FortiDB 4.

0 MR4 Patch 2
Release Notes

FortiDB 4.0 MR4 Patch 2 Release Notes November 14, 2012 Revision 2 Copyright 2012 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, and FortiGuard are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance metrics contained herein were attained in internal lab tests under ideal conditions, and performance may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinets General Counsel, with a purchaser that expressly warrants that the identified product will perform according to the performance metrics herein. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinets internal lab tests. Fortinet disclaims in full any guarantees. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.

Technical Documentation Knowledge Base Forums Customer Service & Support Training Services FortiGuard Document Feedback

docs.fortinet.com kb.fortinet.com support.fortinet.com/forums support.fortinet.com training.fortinet.com fortiguard.com techdocs@fortinet.com

Table of contents
Change log ....................................................................................................... 4 Introduction ...................................................................................................... 5
Enhancements .......................................................................................................... 5

Special Notices ................................................................................................ 6

General ............................................................................................................... 6 Supported Platforms and Internal Repositories ................................................... 6 Supported Target Databases .............................................................................. 7 Collection Methods for Monitoring ....................................................................... 8 Existing Auditing Data During Upgrade ............................................................... 8 Activity Profiling and Policy Based Activity Auditing ............................................. 9 Internal Database Repository in Sniffing Mode .................................................... 9 How to Setup FortiDB Agents.............................................................................. 9 How to set up FortiDB TCP/IP Sniffer.................................................................. 9 How to set up encoding for displaying data ......................................................... 9 Software Install - Internal Database Repository ................................................. 10 RAID CLI Status Message ................................................................................ 10 Oracle Monitoring with TCP/IP Sniffing ............................................................. 11

Upgrade instructions ..................................................................................... 12

Upgrade from previous versions ........................................................................ 12

Troubleshooting ............................................................................................. 13
Monitoring and Auditing Log .............................................................................. 13

Resolved issues ............................................................................................. 16 Known issues ................................................................................................. 17 Image checksums .......................................................................................... 18

Fortinet Technologies Inc.

FortiDB 4.0 MR4 Patch 2 Release Notes

Change log
Date 2012-10-25 2012-11-14 Change Description Initial release. Updated Collection Method tables MySQL entry

Fortinet Technologies Inc.

FortiDB 4.0 MR4 Patch 2 Release Notes

Introduction
This document provides installation instructions and caveats, resolved issues, and known issues for FortiDB 4.0 MR4 Patch 2, build 0240. FortiDB provides web application and web services security in a single platform enabling the protection, load balancing and acceleration of web applications and the data exchanged between them and clients. For additional documentation, please visit: http://docs.fortinet.com/fdb.html

Enhancements
Poll FortiDB via SNMP for interface status, CPU and Memory statistics and more Vulnerability Assessment is now supported for MSSQL 2012

Fortinet Technologies Inc.

FortiDB 4.0 MR4 Patch 2 Release Notes

Special Notices
General
Monitor Settings for Web User Interface Access - Fortinet recommends setting your monitor to a screen resolution of 1280x1024. This allows all objects in the Web UI to be viewed properly The following web browsers are supported to properly display the FortiDB GUI: Application FortiDB 4.0 MR4 Patch2 Supported Web Browser Internet Explorer 7.x, 8.x, 9.x Firefox 4.x/5.0

Supported Platforms and Internal Repositories

FortiDB 4.0 MR4 supports the following platforms and internal repositories

Supported Platforms
Windows 2003 32-bit, 64-bit Window XP Linux RH4 64-bit, RH5 64-bit Solaris

Supported Internal Repositories

Derby (Shipped with FortiDB) PostgreSQL 8.3 Oracle 10Gr2, Oracle 11G MS SQL Server 2005, 2008 (Windows only)

Fortinet Technologies Inc.

FortiDB 4.0 MR4 Patch 2 Release Notes

Supported Target Databases

FortiDB v4.0 MR4 supports the following target databases. Before monitoring your target databases (DAM), some settings are required for your target databases. For details how to configure each target database, please see online help: Target Management > Required Settings for Monitoring Target Databases

