Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • User Guide

    Home SOCaaS User Guide

    MSSP and MSSP client onboarding

    MSSP and MSSP client onboarding

    The SOCaaS portal includes onboarding for MSSP accounts and MSSP clients.

    Onboarding as an MSSP

    To submit an MSSP onboarding request:

    1. Click the Start Onboarding button.

    2. In the Selection dialog, select MSSP to launch the SOCaaS Onboarding Wizard for MSSP.

      Note

      Choose MSSP onboarding only if you will add customers under your MSSP FortiCare ID (all clients under your MSSP Fortinet Account). If you manage customers under the customer's own FortiCare ID/Fortinet Account select Regular Customer onboarding.


    3. Complete the following onboarding steps in Onboarding wizard:

      1. Add the contacts for SOCaaS. At least one contact must be provided.

      2. On the Notes page, add the email address where you want to receive email notifications related to the onboarding process.

        You can also include special requests and/or instructions for the SOCaaS team in the Notes textbox. For example, if the FortiCare account you use for submitting the onboarding request does not meet all the following requirements, please provide an explanation in the Notes textbox so that the SOCaaS Onboarding team can validate.

        • The FortiCare account uses a valid business email address. Webmail addresses like Gmail or Hotmail are not accepted.

        • Registered business domain or website and business address information has been added to the FortiCare account. Residential addresses are not accepted.

      3. Review the details in the Summary page.

        Once all fields are completed, you can review the summary of your changes before submitting the onboarding request. Click each tab to view the details you provided in the previous steps. Click Back to return to a previous step in the Wizard.

    Onboarding MSSP clients

    To submit an MSSP Client onboarding request:

    1. On the SOCaaS landing page, do one of the following:

      1. If there are no clients onboarded for the MSSP account, click the Start MSSP Client Onboarding button.

      2. If there are already clients onboarded for the MSSP account, click the Start Onboarding button and select MSSP Client.

    2. Complete the following onboarding steps in Onboarding wizard:

      1. Enter a new client name in the Add New Client text field or select an existing client from the Select Client dropdown.

      2. Select the Fabric devices to be onboarded. Fabric devices entitled to SOCaaS are displayed.

        FortiEDR devices can only be added after the initial onboarding to SOCaaS is complete. See Additional device onboarding.

      3. Enter the device information.

        HA Mode

        Enable this setting for HA devices.

        This setting can be enabled on each Secondary device in the HA cluster. When enabled, a text field is displayed where you must provide the HA Primary Serial Number (SN).

        VDOM

        This option should only be used for a multi-tenancy scenario where a Fabric device is shared among multiple clients using VDOMs. In such cases, the VDOM box must be checked and the VDOM name provided must exactly match the one configured on the Fabric device.

        See Using Fabric device VDOMs for MSSP clients.
        Host Name Enter a host name for the device.
        Description Enter a description for the device.

        Location

        Select the device's location. Locations can be specified by city and country. This location is used to show the devices on the map in the SOCaaS portal.

      4. (Optional) Add monitoring subnets. You can define subnets to limit SOC monitoring by including or excluding specified subnets. By default, all subnets are monitored.

        Click Add to create a new monitoring subnet, and configure the following information:

        Type

        Select the type as either Include or Exclude.

        When set to Include, the subnet or IP range will be monitored. When set to Exclude, the subnet or IP range will not be monitored.
        Subnet Enter the subnet (CIDR) or IP range.
        Name A name is automatically created for the monitoring subnet, however, you can optionally replace it with a custom name.

      5. Add contacts. Add your primary and secondary contacts for escalations. Existing contacts that are associated with the selected client are displayed. These contacts are not editable.

      6. Add escalation paths.

        Escalation paths determine how security alerts are escalated by the SOC team to the contacts defined in the previous step. When no escalation paths are created, the default contact will be contacted.

        When multiple escalation paths are created, alerts are escalated to the first escalation path with matching criteria based on their order on the page from top to bottom. You can reorder escalation paths by dragging them to your desired placement in the table.

