Fortinet black logo

Administration Guide

Home FortiEDR/XDR 5.0.0 Administration Guide
5.0.0
6.2.0
6.0.0
5.2.1
5.2.0
5.1.0
5.0.0
4.2.0
4.1.1
4.1.0

Setting up a VM to be the FortiEDR Aggregator

Setting up a VM to be the FortiEDR Aggregator

To set up a VM to be the FortiEDR Aggregator:
  1. Create a new virtual server by selecting File > New Virtual Machine.
  2. Select Typical option and select Next.

  3. Select the I will install the operating system later option and click Next.

  4. Select the Linux radio button. In the Version field, select CentOS 7 64-bit and click Next.

  5. Specify a name for the virtual machine and the location in which to store the provided ISO file and click Next.

  6. Change the Maximum disk size according to system requirements listed in Appendix C – ON PREMISE DEPLOYMENTS, leave the default option as Split virtual disk into multiple files and click Next.

  7. Click Finish.

  8. Right-click the new machine and select the Settings option
  9. Select the Memory option and change the RAM according to the system requirements listed in Appendix C – ON PREMISE DEPLOYMENTS.

  10. Select the Processors option and change the value according to the system requirements.
  11. Select the CD/DVD option and then select the Use ISO image file option on the right.
  12. Click the Browse button and select the ISO file provided by Fortinet for the FortiEDR Central Manager. Click OK.
  13. Start the virtual machine.

    The virtual machine automatically starts the installation process, which may take a few minutes.
  14. Wait until a success message is displayed requesting that you reboot.
  15. Reboot the virtual machine.
  16. Log into the virtual machine in order to continue the installation process.
    Login: root
    Change the root password, by entering any password you want. Then re-type it. The password must be strong enough according to Linux standards.
  17. In the VM CLI, enter fortiedr config.
  18. At the prompt, enter your hostname and click Next. (Note: This can be any hostname)
  19. At the prompt, select aggregator to configure the VM as the Aggregator, and click Next.
  20. At the Please enter the management IP address prompt, enter the IP address to be used for communicating with the FortiEDR Central Manager and click Next.
  21. At the Please enter your registration password prompt, enter the user and password used to register the FortiEDR Aggregator with the FortiEDR Central Manager, which you configured in step 30 in the previous section, and click Next.
  22. At the Do you want to use DHCP prompt, select No to configure the IP of this virtual machine manually, and then click Next.
  23. At the prompt, enter the IP address of the machine that you are installing. Use the following format:
    xxx.xxx.xxx.xxx/yy, where yy is the routing prefix of the subnet.
  24. At the prompt, enter the default gateway and click Next.
  25. At the Please set your DNS server prompt, enter a valid IP address and click Next. Use the following format:
    xxx.xxx.xxx.xxx/yy, where yy is the routing prefix of the subnet.
  26. At the prompt, select No for debug mode.
  27. At the Please set the date prompt, verify the date and click Next. The installer automatically presents the current date. You can change this date, if necessary.
  28. At the Please set your Time prompt, set the time and click Next.
  29. At the prompt, select the timezone and country in which the server is being installed.
  30. Wait a few moments while the installation processes, until you see the Installation completed successfully message.
  31. If organizations are defined and the number of Collectors exceeds 10000, set up additional Aggregators by repeating the previous steps for each additional Aggregator.
  32. (Recommended) Define a DNS address for the Aggregator by following the steps below. Doing so avoids the need to reinstall all Collectors that are registered with the Aggregator IP when the Aggregator IP changes in some cases, such as when the Aggregator is migrated to a different data center.
    1. Define a DNS address for the Aggregator.
    2. Configure FortiEDR to disable the NAT IP and use the local IP of the Aggregator:
      1. Connnect to the FortiEDR Central Manager via ssh.
      2. Open the conf-customer.properties configuration file using the following command: vi/opt/FortiEDR/aggregator/confcustomer.properties.
      3. Comment out the connection.dnsname = 10.10.80.201 line as follows: #connection.dns-name = 10.10.80.201.
      4. Save the changes and restart the FortiEDR Aggregator service using the fortiedr aggregator restart command.
      5. Check the status of the Aggregator using the fortiedr aggregator status command.
Previous
Next

Setting up a VM to be the FortiEDR Aggregator

To set up a VM to be the FortiEDR Aggregator:
  1. Create a new virtual server by selecting File > New Virtual Machine.
  2. Select Typical option and select Next.

