Fortinet black logo

Administration Guide

Home FortiEDR/XDR 5.0.0 Administration Guide

Setting up the FortiEDR Central Manager and Aggregator on the Same Machine

5.0.0
6.2.0
6.0.0
5.2.1
5.2.0
5.1.0
5.0.0
4.2.0
4.1.1
4.1.0
Copy Link
Copy Doc ID 82fbe02c-e479-11eb-97f7-00505692583a:182074
Download PDF

Setting up the FortiEDR Central Manager and Aggregator on the Same Machine

The following describes how to set up a VM to act as both the FortiEDR Central Manager and Aggregator.

The same ISO file is provided for setting up both the FortiEDR Central Manager and Aggregator. They can be installed on the same machine if no organization is defined and the number of Collectors does not exceed 5000. Otherwise, install them on different machines by referring to Setting up the FortiEDR Central Manager and Aggregator on different machines.

Setting up the FortiEDR Central Manager and Aggregator on the same VMware-based virtual server includes the following steps:

  1. Setting up a VM to be the FortiEDR Central Manager and Aggregator
  2. (Recommended) Defining a DNS Address for the Aggregator

Setting up a VM to be the FortiEDR Central Manager and Aggregator

  1. Create a new virtual server by selecting File > New Virtual Machine.
  2. Select Typical option and select Next.

  3. Select the I will install the operating system later option and click Next.

  4. Select the Linux radio button. In the Version field, select CentOS 7 64-bit and click Next.

  5. Specify a name for the virtual machine and the location in which to store the provided ISO file and click Next.

  6. Change the Maximum disk size according to system requirements listed in Appendix C – ON PREMISE DEPLOYMENTS, leave the default option as Split virtual disk into multiple files and click Next.

  7. Click Finish.

  8. Right-click the new machine and select the Settings option
  9. Select the Memory option and change the RAM according to the system requirements listed in Appendix C – ON PREMISE DEPLOYMENTS.

  10. Select the Processors option and change the value according to the system requirements.
  11. Select the CD/DVD option and then select the Use ISO image file option on the right.
  12. Click the Browse button and select the ISO file provided by Fortinet for the FortiEDR Central Manager. Click OK.
  13. Start the virtual machine.

    The virtual machine automatically starts the installation process, which may take a few minutes.
  14. Wait until a success message is displayed requesting that you reboot.
  15. Reboot the virtual machine.
  16. Log into the virtual machine in order to continue the installation process.
    Login: root
    Change the root password, by entering any password you want. Then re-type it. The password must be strong enough according to Linux standards.
  17. In the VM CLI, enter fortiedr config.
  18. At the prompt, enter your hostname and click Next. (Note: This can be any hostname)
  19. At the prompt, select both to configure the VM as both the Central Manager and Aggregator, and click Next.
  20. A list of network interfaces on this virtual machine displays. At the Pick your primary interface prompt, select the interface to be used as the primary network interface through which all FortiEDR Cores and FortiEDR Collectors will reach this server, and click Next.
  21. At the Do you want to use DHCP prompt, select No to configure the IP of this virtual machine manually, and then click Next.
  22. At the prompt, enter the IP address of the machine that you are installing. Use the following format:
    xxx.xxx.xxx.xxx/yy, where yy is the routing prefix of the subnet.
  23. At the prompt, enter the default gateway and click Next.
  24. At the Please set your DNS server prompt, enter a valid IP address and click Next. Use the following format:
    xxx.xxx.xxx.xxx/yy, where yy is the routing prefix of the subnet.
  25. At the prompt, select No for debug mode.
  26. At the Please set the date prompt, verify the date and click Next. The installer automatically presents the current date. You can change this date, if necessary.
  27. At the Please set your Time prompt, set the time and click Next.
  28. At the prompt, select the timezone and country in which the server is being installed.
  29. Wait a few moments while the installation processes, until you see the Installation completed successfully message.
  30. Configuring the FortiEDR Central Manager Server and Console.

(Recommended) Defining a DNS Address for the Aggregator

To avoid the need to reinstall all Collectors that are registered with the Aggregator IP when the Aggregator IP changes in some cases, such as when the Aggregator is migrated to a different data center, Fortinet recommends that you define a DNS address for the Aggregator by following the steps below:

  1. Define a DNS address for the Aggregator.
  2. Configure FortiEDR to disable the NAT IP and use the local IP of the Aggregator:
    1. Connnect to the FortiEDR Central Manager via ssh.
    2. Open the conf-customer.properties configuration file using the following command: vi/opt/FortiEDR/aggregator/confcustomer.properties.
    3. Comment out the connection.dnsname = 10.10.80.201 line as follows: #connection.dns-name = 10.10.80.201.
    4. Save the changes and restart the FortiEDR Aggregator service using the fortiedr aggregator restart command.
    5. Check the status of the Aggregator using the fortiedr aggregator status command.
Previous
Next

Setting up the FortiEDR Central Manager and Aggregator on the Same Machine

The following describes how to set up a VM to act as both the FortiEDR Central Manager and Aggregator.