Application VA

Oracle

MS SQL Server

Sybase

DB2 UDB

MySQL

Oracle 9.2.x Oracle 10gR1 Oracle 10gR2 Oracle 11.1.0.x

Microsoft SQL
Server 2000

Sybase ASE
12.5

DB2 UDB V8 DB2 UDB V9

MySQL 5.1 MySQL 5.5

Microsoft SQL
Server 2005

Sybase ASE
15.0.2

Microsoft SQL
Server 2008

Sybase ASE
15.5

Oracle 11gR2

Microsoft SQL
Server 2008R2

Sybase ASE
15.7

Microsoft SQL
Server 2012 DAM

Oracle 9i Oracle 10gR2 Oracle

11.1.0.x

Microsoft SQL
Server 2000 SP2

Sybase ASE
12.5 (Sniffer only)

DB2 UDB
V9.5

MySQL 5.1
(not supported with sniffer)

DB2 UDB
V9.7

Microsoft SQL
Server 2005 SP2

Sybase ASE
15.0.2

Oracle 11gR2

MySQL 5.5
(not supported with sniffer)

Sybase ASE
15.5

Microsoft SQL
Server 2008 SP2

Sybase ASE
15.7 (MDA only)

Microsoft SQL
Server 2008R2

Microsoft SQL
Server 2012

Fortinet Technologies Inc.

FortiDB 4.0 MR4 Patch 2 Release Notes

Collection Methods for Monitoring

FortiDB monitors database activity using collection methods that are customized for each of the target databases supported. Some collection methods require the FortiDB agent to execute on the target database host. This information is listed in the following table. For details about collection methods, please see online help, Choosing a Collection Method.

Target DB Oracle

Target collection methods audit_trail=DB,EXTENDED audit_trail=XML, EXTENDED

FortiDB Collection methods DB, EXTENDED. Agent is not required. XML File Agent. FortiDB agent is required. Please see Running the Oracle XML File Agent (UNIX, Windows) in online help. SGA Agent. FortiDB agent is required. Please see Running the Oracle SGA Agent (Solaris) in online help. TCP/IP Sniffer SQL Trace. Agent is not required. For SQL 2000, make sure the following commands are issued before starting monitoring: USE master GO EXEC sp_configure 'show advanced options', 1 GO RECONFIGURE WITH OVERRIDE GO EXEC sp_configure 'xp_cmdshell', 1 GO RECONFIGURE WITH OVERRIDE GO EXEC sp_configure 'show advanced options', 0 GO TCP/IP Sniffer DB2 Agent. FortiDB agent is required. Please see Running the DB2 Agent on Windows and Running the DB2 Agent on UNIX in online help. TCP/IP Sniffer MDA. Agent is not required. TCP/IP Sniffer General Query Log

SGA (for only 10gR2 on Linux 32-bit or Linux 64-bit machines) SPAN/mirror port MS SQL Server Trace file

SPAN/mirror port DB2 DB2 configuration

SPAN/mirror port Sybase MDA SPAN/mirror port MySQL General Query Log

Existing Auditing Data During Upgrade

4.0 MR2 Activity Auditing has been replaced with Sniffer Audit Log starting 4.0 MR3. When upgrading to MR3/MR4 the Sniffer Audit Log data is lost. In order to preserve this data run execute backup export old-sniffer-log.

Fortinet Technologies Inc.

FortiDB 4.0 MR4 Patch 2 Release Notes

Activity Profiling and Policy Based Activity Auditing

The new features starting MR3 Activity Profiling and Policy Based Activity Auditing can only be used when FortiDB is deployed in Sniffing mode.

Internal Database Repository in Sniffing Mode

When deployed in Sniffing mode FortiDB cannot use external database repository.

How to Setup FortiDB Agents

This section explains how to obtain and set up the Oracle XML File Agent and DB2 Agent. Note: For running the FortiDB agent, Java SE 6 (JDK 6) is required in your target machine.

Downloading the agent file

Please download the latest FortiDB agent in binary mode. Check with Fortinet support for a download location

Setting FortiDB agents

Please refer to the documentation how to setup the agents.

How to set up FortiDB TCP/IP Sniffer

Using the TCP/IP Sniffer method allows collecting database activity without the need to use database native audit or to install agents on the database. Simply configure a SPAN port on the switch and mirror all database traffic to it. Connect one of FortiDBs interfaces to this port and choose this it when configuring the target database in FortiDBs UI. This collection method is only supported in the appliance version.

How to set up encoding for displaying data

Some databases may contain information encoded in a non-English character set. To set up FortiDB to display non-English data, you must perform the following steps: If you are collecting from an agent-based collector, you must set the auditFileEncoding property in the agent.properties file to the encoding that the database is using. In order to generate reports that contain non-English encoded characters, you must set the DAM Report Encoding system property to the encoding you want to use. This property can be accessed by navigating to AdministrationGlobal ConfigurationReporting in the FortiDB client.

By default, the encoding that is used is UTF-8. In general, any encoding supported by the Java VM is supported by FortiDB, but for exporting PDF reports, the specified encoding (entered in step 2 previously) must map to a supported PDF font. The following encodings are supported by FortiDB for exporting PDF data: Locale Japanese Supported Encodings Shift_JIS SJIS EUC-JP EUC_JP x-EUC-JP-LINUX EUC_JP_LINUX
9 FortiDB 4.0 MR4 Patch 2 Release Notes

Fortinet Technologies Inc.

 Chinese

ISO-2022-JP ISO2022JP windows-31j MS932 Cp930 Cp939 Cp942 Cp943 Cp33722 x-mswin-936, MS936 GB18030 x-EUC-CN EUC_CN GBK x-windows-950 MS950 x-MS950-HKSCS MS950_HKSCS x-EUC-TW EUC_TW Big5 Big5-HKSCS Cp935 Cp937 Cp948 Cp950 Cp964 ISO2022_CN_CNS ISO2022_CN_GB x-windows-949 MS949 EUC-KR ISO-2022-KR ISO2022KR UTF-8

Korean

Others

Please visit http://java.sun.com/javase/6/docs/technotes/guides/intl/encoding.doc.html for additional information about encodings supported by the Java virtual machine.

Software Install - Internal Database Repository

When using the FortiDB software version and choosing Oracle as the internal repository only Oracle 10gR2 or Oracle 11g are supported

RAID CLI Status Message

When running the command get system raid on the FortiDB appliance the following status message is returned- "Raid State: Degraded". This message is harmless and can be safely ignored.

Fortinet Technologies Inc.

10

FortiDB 4.0 MR4 Patch 2 Release Notes

Oracle Monitoring with TCP/IP Sniffing

When deploying FortiDB TCP/IP Sniffing for the first time and monitoring Oracle databases configured in Dedicated mode already existing connections will not be monitored. New connections will need to be initialized.

Fortinet Technologies Inc.

11

FortiDB 4.0 MR4 Patch 2 Release Notes

Upgrade instructions
Upgrade from previous versions
Upgrade supported from previous official 4.x releases. Upgrade from 3.x versions is not supported

Fortinet Technologies Inc.

12

FortiDB 4.0 MR4 Patch 2 Release Notes

Troubleshooting
Monitoring and Auditing Log
During the Monitoring and Auditing life-cycle, FortiDB may encounter issues in the target database system which alter the way in which that target is monitored (in Native Audit collection method only), or even prevent that target from being monitored. The table below lists the problems that FortiDB may encounter and the log message that will be generated.

Severities
INFORMATIONAL used to describe the general monitoring state (started, reconfigured, stopped). All descriptions notify users of a successfully executed task. CAUTIONARY used to describe issues that users should be aware of, but do not impact the monitoring operation MINOR used to describe configuration issues that impact how monitoring is done, but does not impact the overall monitoring action on a target. Typically, minor errors describe configuration issues, such as the specification of non-existing objects or users in policies, which FortiDB can skip over. MAJOR used to describe changes in the target database that is being monitored. Users should be aware of these changes, and they may need to act on them to adjust how monitoring is done, or they may need to address this issue on the target database. Usually, these errors describe objects being modified or users being deleted from the target database that impact certain policies that are being used for monitoring CRITICAL used to describe errors that prevent FortiDB from monitoring the target database.

Error Types
CONFIGURATION Any issue that occurs when configuring a target with the associated policies. These log entries occur with specific policies (in which case a policy-name is logged), or it may be a general error (in which case n/a is logged for the Policy Name field). PERMISSION Issues having to do with insufficient permissions of the target user. OBJECT_CHANGE When objects are changed on the target database after monitoring has started USER_CHANGE When users are changed on the target database after monitoring has started.

Fortinet Technologies Inc.

13

FortiDB 4.0 MR4 Patch 2 Release Notes

Configuration Messages
Message 1 The user <USER> does not exist on <TARGET> Type CONFIGURATION Severity MINOR Description This is a policy-specific error, which signals that a certain user that was specified in the policy does not exist on the target database. This user entry will be skipped when configuring the policy. If all the user entries are skipped, then the policy itself will not be used to monitor the target. This is a policy-specific error, which signals that a certain table that was specified in the policy does not exist on the target database. This object entry will be skipped when configuring the target. . If all the table entries are skipped, then the policy itself will not be used to monitor the target. An unexpected exception was thrown when attempting to configure a target with a specific policy. The error message is the actual exception message. When initializing the Sybase collector, there were insufficient permissions with the FortiDB target user which prevented FortiDB from doing JDBC queries against the target database. No policies were enabled for the target, or if enabled, no objects or users in the policies were configurable for that target.
FortiDB 4.0 MR4 Patch 2 Release Notes

The object <DB.SCHEMA.TABLE> does not exist on <TARGET> and will not be monitored on this target.

CONFIGURATION

MINOR

<AgentConfigurationExcept ion Message>

CONFIGURATION

CRITICAL

SQL Exception Message (Sybase Only)

PERMISSION

CRITICAL

No valid policies configured. Monitoring did not start.

CONFIGURATION

CRITICAL

Fortinet Technologies Inc.

14

Monitoring on <Target> successfully Started.

CONFIGURATION

INFORMATIONAL

The Start Monitoring operation was successfully executed on the target. The Stop Monitoring operation was successfully executed on the target. The Reconfigure operation was successfully executed on the target, and the collection state is now consistent with changes made in the UI. A configured object has been removed from the target. Note that this error is only logged when FortiDB is doing target checks at the scheduled times (which can be configured in the Log view). A configured user has been removed from the target. Note that this error is only logged when FortiDB is doing target checks at the scheduled times (which can be configured in the Error Log view). Valid for Oracle DB, EXTENDED. Reports that the queryto get the audit data from the target is taking more than 10 seconds. This typically occurs when sys.aud$ table.has more than 2 million records. It can be a result of an intermittent network delay.

Stopped monitoring on <Target>.

CONFIGURATION

INFORMATIONAL

Reconfigured monitoring settings on <Target>

CONFIGURATION

INFORMATIONAL

The object <DB.SCHEMA.TABLE> has been removed from <Target>.

OBJECT_CHANGE

MAJOR

10

The user <USER> has been removed from <Target>.

USER_CHANGE

MAJOR

11

Excessive Time :<time> seconds to execute audit data query. The audit table for: <targetname> should be truncated.

COLLECTION

MAJOR

Fortinet Technologies Inc.

15

FortiDB 4.0 MR4 Patch 2 Release Notes

Resolved issues
The resolved issues listed below do not list every bug that has been corrected with this release. For inquires about a particular bug, please contact Fortinet Customer Service & Support. Table 1: Resolved issues Bug ID 169409 171856 172294 172295 Description Sybase 5.7 sniffer version added to system settings sniffer support for CP850 charset The DAM connection to a XML Agent stays stale after a re-boot of Oracle Depending on the audit method some SYS user and/or operation is not Audited with User Defined Policies Alert inconsistencies when the time settings are different between the FortiDB appliance and target database FortiDb cant connect to a MSSQL database that requires a certificate MySQL auditing stops after a few hours can't generate alerts/audits for a certificated MSSQL server certain FortiDB administrative actions not logged LDAP Login SIMPLE authentication problem Importing VA policy fails Cant run connection test to Windows 2008 AD get sys status shows disk as 0GB The alerts Return Code shows 0 500 error when trying to add a user-defined policy DB username represented incorrectly in alerts

171574

174695 175330 175111 174410 168930 177596 176967 177141 0153766 177236 179433

Fortinet Technologies Inc.

16

FortiDB 4.0 MR4 Patch 2 Release Notes

Known issues
This section lists the known issues of this release, but is not a complete list. For inquires about a particular bug, please contact Fortinet Customer Service & Support. Table 2: Known issues Bug ID 0167853 0183358 0169044 0166347 Description Metadata Policy doesnt generate an alert when using sqlplus Test connection to DB2 server fails on DB2 v9.1 Some VA policies fail on MSSQL 2012 Using white list can cause FortiDB to freeze

Fortinet Technologies Inc.

17

FortiDB 4.0 MR4 Patch 2 Release Notes

Image checksums
To verify the integrity of the firmware file, use a checksum tool and compute the firmware files MD5 checksum. Compare it with the checksum indicated by Fortinet. If the checksums match, the file is intact. MD5 checksums for Fortinet software and firmware releases are available from Fortinet Customer Service & Support. After logging in to the web site, go to Download > Firmware Image Checksums. In the File Name field, enter the firmware image file name including its extension, then click Get Checksum Code. Figure 1: Customer Service & Support image checksum tool

Fortinet Technologies Inc.

18

FortiDB 4.0 MR4 Patch 2 Release Notes