  3. Select the I will install the operating system later option and click Next.

  4. Select the Linux radio button. In the Version field, select CentOS 7 64-bit and click Next.

  5. Specify a name for the virtual machine and the location in which to store the provided ISO file and click Next.

  6. Change the Maximum disk size according to system requirements listed in Appendix C – ON PREMISE DEPLOYMENTS, leave the default option as Split virtual disk into multiple files and click Next.

  7. Click Finish.

  8. Right-click the new machine and select the Settings option
  9. Select the Memory option and change the RAM according to the system requirements listed in Appendix C – ON PREMISE DEPLOYMENTS.

  10. Select the Processors option and change the value according to the system requirements.
  11. Select the CD/DVD option and then select the Use ISO image file option on the right.
  12. Click the Browse button and select the ISO file provided by Fortinet for the FortiEDR Central Manager. Click OK.
  13. Start the virtual machine.

    The virtual machine automatically starts the installation process, which may take a few minutes.
  14. Wait until a success message is displayed requesting that you reboot.
  15. Reboot the virtual machine.
  16. Log into the virtual machine in order to continue the installation process.
    Login: root
    Change the root password, by entering any password you want. Then re-type it. The password must be strong enough according to Linux standards.
  17. In the VM CLI, enter fortiedr config.
  18. At the prompt, enter your hostname and click Next. (Note: This can be any hostname)
  19. At the prompt, select aggregator to configure the VM as the Aggregator, and click Next.
  20. At the Please enter the management IP address prompt, enter the IP address to be used for communicating with the FortiEDR Central Manager and click Next.
  21. At the Please enter your registration password prompt, enter the user and password used to register the FortiEDR Aggregator with the FortiEDR Central Manager, which you configured in step 30 in the previous section, and click Next.
  22. At the Do you want to use DHCP prompt, select No to configure the IP of this virtual machine manually, and then click Next.
  23. At the prompt, enter the IP address of the machine that you are installing. Use the following format:
    xxx.xxx.xxx.xxx/yy, where yy is the routing prefix of the subnet.
  24. At the prompt, enter the default gateway and click Next.
  25. At the Please set your DNS server prompt, enter a valid IP address and click Next. Use the following format:
    xxx.xxx.xxx.xxx/yy, where yy is the routing prefix of the subnet.
  26. At the prompt, select No for debug mode.
  27. At the Please set the date prompt, verify the date and click Next. The installer automatically presents the current date. You can change this date, if necessary.
  28. At the Please set your Time prompt, set the time and click Next.
  29. At the prompt, select the timezone and country in which the server is being installed.
  30. Wait a few moments while the installation processes, until you see the Installation completed successfully message.
  31. If organizations are defined and the number of Collectors exceeds 10000, set up additional Aggregators by repeating the previous steps for each additional Aggregator.
  32. (Recommended) Define a DNS address for the Aggregator by following the steps below. Doing so avoids the need to reinstall all Collectors that are registered with the Aggregator IP when the Aggregator IP changes in some cases, such as when the Aggregator is migrated to a different data center.
    1. Define a DNS address for the Aggregator.
    2. Configure FortiEDR to disable the NAT IP and use the local IP of the Aggregator:
      1. Connnect to the FortiEDR Central Manager via ssh.
      2. Open the conf-customer.properties configuration file using the following command: vi/opt/FortiEDR/aggregator/confcustomer.properties.
      3. Comment out the connection.dnsname = 10.10.80.201 line as follows: #connection.dns-name = 10.10.80.201.
      4. Save the changes and restart the FortiEDR Aggregator service using the fortiedr aggregator restart command.
      5. Check the status of the Aggregator using the fortiedr aggregator status command.
Previous
Next