The same ISO file is provided for setting up both the FortiEDR Central Manager and Aggregator. They can be installed on the same machine if no organization is defined and the number of Collectors does not exceed 5000. Otherwise, install them on different machines by referring to Setting up the FortiEDR Central Manager and Aggregator on different machines.

Setting up the FortiEDR Central Manager and Aggregator on the same VMware-based virtual server includes the following steps:

  1. Setting up a VM to be the FortiEDR Central Manager and Aggregator
  2. (Recommended) Defining a DNS Address for the Aggregator

Setting up a VM to be the FortiEDR Central Manager and Aggregator

  1. Create a new virtual server by selecting File > New Virtual Machine.
  2. Select Typical option and select Next.

  3. Select the I will install the operating system later option and click Next.

  4. Select the Linux radio button. In the Version field, select CentOS 7 64-bit and click Next.

  5. Specify a name for the virtual machine and the location in which to store the provided ISO file and click Next.

  6. Change the Maximum disk size according to system requirements listed in Appendix C – ON PREMISE DEPLOYMENTS, leave the default option as Split virtual disk into multiple files and click Next.

  7. Click Finish.

  8. Right-click the new machine and select the Settings option
  9. Select the Memory option and change the RAM according to the system requirements listed in Appendix C – ON PREMISE DEPLOYMENTS.

  10. Select the Processors option and change the value according to the system requirements.
  11. Select the CD/DVD option and then select the Use ISO image file option on the right.
  12. Click the Browse button and select the ISO file provided by Fortinet for the FortiEDR Central Manager. Click OK.
  13. Start the virtual machine.

    The virtual machine automatically starts the installation process, which may take a few minutes.
  14. Wait until a success message is displayed requesting that you reboot.
  15. Reboot the virtual machine.
  16. Log into the virtual machine in order to continue the installation process.
    Login: root
    Change the root password, by entering any password you want. Then re-type it. The password must be strong enough according to Linux standards.
  17. In the VM CLI, enter fortiedr config.
  18. At the prompt, enter your hostname and click Next. (Note: This can be any hostname)
  19. At the prompt, select both to configure the VM as both the Central Manager and Aggregator, and click Next.
  20. A list of network interfaces on this virtual machine displays. At the Pick your primary interface prompt, select the interface to be used as the primary network interface through which all FortiEDR Cores and FortiEDR Collectors will reach this server, and click Next.
  21. At the Do you want to use DHCP prompt, select No to configure the IP of this virtual machine manually, and then click Next.
  22. At the prompt, enter the IP address of the machine that you are installing. Use the following format:
    xxx.xxx.xxx.xxx/yy, where yy is the routing prefix of the subnet.
  23. At the prompt, enter the default gateway and click Next.
  24. At the Please set your DNS server prompt, enter a valid IP address and click Next. Use the following format:
    xxx.xxx.xxx.xxx/yy, where yy is the routing prefix of the subnet.
  25. At the prompt, select No for debug mode.
  26. At the Please set the date prompt, verify the date and click Next. The installer automatically presents the current date. You can change this date, if necessary.
  27. At the Please set your Time prompt, set the time and click Next.
  28. At the prompt, select the timezone and country in which the server is being installed.
  29. Wait a few moments while the installation processes, until you see the Installation completed successfully message.
  30. Configuring the FortiEDR Central Manager Server and Console.

(Recommended) Defining a DNS Address for the Aggregator

To avoid the need to reinstall all Collectors that are registered with the Aggregator IP when the Aggregator IP changes in some cases, such as when the Aggregator is migrated to a different data center, Fortinet recommends that you define a DNS address for the Aggregator by following the steps below:

  1. Define a DNS address for the Aggregator.
  2. Configure FortiEDR to disable the NAT IP and use the local IP of the Aggregator:
    1. Connnect to the FortiEDR Central Manager via ssh.
    2. Open the conf-customer.properties configuration file using the following command: vi/opt/FortiEDR/aggregator/confcustomer.properties.
    3. Comment out the connection.dnsname = 10.10.80.201 line as follows: #connection.dns-name = 10.10.80.201.
    4. Save the changes and restart the FortiEDR Aggregator service using the fortiedr aggregator restart command.
    5. Check the status of the Aggregator using the fortiedr aggregator status command.
Previous
Next