        To create new escalation paths, click Add and configure the following information:

        Name Enter the name of the escalation path.
        Primary Contact and Secondary Contact Select the Primary Contacts and Secondary Contacts that were configured in the previous step.
        Included Devices or Excluded Devices

        Optionally, specify which devices are included in this escalation path by selecting them in the Included Devices or Excluded Devices fields. By default, all devices are included.

        When VDOMs are involved, VDOM names are appended to the device names in the device dropdown list to distinguish different VDOMs.

        Included Subnets and/or Excluded Subnets

        Optionally, specify which subnets are included in this escalation path by selecting them in the Included Subnets or Excluded Subnets fields. By default, all subnets are included.

        You can create additional subnets to include or exclude in escalation paths by clicking the + Add button.

      7. On the Notes page, add the email address where you want to receive email notifications related to the onboarding process.

        You can also include special requests and/or instructions for the SOCaaS team in the Notes textbox. For example, if the FortiCare account you use for submitting the onboarding request does not meet all the following requirements, please provide an explanation in the Notes textbox so that the SOCaaS Onboarding team can validate.

        • The FortiCare account uses a valid business email address. Webmail addresses like Gmail or Hotmail are not accepted.

        • Registered business domain or website and business address information has been added to the FortiCare account. Residential addresses are not accepted.

      8. Review the details in the Summary page.

        Once all fields are completed, you can review the summary of your changes before submitting the onboarding request. Click each tab to view the details you provided in the previous steps. Click Back to return to a previous step in the Wizard.

    Using Fabric device VDOMs for MSSP clients

    When onboarding MSSP clients, you can specify the VDOM name for devices configured with VDOMs. This option should only be used for a multi-tenancy scenario where a Fabric device is shared among multiple clients using VDOMs. The configured VDOM name must exactly match the one configured on the Fabric device.

    Additional VDOMs on the Fabric device can be onboarded to SOCaaS after the initial onboarding. Fabric devices that had the VDOM option enabled during their initial onboarding can be reselected when onboarding a new MSSP client. The VDOM field for these devices on the Edit Devices step is enabled by default and cannot be disabled. You must provide the new VDOM name exactly how it is configured on the Fabric device. See Onboarding MSSP clients.
    VDOM information is displayed in various locations, such as the device name and alerts page.

    Previous
    Next

    MSSP and MSSP client onboarding

    MSSP and MSSP client onboarding

    The SOCaaS portal includes onboarding for MSSP accounts and MSSP clients.

    Onboarding as an MSSP

    To submit an MSSP onboarding request:

    1. Click the Start Onboarding button.

    2. In the Selection dialog, select MSSP to launch the SOCaaS Onboarding Wizard for MSSP.

      Note

      Choose MSSP onboarding only if you will add customers under your MSSP FortiCare ID (all clients under your MSSP Fortinet Account). If you manage customers under the customer's own FortiCare ID/Fortinet Account select Regular Customer onboarding.


    3. Complete the following onboarding steps in Onboarding wizard:

      1. Add the contacts for SOCaaS. At least one contact must be provided.

      2. On the Notes page, add the email address where you want to receive email notifications related to the onboarding process.

        You can also include special requests and/or instructions for the SOCaaS team in the Notes textbox. For example, if the FortiCare account you use for submitting the onboarding request does not meet all the following requirements, please provide an explanation in the Notes textbox so that the SOCaaS Onboarding team can validate.

        • The FortiCare account uses a valid business email address. Webmail addresses like Gmail or Hotmail are not accepted.

        • Registered business domain or website and business address information has been added to the FortiCare account. Residential addresses are not accepted.

      3. Review the details in the Summary page.

        Once all fields are completed, you can review the summary of your changes before submitting the onboarding request. Click each tab to view the details you provided in the previous steps. Click Back to return to a previous step in the Wizard.

    Onboarding MSSP clients

    To submit an MSSP Client onboarding request:

    1. On the SOCaaS landing page, do one of the following:

      1. If there are no clients onboarded for the MSSP account, click the Start MSSP Client Onboarding button.

      2. If there are already clients onboarded for the MSSP account, click the Start Onboarding button and select MSSP Client.

    2. Complete the following onboarding steps in Onboarding wizard:

      1. Enter a new client name in the Add New Client text field or select an existing client from the Select Client dropdown.

      2. Select the Fabric devices to be onboarded. Fabric devices entitled to SOCaaS are displayed.

        FortiEDR devices can only be added after the initial onboarding to SOCaaS is complete. See Additional device onboarding.

      3. Enter the device information.

        HA Mode

        Enable this setting for HA devices.

        This setting can be enabled on each Secondary device in the HA cluster. When enabled, a text field is displayed where you must provide the HA Primary Serial Number (SN).

        VDOM

        This option should only be used for a multi-tenancy scenario where a Fabric device is shared among multiple clients using VDOMs. In such cases, the VDOM box must be checked and the VDOM name provided must exactly match the one configured on the Fabric device.

        See Using Fabric device VDOMs for MSSP clients.
        Host Name Enter a host name for the device.
        Description Enter a description for the device.

        Location

        Select the device's location. Locations can be specified by city and country. This location is used to show the devices on the map in the SOCaaS portal.

      4. (Optional) Add monitoring subnets. You can define subnets to limit SOC monitoring by including or excluding specified subnets. By default, all subnets are monitored.

        Click Add to create a new monitoring subnet, and configure the following information:

        Type

        Select the type as either Include or Exclude.

        When set to Include, the subnet or IP range will be monitored. When set to Exclude, the subnet or IP range will not be monitored.
        Subnet Enter the subnet (CIDR) or IP range.
        Name A name is automatically created for the monitoring subnet, however, you can optionally replace it with a custom name.

      5. Add contacts. Add your primary and secondary contacts for escalations. Existing contacts that are associated with the selected client are displayed. These contacts are not editable.

      6. Add escalation paths.

        Escalation paths determine how security alerts are escalated by the SOC team to the contacts defined in the previous step. When no escalation paths are created, the default contact will be contacted.

        When multiple escalation paths are created, alerts are escalated to the first escalation path with matching criteria based on their order on the page from top to bottom. You can reorder escalation paths by dragging them to your desired placement in the table.

        To create new escalation paths, click Add and configure the following information:

        Name Enter the name of the escalation path.
        Primary Contact and Secondary Contact Select the Primary Contacts and Secondary Contacts that were configured in the previous step.
        Included Devices or Excluded Devices

        Optionally, specify which devices are included in this escalation path by selecting them in the Included Devices or Excluded Devices fields. By default, all devices are included.

        When VDOMs are involved, VDOM names are appended to the device names in the device dropdown list to distinguish different VDOMs.

        Included Subnets and/or Excluded Subnets

        Optionally, specify which subnets are included in this escalation path by selecting them in the Included Subnets or Excluded Subnets fields. By default, all subnets are included.

        You can create additional subnets to include or exclude in escalation paths by clicking the + Add button.

      7. On the Notes page, add the email address where you want to receive email notifications related to the onboarding process.

        You can also include special requests and/or instructions for the SOCaaS team in the Notes textbox. For example, if the FortiCare account you use for submitting the onboarding request does not meet all the following requirements, please provide an explanation in the Notes textbox so that the SOCaaS Onboarding team can validate.

        • The FortiCare account uses a valid business email address. Webmail addresses like Gmail or Hotmail are not accepted.

        • Registered business domain or website and business address information has been added to the FortiCare account. Residential addresses are not accepted.

      8. Review the details in the Summary page.

        Once all fields are completed, you can review the summary of your changes before submitting the onboarding request. Click each tab to view the details you provided in the previous steps. Click Back to return to a previous step in the Wizard.

    Using Fabric device VDOMs for MSSP clients

    When onboarding MSSP clients, you can specify the VDOM name for devices configured with VDOMs. This option should only be used for a multi-tenancy scenario where a Fabric device is shared among multiple clients using VDOMs. The configured VDOM name must exactly match the one configured on the Fabric device.

    Additional VDOMs on the Fabric device can be onboarded to SOCaaS after the initial onboarding. Fabric devices that had the VDOM option enabled during their initial onboarding can be reselected when onboarding a new MSSP client. The VDOM field for these devices on the Edit Devices step is enabled by default and cannot be disabled. You must provide the new VDOM name exactly how it is configured on the Fabric device. See Onboarding MSSP clients.
    VDOM information is displayed in various locations, such as the device name and alerts page.

    Previous
    Next