May 6, 2024 — FORTINET VIDEO GUIDE ... In this release, FortiAIOps uses elevated artificial intelligence and machine learning capabilities to enhance user experience for ...16 pages
Release Notes FortiAIOps 2.0.1 FORTINET DOCUMENT LIBRARY https://docs.fortinet.com FORTINET VIDEO GUIDE https://video.fortinet.com FORTINET BLOG https://blog.fortinet.com CUSTOMER SERVICE & SUPPORT https://support.fortinet.com FORTINET TRAINING & CERTIFICATION PROGRAM https://www.fortinet.com/support-and-training/training.html NSE INSTITUTE https://training.fortinet.com FORTIGUARD CENTER https://fortiguard.com/ END USER LICENSE AGREEMENT https://www.fortinet.com/doc/legal/EULA.pdf FEEDBACK Email: techdoc@fortinet.com May 26, 2024 FortiAIOps 2.0.1 Release Notes 83-1017460-201-20240526 TABLE OF CONTENTS Change log 4 About FortiAIOps 2.0.1 5 Overview 6 Supported Hardware and Software 7 What's New 9 Recommendations and Special Notes 11 Common Vulnerabilities and Exposures 13 Fixed Issues 14 Known Issues 15 FortiAIOps 2.0.1 Release Notes 3 Fortinet Inc. Change log Change log Date 2024-04-16 2024-04-23 2024-05-06 2024-05-26 Change description FortiAIOps version 2.0.1 version. Updated the list of new FortiAPs supported in this release. See What's New Added Nutanix support. See What's New Updated Known Issues. FortiAIOps 2.0.1 Release Notes 4 Fortinet Inc. About FortiAIOps 2.0.1 About FortiAIOps 2.0.1 In this release, FortiAIOps delivers key new features such as, elevated artificial intelligence and machine learning capabilities to enhance user experience for wireless access and the support of public Cloud platforms for deploying FortiAIOps. For detailed information on the new features of this version, see What's New. Notes: l Upgrade to the current release is supported only from version 2.0.0. l The license is now applied as soon as FortiGate is added to the inventory. The delay in license application from the previous release is eliminated. l The FortiAIOps subscription-based annual license is available as per the number of devices, and supports the following. l Monitoring l AI Insights l Monitoring and AI Insights l SD-WAN FortiAIOps 2.0.1 Release Notes 5 Fortinet Inc. Overview Overview FortiAIOps enables you to view and monitor the status of your entire wireless, wired, and SD-WAN network and provides insights into key health statistics, based on the Artificial Intelligence (AI) and Machine Learning (ML) architecture that it is built upon. FortiAIOps learns from your network data to report statistics, providing visibility and deep insight into your network, and it monitors integrated wireless, wired, and SD-WAN networks by managing and monitoring of FortiGate controllers. FortiAIOps 2.0.1 Release Notes 6 Fortinet Inc. Supported Hardware and Software Supported Hardware and Software The following versions are supported with this release of FortiAIOps. Software FortiOS FortiWiFi FortiSwitchOS Access Points FortiExtender Supported Versions l 7.0.6 and above l 7.2.0 and above l 7.4.0 and above All devices with FortiOS version 7.0 and above. l 7.0.x and above l FortiAP 6.4.x and above l FortiAP-U 6.2.4 and above l 7.2.2 and above The following are the recommended resource requirements for FortiAIOps. Maximum device count l FortiGates - 30 l FortiSwitches - 90 l FortiExtenders - 30 l FortiAPs - 180 l Clients - 3000 l FortiGates - 200 l FortiSwitches - 600 l FortiExtenders - 200 l FortiAPs - 1200 l Clients - 10000 l FortiGates - 1000 l FortiSwitches - 3000 l FortiExtenders - 1000 l FortiAPs - 6000 l Clients - 25000 l FortiGates - 2500 l FortiSwitches - 7500 l FortiExtenders - 2500 l FortiAPs - 15000 l Clients - 60000 l FortiGates - 5000 Recommended Hardware l CPU - 4 l Memory - 32 GB l Storage - 1 TB l CPU - 4 l Memory - 32 GB l Storage - 1 TB l CPU - 40 l Memory - 128 GB l Storage - 4 TB l CPU - 24 l Memory - 128 GB l Storage - 4 TB l CPU - 104 Supported Mode AI Insights and Monitoring Monitoring only AI Insights and Monitoring Monitoring only AI Insights and Monitoring FortiAIOps 2.0.1 Release Notes 7 Fortinet Inc. Supported Hardware and Software Maximum device count l FortiSwitches - 15000 l FortiExtenders - 5000 l FortiAPs - 30000 l Clients - 100000 Recommended Hardware l Memory - 256 GB l Storage - 8 TB The following web browsers are tested to access the FortiAIOps GUI. Web