Appendix C – ON PREMISE DEPLOYMENTS
This chapter describes how to set up the FortiEDR backend components for on-premise deployments. Before you start, make sure that on-premise deployment is the most suitable option for you.
System requirements
The following tables lists the system requirements of each backend component. Make sure that all devices, workstations, virtual machines and servers on which a FortiEDR backend component will be installed comply with those requirements.
Component |
Central Manager |
Aggregator1 |
Threat Hunting Repository |
Core2 |
|
---|---|---|---|---|---|
Processor |
Intel or AMD x86 (64-bit) |
||||
Number of CPUs |
4 |
4 |
Varies by number of seats and period of required Threat Hunting data retention. Refer to the next table for requirements for one month of data retention for the extensive profile. |
|
|
Physical Memory |
16 GB |
16 GB |
|
||
Disk Space |
150 GB, SSD |
80 GB |
|
||
ISO Image OS | CentOS 7 |
CentOS 7 |
ESXi 7.0 |
CentOS 7 |
|
Listening Port3 |
443 |
|
|
555 |
|
Server Connectivity4 |
For communication with FortiEDR Cloud Service (FCS):
For Connectors and other integrations:
For AV signatures update:
|
N/A |
N/A |
|
|
1Refer to the following guidelines to determine the number of Aggregators you need to set up:
2Refer to the following guidelines to determine the number of Cores you need to set up:
3Ensure that these ports are not blocked by your firewall product (if one is deployed). As a security best practice, it is recommended to update the firewall rules so that they only have a narrow opening. For example:
4Ensure that these servers are not blocked by your firewall product (if one is deployed) and can be accessed by the corresponding component. |
Threat Hunting Repository CPU, Physical Memory, and Disk Space Requirements
Number of Seats | Number of VMs (Nodes) | Number of CPUs per VM (Node) | Memory per VM (Node) | OS Disk per VM (Node) | Data Disk per VM (Node) | ||
---|---|---|---|---|---|---|---|
2000 or fewer |
1 |
17 |
32 GB |
50 GB, non-SSD
|
1187 GB SSD or 34 GB SSD + 1153 GB non-SSD |
||
4000 | 27 | 34 GB | 2310 GB SSD or 34 GB SSD + 2300 GB non-SSD | ||||
6000 | 37 | 41 GB | 3410 GB SSD or 34 GB SSD + 3400 GB non-SSD | ||||
8000 | 47 | 48 GB | 4510 GB SSD or 34 GB SSD + 4500 GB non-SSD | ||||
10000 | 57 | 55 GB | 5610 GB SSD or 34 GB SSD + 5600 GB non-SSD | ||||
12000 | 67 | 62 GB | 6710 GB SSD or 34 GB SSD + 6700 GB non-SSD | ||||
14000 | 77 | 69 GB | 7810 GB SSD or 34 GB SSD + 7800 GB non-SSD | ||||
15000 | 3 | 30 | 27 GB | 3249 GB SSD or 11 GB SSD + 3237 GB non-SSD | |||
20000 | 40 | 35 GB | 4318 GB SSD or 11 GB SSD + 4306 GB non-SSD | ||||
25000 | 49 | 42 GB | 5387 GB SSD or 11 GB SSD + 5375 GB non-SSD | ||||
30000 | 58 | 47 GB | 6456 GB SSD or 11 GB SSD + 6444 GB non-SSD | ||||
For the Threat Hunting Repository specifications required for supporting more than 30000 Collectors, please contact Fortinet Support. |
Setting up FortiEDR components on-premise
Set up the system components top-down in the following order: