Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • EMS Administration Guide

    Home FortiClient 7.4.1 EMS Administration Guide
    7.4.1
    7.4.1
    7.4.0
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.9
    6.4.8
    6.4.7
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.8
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0

    EMS installation with Postgres in Docker

    EMS installation with Postgres in Docker

    You can install PostgreSQL (Postgres) in Docker on the same machine as EMS or on a remote machine.

    To install EMS with Postgres in Docker:
    1. Prepare the desired Ubuntu machine(s). If you are using two machines, you will install Postgres on one machine and EMS on the other machine. The following instructions designate some steps for the Postgres machine and others for the EMS machine. If you are using one machine, simply perform all configuration on that machine.
    2. On the Postgres machine, do the following:
      1. Run sudo -i to log in to the shell with root privileges. Perform all following steps with root privileges.
      2. Install Docker:
        apt install docker.io
      3. Download the Postgres Docker image forticlientems_7.4.1.XXXX_postgresql15.tar.gz file from Fortinet Support site.
      4. Load the image:
        docker load -i forticlientems_postgresql15.tar.gz

      5. List the images on Docker:
        docker image ls

      6. Run the Docker container. The following shows the command to run a container: 
        docker run --restart always --name <container name> -e POSTGRES_PASSWORD=<password> -p <local port number>:<PostgreSQL port number:5432> -d <container instance name><default username> -N <number>

        The following details the options for the command:

        Option

        Description

        -e

        Set environment variables.

        -p

        Publish all exposed ports to random ports.

        -d

        Run container in the background and print container ID.

        -N

        Maximum number of concurrent connections allowed to the containerized Postgres database.

        --restart always

        Ensures that if the host restarts, it starts the container automatically.

        The following shows an example command with example values:

        docker run --restart always --name ems_docker -e POSTGRES_PASSWORD=Fortinet123# -p 6434:5432 -d ems_postgresql15 postgres
        Note

        You can use any container instance name and password. In this example, the container's Postgres port, 5432, is exposed to port 6434 on the machine where Docker is running.

        This allows you to have several instances of Postgres containers running and isolated from each other as long as they use different local host ports. You can use any port number as a local port for a Postgres container.

    3. On the EMS machine, install EMS and connect to the database:
      1. Download the forticlientems_7.4.1.XXXX.bin file from the Fortinet Support site.
      2. Change permissions and add execute permissions to the installation file:

        chmod +x forticlientems_7.4.1.XXXX.bin

      3. Set umask to 022 if the existing umask setting is more restrictive.
      4. Start the EMS installation and connect to the Postgres database on the Docker container. The following shows the command to do so: 
        sudo ./<ems installation script file> -- --db_host <IP address or FQDN> --db_port <local port> --db_user <username> --db_pass <password> --skip_db_install --allowed_hosts '*' --enable_remote_https

        The following shows an example command with example values:

        ./forticlientems_7.4.1.XXXX.bin -- --db_host 192.168.1.20 --db_port 6434 --db_user postgres --db_pass Fortinet123# --skip_db_install --allowed_hosts '*' --enable_remote_https

        Run the installer to/from any directory other than /tmp. Running the installer to/from /tmp causes issues.

        Note

        db_host is the Postgres Docker machine IP address or FQDN.

      5. After installation completes, check that all EMS services are running by entering the following command:

        systemctl --all --type=service | grep -E 'fcems|apache|redis|postgres'

        The output shows that postgresql.service status displays as exited. This is the expected status. EMS does not create this service, which only exists to pass commands to version-specific Postgres services. It displays as part of the output as the command filters for all services that contain "postgres" in the name.

      6. Access the EMS GUI and log in.
      7. If after initially installing EMS 7.4.1 you need to upgrade to a newer build, repeat step 3 with the new installation file.
    Previous
    Next

    EMS installation with Postgres in Docker

    EMS installation with Postgres in Docker

    You can install PostgreSQL (Postgres) in Docker on the same machine as EMS or on a remote machine.

    To install EMS with Postgres in Docker:
    1. Prepare the desired Ubuntu machine(s). If you are using two machines, you will install Postgres on one machine and EMS on the other machine. The following instructions designate some steps for the Postgres machine and others for the EMS machine. If you are using one machine, simply perform all configuration on that machine.
    2. On the Postgres machine, do the following:
      1. Run sudo -i to log in to the shell with root privileges. Perform all following steps with root privileges.
      2. Install Docker:
        apt install docker.io
      3. Download the Postgres Docker image forticlientems_7.4.1.XXXX_postgresql15.tar.gz file from Fortinet Support site.
      4. Load the image:
        docker load -i forticlientems_postgresql15.tar.gz

      5. List the images on Docker:
        docker image ls

      6. Run the Docker container. The following shows the command to run a container: 
        docker run --restart always --name <container name> -e POSTGRES_PASSWORD=<password> -p <local port number>:<PostgreSQL port number:5432> -d <container instance name><default username> -N <number>

        The following details the options for the command:

        Option

        Description

        -e

        Set environment variables.

        -p

        Publish all exposed ports to random ports.

        -d

        Run container in the background and print container ID.

        -N

        Maximum number of concurrent connections allowed to the containerized Postgres database.

        --restart always

        Ensures that if the host restarts, it starts the container automatically.

        The following shows an example command with example values:

        docker run --restart always --name ems_docker -e POSTGRES_PASSWORD=Fortinet123# -p 6434:5432 -d ems_postgresql15 postgres
        Note

        You can use any container instance name and password. In this example, the container's Postgres port, 5432, is exposed to port 6434 on the machine where Docker is running.

        This allows you to have several instances of Postgres containers running and isolated from each other as long as they use different local host ports. You can use any port number as a local port for a Postgres container.

    3. On the EMS machine, install EMS and connect to the database:
      1. Download the forticlientems_7.4.1.XXXX.bin file from the Fortinet Support site.
      2. Change permissions and add execute permissions to the installation file:

        chmod +x forticlientems_7.4.1.XXXX.bin

      3. Set umask to 022 if the existing umask setting is more restrictive.
      4. Start the EMS installation and connect to the Postgres database on the Docker container. The following shows the command to do so: 
        sudo ./<ems installation script file> -- --db_host <IP address or FQDN> --db_port <local port> --db_user <username> --db_pass <password> --skip_db_install --allowed_hosts '*' --enable_remote_https

        The following shows an example command with example values:

        ./forticlientems_7.4.1.XXXX.bin -- --db_host 192.168.1.20 --db_port 6434 --db_user postgres --db_pass Fortinet123# --skip_db_install --allowed_hosts '*' --enable_remote_https

        Run the installer to/from any directory other than /tmp. Running the installer to/from /tmp causes issues.

        Note

        db_host is the Postgres Docker machine IP address or FQDN.

      5. After installation completes, check that all EMS services are running by entering the following command:

        systemctl --all --type=service | grep -E 'fcems|apache|redis|postgres'

        The output shows that postgresql.service status displays as exited. This is the expected status. EMS does not create this service, which only exists to pass commands to version-specific Postgres services. It displays as part of the output as the command filters for all services that contain "postgres" in the name.

      6. Access the EMS GUI and log in.
      7. If after initially installing EMS 7.4.1 you need to upgrade to a newer build, repeat step 3 with the new installation file.
    Previous
    Next