System Requirements – FortiAnalyzer 5.2

Leave a reply

System requirements

Web browser support

The FortiAnalyzer Web-based Manager supports the following web browsers:

  • Microsoft Internet Explorer versions 10 and 11
  • Mozilla Firefox versions 30 and 31
  • Google Chrome version 36

Other web browsers may function correctly, but are not supported by Fortinet.

Screen resolution

Fortinet recommends setting your monitor to a screen resolution of 1280×1024. This allows for all the objects in the Web-based Manager to be properly viewed.


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Feature Comparison between analyzer and collector mode – FortiAnalyzer 5.2

Leave a reply

Feature comparison between analyzer and collector mode

The operation mode options have been simplified to two modes, Analyzer and Collector. Standalone mode has been removed.

Table 2: Feature comparison between Analyzer and Collector modes

  Analyzer Mode Collector Mode
Event Management Yes No
Monitoring (drill-down/charts) Yes No
Reporting Yes No
FortiView/Log View Yes Yes
Device Manager Yes Yes
System Settings Yes Yes
Log Forwarding No Yes

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Operation Modes – FortiAnalyzer 5.2

Leave a reply

Operation modes

The FortiAnalyzer unit has two operation modes:

  • Analyzer: The default mode that supports all FortiAnalyzer features. This mode used for aggregating logs from one or more log collectors. In this mode, the log aggregation configuration function is disabled.
  • Collector: The mode used for saving and uploading logs. For example, instead of writing logs to the database, the collector can retain the logs in their original (binary) format for uploading. In this mode, the report function and some functions under the System Settings tab are disabled.

The analyzer and collector modes are used together to increase the analyzer’s performance. The collector provides a buffer to the FortiAnalyzer by off-loading the log receiving task from the analyzer. Since log collection from the connected devices is the dedicated task of the collector, its log receiving rate and speed are maximized.

The mode of operation that you choose will depend on your network topology and individual requirements.


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Administrative Domains – FortiAnalyzer 5.2

Leave a reply

Administrative domains

Administrative domains (ADOMs) enable the admin administrator to constrain other

FortiAnalyzer unit administrators’ access privileges to a subset of devices in the device list. For Fortinet devices with virtual domains (VDOMs), ADOMs can further restrict access to only data from a specific device’s VDOM.

Enabling ADOMs alters the structure of and the available functions in the Web-based Manager and CLI, according to whether or not you are logging in as the admin administrator, and, if you are not logging in as the admin administrator, the administrator account’s assigned access profile. See “System Information widget” on page 46 for information on enabling and disabling

ADOMs.

For information on working with ADOMs, see “Administrative Domains” on page 27 of the Fortinet Documentation. For information on configuring administrators and administrator settings, see“Admin” on page 73 of the Fortinet Documentation.


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Dedicated Management CPU

Leave a reply

Have a FortiGate that is getting slammed with traffic? Tired of not being able to manage the damn thing because of resource utilization? Boy do I have the fix for YOU! Hah, seriously though. If you suffer from these issues then there is definitely a way to guarantee management access to the device as long as you are running FortiOS 5.2 or newer and it is a 2U / blade firewall with mutliple CPUs.

Below are the commands to configure this

conf system npu
set dedicated-management-cpu <enable | disable>
end


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Known Issues – FortiAnalyzer 5.4

Leave a reply

Known Issues

The following issues have been identified in FortiAnalyzer version 5.4.0. For inquires about a particular bug or to report a bug, please contact Fortinet Customer Service & Support.

Reporting

Bug ID Description
295199 Percentage on Storage Statistics can be over 100%.

System Settings

Bug ID Description
299318 The Actual day for Archive should not be longer than the Config day.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Resolved Issues – FortiAnalyzer 5.4

Leave a reply

Resolved Issues

The following issues have been fixed in FortiAnalyzer version 5.4.0. For inquires about a particular bug, please contact Customer Service & Support.

Device Manager

Bug ID Description
298415 FortiAnalyzer cannot add FortiController 5103B as a syslog device.
292606 FortiAnalyzer cannot accept logs from FortiADC.
279319 Non-existing VDOMs with strange characters are displayed.
Bug ID Description
307732 F3K2D-DC logs are recognized as Syslogs.

Event Management

Bug ID Description
299664 The RPI field is missing from Syslog alert.
287216 Event Handlers returns SQL error: duplicated key (Alert ID) when inserting alert_logs.
284440 There is an invalid Ref Field in the FortiGate Logs.
270264 Change Device ID to Device Name in an Email subject line subject line.

FortiView

Bug ID Description
298726 Top Threats may not show any results that reflect the corresponding threat logs.
291597 The Application icons are not displayed in FortiView and Log View.
280309 FortiView Resource Usage does not display peak values.
280181 FortiAnalyzer does not display IP/MAC information in DHCP logs.

Logging

Bug ID Description
300877 Users are unable to choose columns when creating a table chart from dataset.

Resolved Issues

Bug ID Description
299509 IPv6 logs that are sent to Syslog server via log forwarding are different from IPv6 logs that are sent directly from FortiGate.
291652 Fortilogd may be blocked by slow TCP log forwarding and stop receiving incoming logs.
286804 Search takes longer than expected and may return unexpected results.
286190 The “Last 5 min” interval option is missing from the FortiLog Time Interval List .
284658 FortiAnalyzer does not refresh the list of logs with the Go button.
281953 Advanced ADOM mixes up logs from different VDOMs.
280891 Several fields are missing when viewing FortiSandbox logs.
280873 String value in the Extension Field that is formatted using CEF is surrounded by quotes.
280578 When the Language setting is set to Japanese, FortiAnalyzer shows columns with the same heading.
280192 Base64 encoded “log-attack-context” log is not readable.
280192 Base64 encoded log-attack-context events are not readable on FortiAnalyzer.
280053 Attack Context ID for Intrusion Prevention logs are not parsed properly.
278804 FortiAnalyzer does not restrict the number for Last N days in Log View.
278453 FortiAnalyzer returns an error and stops a query when the Source IP is an invalid IP address.
278077 Traffic log table still displays the Date/Time column even though it has been disabled via Column Settings.
276989 Scan Start and End times should be displayed in a readable format instead of in epoch mode.
276491 GTP specific fields are missing in Event Log Viewer after an upgrade.

Reporting

Resolved

Bug ID Description
300569 When there are many hcache tables, the SQL query for report generation may fail.
298217 The report generated for “Active Traffic Users” has data inconsistent with the dataset output.
295987 The “Top 20 Bandwidth Users” report that runs with the “Webfilter-Top-Web-Users-ByBandwidth” data set may not return correct data.
292983 The apprisk-ctrl-Common-Virus-Botnet-Spyware dataset may filter out botnet applications.
291808 Some VDOMs are missing under the Configuration tab of a report.
286653 When selecting a background image, the footer background color does not apply to the cover page.
286588 Creating hcache does not work after enabling the Report Group.
284133 When using the $flex_timescale, the Start time and End time are not correct in the SQL.
283433 User filter does not work when the username contains the \ character.
275394 FortiAnalyzer loses auto column update in chart when the dataset is changed.
272777 When query results contain the # character, it cannot be displayed in the table chart.
262593 Japanese characters in a PDF formatted report are displayed in an unexpected front style.
257691 Report line chart limits the number of items depending on the period specified for the report.
231536 A Group Report should not be generated when the Multiple Reports (Per-Device) option is selected.

System Settings

Bug ID Description
278334 FortiAnalyzer displays inconsistent behavior for read-only admin profiles.
270785 When the license count is exceeded, the alert message does not appear.

Resolved Issues

Others

Bug ID Description
306160 Syslog is trimmed when being forwarded to a syslog server.
296481 The getFazGeneratedReport XML call should include macro data in the report_ data.txt file.
296228 FortiAnalyzer should support TLS v1.1 and v1.2.
295051 Within a XML response, the report name always has prefix “S-{layout-id}_t{layout-id}-

“.
294453 Some SOAP API calls may not close connections.
291013 Oftpd may crash in some situations.
286512 Device version is not set in the CEF message header field.
286498 FortiAnalyzer does not back up logs to FTP when using log-file-archive-name extended .
283832 Oftp keeps updating the address from multiple VDOMs when the FortiAnalyzer override is enabled in each of the VDOMs.
279760 FortiAnalyzer returns an error when running searchFazLog using duration or sentbyte as searchCriteria with the XML API.
277478 Several ERROR: extra data after last expected column messages appear in the pgsvr.log.
275008 The fazmaild daemon stops working.
241924 The Drilldown to UTM tabs of FortiGate do not show the correct UTM log entry when the device is FortiAnalyzer.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Required Changes to Dataset – FortiAnalyzer 5.4

Leave a reply

Required changes to dataset

The following rules must be followed by any existing or new datasets:

If your dataset references any IP related data, such as srcip or dstip, please use the ipstr(‘…’) function to convert an IP address for proper display. For example, ipstr(‘srcip’) returns the source IP in a string.

The column, status, has been changed to action. Please replace status with action in dataset query for proper status.


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!