Onboarding FortiGate, FortiClient EMS, and FortiSASE devices
To onboard FortiGate, FortiClient EMS, and FortiSASE devices:
-
Go to the SOCaaS portal welcome page.
-
In the Make New Service Request tile, click the Start Onboarding button to launch the New Onboarding wizard.
-
Complete the following onboarding steps in the wizard:
-
Select the new Fabric device(s) to be onboarded.
-
Only Fabric devices entitled to SOCaaS that are not yet onboarded are displayed.
-
You can select multiple types of Fabric devices, for example a SASE entitled FortiClient EMS as well as FortiGate devices sending their logs to an on-premises FortiAnalyzer.
FortiEDR devices cannot be onboarded alongside any other Fabric device. See Onboarding FortiEDR devices. -
-
(Optional) Enter the device information.
HA Mode Enable this setting when onboarding a device that is part of an HA cluster, and specify the HA Primary Serial Number (SN) of the primary device. The primary device can be a new device or a device already onboarded to SOCaaS.
Host Name Enter a host name for the device. Description Enter a description for the device. Location
Select the device's location. Locations can be specified by city and country. This location is used to show the devices on the map in the SOCaaS portal.
-
(Optional) Add monitoring subnets. You can define subnets to limit SOC monitoring by including or excluding specified subnets. By default, all subnets are monitored.
Click Add to create a new monitoring subnet, and configure the following information:
Type Select the type as either Include or Exclude.
When set to Include, the subnet or IP range will be monitored. When set to Exclude, the subnet or IP range will not be monitored.
Subnet Enter the subnet (CIDR) or IP range. Name A name is automatically created for the monitoring subnet, however, you can optionally replace it with a custom name. -
(Optional) Add a new contact for the onboarding device(s). Existing contacts, including the default contact, are automatically displayed and cannot be edited.
Name Enter the contact's name. Emails Enter the contact's email(s). Multiple email addresses can be separated using a comma. Primary Phone Enter the contact's primary phone number including the country code and area code. Secondary Phone
Enter the contact's secondary phone number including the country code and area code.
-
(Optional) Add escalation paths.
Escalation paths determine how security alerts are escalated by the SOC team to the contacts defined in the previous step. When no escalation paths are created, the default contact will be contacted.
When multiple escalation paths are created, alerts are escalated to the first escalation path with matching criteria based on their order on the page from top to bottom. You can reorder escalation paths by dragging them to your desired placement in the table.
To create new escalation paths, click Add and configure the following information:
Name Enter the name of the escalation path. Primary Contact and Secondary Contact Select the Primary Contacts and Secondary Contacts that were configured in the previous step. Included Devices or Excluded Devices Optionally, specify which devices are included in this escalation path by selecting them in the Included Devices or Excluded Devices fields. By default, all devices are included. Included Subnets and/or Excluded Subnets
Optionally, specify which subnets are included in this escalation path by selecting them in the Included Subnets or Excluded Subnets fields. By default, all subnets are included.
You can create additional subnets to include or exclude in escalation paths by clicking the + Add button.
-
On the Notes page, add the email address where you want to receive email notifications related to the onboarding process.
You can also include special requests and/or instructions for the SOCaaS team in the Notes textbox. For example, if the FortiCare account you use for submitting the onboarding request does not meet all the following requirements, please provide an explanation in the Notes textbox so that the SOCaaS Onboarding team can validate.
-
The FortiCare account uses a valid business email address. Webmail addresses like Gmail or Hotmail are not accepted.
-
Registered business domain or website and business address information has been added to the FortiCare account. Residential addresses are not accepted.
-
-
Review the details in the Summary page.
Once all fields are completed, you can review the summary of your changes before submitting the onboarding request. Click each tab to view the details you provided in the previous steps. Click Back to return to a previous step in the Wizard.
-
After the New Onboarding wizard is complete, a new service request with the Device Onboarding type is created. You can view the status and request details by going to Service Requests in the SOCaaS portal. See Service requests.
-