Certificate Information in Win-Security-4768 and Win-Security-4771 not parsed
Bug 11239: Event time order not always maintained at the Supervisor/Worker nodes
Bug 11280: FortiGate event “FortiGate-traffic-icmp-allowed” is improperly classified as a denied event and triggers rules
Bug 11466: Several events are not parsed for Barracuda Mail gateway
Bug 11473: If parser sets event severity, then let it win over event severity from syslog header
Bug 11615: Juniper SSL VPN parsing extensions
Bug 11634: User not parsed in Windows Security 4625 events
Bug 11696: For Cisco ASA, Network Interface > Security Level info not consistently propagated to parser – this causes problems in identifying source and destination interfaces for parsing network traffic
Discovery related fixes and enhancements
Bug 11260: CBQoS / BGP / OSPF metrics get falsely discovered for Cisco devices even when they are not configured on the device
Bug 11397: Allow HTTPS selection choice for NetApp ONTAPI discovery
Bug 11519: Update access IP after re-discovery if original access IP interface is down
Bug 11524: Handle “>” as prompt in Unix SSH scripts
Bug 11582: EMC VNX CPU Discovery fails with password special characters
Bug 11681: EMC VNX discovery fails when it has only Meta LUNs but no normal LUNs
Bug 11755: VMware VCenter 5.5 discovery cannot return the correct tree structure when a Data Center is created under a Folder
Bug 11419: VMware VCNS log parsing
Bug 11474: Collect Back-to-back consistency point metric for NetApp from SNMP
Bug 11539: Support for Emerging Threats Snort rules
Bug 11553: Match Cisco MARS SIM rules
Bug 11559: NeXpose Rapid7 XML Export 2.0 Report format not supported
Bug 11570: Support FireEye HX appliance
Bug 11616: IronPort-Web Parser Logic Error
Bug 11680: Parse additional foundry syslog
Bug 11697: Add user name and source IP addr from ASA-113019 into identity and location report
Bug 11722: User information in Spanish win-security-4625 cannot be parsed correctly
Bug 11727: Update Cisco IPS Signatures to latest
Bug 11732: Windows events 673, 4769, 4773, 674, 677, 4770 are assigned to wrong log failure group causing brute force logon rules to fire
Bug 11733: Windows Clustering Failover rule definition needs to be tightened by adding the constraint eventSource = “Microsoft-Windows-FailoverClustering”
Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!