Browser Google Chrome Mozilla Firefox Microsoft Edge Safari Version 123.0.6312.106 123 123.0.2420.81 17.4.1 Supported Mode FortiAIOps 2.0.1 Release Notes 8 Fortinet Inc. What's New What's New This release of FortiAIOps 2.0.1 delivers the following new features. Feature Enhanced AI Detection Public Cloud Platforms VM Platforms Enhanced AI Insights Dashboard Log Retention New Topology Enhanced GUI New FortiAP Support Description l In this release, FortiAIOps uses elevated artificial intelligence and machine learning capabilities to enhance user experience for wireless access. This applies to throughput and coverage SLAs. l FortiAIOps also provides detailed analytics on the experience for specific conference applications, MS Teams, Google Meet, and Zoom. l SSID down events detection is now supported. FortiAIOps can now be deployed on the following public Cloud platforms. l Microsoft Azure l Google Cloud Platform l Amazon Web Services FortiAIOps can now be deployed on Nutanix. The following new widgets are now available in the AI insights dashboard. l Overall network health l Impacted clients trends l Top 3 impacted applications l Top 5 problematic devices The AI insights dashboard now displays data for a maximum of 1 week. FortiAIOps now dynamically allocates the duration to retain statistics data based on daily data accumulation and space available. This release provides a simplified topology with a visualization/illustration of the physical placement of devices, for ease of navigation and debugging. l New System Resource Summary, High Latency FortiGates, and FortiSwitches Events widgets are added in the Summary dashboard. l Simplified physical and logical topologies are available in the Security Fabric. l New and enhanced Channel Summary page in Wireless. This release supports the following FortiAPs. l FAP- 231G l FAP- 233G l FAP- 234G l FAP- 431G l FAP- 432G l FAP- 433G FortiAIOps 2.0.1 Release Notes 9 Fortinet Inc. What's New Feature Others Description l FAP- 432R l FAP- 441K l FAP- 443K l The LAN port statistics are now displayed for access points. l The AP health trends now monitor the temperature. l SMTP server configurations are added to receive email notifications for report generation. FortiAIOps 2.0.1 Release Notes 10 Fortinet Inc. Recommendations and Special Notes Recommendations and Special Notes l Recommendations l Special Notes Recommendations Fortinet recommends the following versions and configurations to use with FortiAIOps. Product FortiAP FortiOS FortiGate Others Recommendation l FortiAP (FAP) version 7.2.2 and above is recommended to generate all events in FortiAIOps. l FortiOS version 7.2.4 and above or version 7.4.0 are recommended to generate all events in FortiAIOps. l [FortiGate/FortiAnalyzer] Configure the FortiAIOps IP address in the FortiGate syslog or FortiAnalyzer to send events to FortiAIOps. l Ensure that you enable the detection of interfering SSIDs in FortiGate to allow reporting of Throughput SLA - interference issues in FortiAIOps. To detect interfering SSIDs in FortiGate, configure the FortiAP profile to use Radio Resource Provisioning or a WIDS profile with AP scan enabled. l To receive SD-WAN logs, ensure that the SD-WAN monitoring license is applied in FortiGate. This is to generate congestion logs. l Configure the sla-fail and sla-pass log failure period, the recommended duration is 30 to 60 seconds. l When the backup file is restored on a different machine, reconfigure the FortiAIOps IP address in the FortiGate syslog settings. The FortiAIOps time and timezone should be synchronized with the NTP server. Special Notes Note the following when using FortiAIOps. l By default, there is no password for logging into the CLI mode for the first time. However, you are prompted to change the password after logging in. The default login credentials (username/password) for the GUI are admin/admin. Configuring the CLI password does not modify the GUI password. l The FortiAIOps CLI and GUI users are different. l Upgrading FortiAIOps is supported only via the CLI mode. FortiAIOps 2.0.1 Release Notes 11 Fortinet Inc. Recommendations and Special Notes l FortiAP and FortiSwitch events/logs are displayed randomly for both primary and secondary FortiGates in a cluster. l When a FortiGate is deleted and added in a new device