Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

New Contributor II

FortiAnalyzer 6.0 Features

Hi All,

Here are the new features in FAZ 6.0,

Hyper-V FortiAnalyzer-VM running on an AMD CPU

A Hyper-V FAZ-VM running on a PC with an AMD CPU may experience a kernel panic. Fortinet recommends running VMs on an Intel-based PC.

IPsec connection to FortiOS for logging

FortiAnalyzer 5.4.2 and later does not support an IPsec connection with FortiOS 5.0/5.2. However UDP or TCP + reliable are supported. Instead of IPsec, you can use the FortiOS reliable logging feature to encrypt logs and send them to FortiAnalyzer. You

can enable the reliable logging feature on FortiOS by using the configure log fortianalyzer setting command. You can also control the encryption method on FortiOS by using the set enc-algorithm default/high/low/disable command.

Datasets Related to Browse Time

If upgrading from an image prior to FAZ 5.4.2, cloned datasets that query for browse time may not be able to return any results after upgrade. FortiAnalyzer 5.4.2 contains enhancements to calculating the estimated browse time. Due to the changes, cloned datasets that query for browse time may not be able to return any results after upgrade.

System Configuration or VM License is Lost after Upgrade

When upgrading FortiAnalyzer from 5.4.0 or 5.4.1 to 5.4.x or 5.6.0, it is imperative to reboot the unit before installing the 5.4.x or 5.6.0 firmware image. Please see the FortiAnalyzer Upgrade Guide for details about upgrading. Otherwise,

FortiAnalyzer may lose system configuration or VM license after upgrade. There are two options to recover the FortiAnalyzer unit:

  1. Reconfigure the system configuration or add VM license via CLI with execute add-vm-license .
  2. Restore the 5.4.0 backup and upgrade to 5.4.2.

 SSLv3 on FortiAnalyzer-VM64-AWS

Due to known vulnerabilities in the SSLv3 protocol, FortiAnalyzer-VM64-AWS only enables TLSv1 by default. All other models enable both TLSv1 and SSLv3. If you wish to disable SSLv3 support, please run:

 config system global

 set ssl-protocol t1sv1


Pre-processing logic of ebtime

Logs with the following conditions met are considered usable for the calculation of estimated browsing time: Traffic logs with logid of 13 or 2, when logid == 13, hostname must not be empty. The service field should be either HTTP, 80/TCP or 443/TCP. If all above conditions are met, then devid, vdom, and user (srcip if user is empty) are  combined as a key to identify a user. For time estimation, the current value of duration is calculated against history session start and end time, only un-overlapped part are used as the ebtime of the current log.

Port 8443 reserved

Port 8443 is reserved for https-logging from FortiClient EMS for Chromebooks.



Prageeth Karunarathne.

Not applicable

functions. remote office/. branch office. FortiManager. Centralized device and. coverage control. FortiAnalyzer. Centralized Logging and Reporting. FortiGate. Do Essay physical or virtual. Please alter the display screen decision consequently. Please alter the display decision accordingly.