group, the AI-Insights data is still displayed in the older device group. l This release supports the backup and restore function only for FortiAIOps configuration. CLI configurations are saved using the execute backup config command and it does not include any FortiAIOps specific configurations. l The import option is not available for FortiGates deployed in HA mode. l The Time to Connect - DNS delay is not supported. l SAM works with F-series FAPs, bridge mode SSIDs, and WPA2 PSK security mode only. l Currently only radio1 (2.4GHz) and radio 2 (5GHz) are supported for SAM operations. l SAM test results are not displayed in the baseline view details/trends page after the restore operation. l FortiAnalyzer version 7.4.1 is not supported due to an incorrect log format. l Time to Connect and Connection Failure SLA - WPA3 SAE and Enterprise modes are not supported. l The backup and restore operation is supported from version 2.0.0. FortiAIOps 2.0.1 Release Notes 12 Fortinet Inc. Common Vulnerabilities and Exposures Common Vulnerabilities and Exposures This release of FortiAIOps is no longer vulnerable to the following. l CVE-2023-48795 l CVE-2023-51384 l CVE-2023-51385 l CVE-2024-27782 l CVE-2024-27783 l CVE-2024-27784 l CVE-2024-27785 l CVE-2024-27786 Visit https://www.fortiguard.com/psirt for more information. FortiAIOps 2.0.1 Release Notes 13 Fortinet Inc. Fixed Issues Fixed Issues This release of FortiAIOps resolves the issues described in this section. Issue ID 941199 977236 978275 982922 982926 1009655 1009660 Description Sometimes, the discovery of FortiGate failed with errors in the diagnostic logs. FortiSwitch port status was Down in FortiAIOps but Up in FortiGate. FortiGates added through ForitAIOps GUI are not visible in GUI after a period of time. If the first time login failed after adding FortiGate in the HA mode, then the HA mode was not updated even after the FortiGate was successfully discovered. Sometimes, the GUI was not accessible due to some certificate issues. FortiSwitch data was not displayed in the widgets in Switch > FortiSwitch. Unable to add the second FortiAP in the heat map. FortiAIOps 2.0.1 Release Notes 14 Fortinet Inc. Known Issues Known Issues The following are known issues in FortiAIOps version 2.0.1. For inquiries about a particular issue, contact Customer Support. Issue ID 984470 992173 992778 995350 1000705 1011884 1013904 1014527 1020336 Description Workaround FortiAIOps docker fails to start on Google Cloud Platform (GCP) upon reboot. In the AI Insights dashboard, the statistics for connected switch clients take longer (2.5 minutes approximately) to display, only for a duration of 1 week. Sometimes, SAM measured baseline tests fail due to time zone errors. [AI Insights dashboard] The Overall Network Health and the Impacted Clients charts are not supported in the Firefox browser. Use a supported browser, such as, Chrome, Edge, and Safari. In Wireless > Clients, the trend data displayed for more than 12 hours is inaccurate. Interfering SSID data reported by radio 3 is not displayed in the Channel Summary. In Wireless > applications, the data in the User, Access Points, and SSID columns for bridge SSID profiles is incorrect in all widgets. Currently, there is a delay in the switch SLA data in the Impacted SLA and Impacted Devices pages. FortiAIOps does not detect FaceTime application due to signature issues in FortiGuard. FortiAIOps 2.0.1 Release Notes 15 Fortinet Inc. Known Issues Issue ID 1034404 Description FortiGates managed by FortiAIOps lose connectivity on upgrade. Workaround FortiAIOps rigorously scrutinizes the certificate chain. On upgrading (when using the Fortinet_GUI_ Server certificate), if FortiGate ignores the CA certificate in FortiAIOps, then it loses connectivity. To restore the FortiGate's online status, perform any of the following. l Download the CA certificate from FortiGate and upload it into FortiAIOps (System > CA certificates). l Switch to a custom certificate like Let's Encrypt and add the CA certificate in FortiAIOps. FortiAIOps 2.0.1 Release Notes 16 Fortinet Inc. www.fortinet.com Copyright© 2024 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet's General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet's internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.madbuild