Fortinet white logo
Fortinet white logo

Administration Guide

Setting up a FortiEDR Core as a Jumpbox

Setting up a FortiEDR Core as a Jumpbox

While you do not need to set up any Cores for cloud deployment, you can optionally set up a Core as a Jumpbox on premise.

Preparing for the FortiEDR Core installation

The workstation, virtual machine or server on which the FortiEDR Core will be installed, must meet the following requirements:

  • System requirements: 2 CPUs, 4 GB of physical memory, 50 GB (non-SSD).
  • Has connectivity to a Local Area Network (for wired users) or a Wireless Network (for wireless users). If there is no connectivity, consult your IT support person.
  • Has connectivity to the FortiEDR Aggregator. You can check this by browsing to the Aggregator’s IP address. For problems connecting, see Troubleshooting.
  • Has connectivity to the FortiEDR Reputation Server at 35.186.218.233.
  • If the FortiEDR Core is deployed on your organization’s premises (on-premises) and you use a web proxy to filter requests, then before running the installer, set the system proxy to work with an HTTPS connection, as follows:
    • Edit the file /etc/environment to have a proxy address configuration, https_proxy or PAC address.

      For example: https_proxy=https://192.168.0.2:443

      (for PAC): https_proxy=pac+http://192.168.200.100/sample.pac, where the sample.pac file contains an HTTPS address of the proxy.

    • If the definitions of the system proxy are placed somewhere other than /etc/environment, then:
      • Copy the definitions to the file /etc/environment. Note that this affects all processes on the Linux system.
      • Define a specific environment variable for the FortiEDR Linux Core with the name nslo_https_proxy at the file /etc/environment

        For example: nslo_https_proxy=https://192.168.0.2:443

        (for PAC): nslo_https_proxy=pac+http://192.168.200.100/sample.pac

    Note

    For more details about installing a Core in a multi-organization environment, see the Core Registration section in Component registration in a multi-organization environment.

Installing the FortiEDR Core

The following describes how to install the FortiEDR Core.

  1. Create a new virtual serve by selecting File > New Virtual Machine.

  2. Select the Typical option and click Next.

  3. Select the I will install the operating system later option and click Next.

  4. Select the Linux radio button. In the Version field, select CentOS 64-bit and click Next. Alternatively, you can select a different generic Linux 64-bit in the Version field.

  5. Specify a name for the virtual machine such as FortiEDRCore and the location in which to store the provided ISO file and click Next.

  6. Change the Maximum disk size to 80 GB, leave the default option as Split virtual disk into multiple files and click Next.

  7. Click Finish.
  8. Right-click the new machine and select the Settings option.

  9. Select the Memory option and change the RAM to at least 8 GB.
  10. Select the Processors option and change the value to a total of at least two CPU Cores.
  11. Select the CD/DVD option and then select the Use ISO image file option on the right.
  12. Click the Browse button and select the ISO file provided by Fortinet for the FortiEDR Core. Click OK.
  13. Start the virtual machine. For example, by using the button shown below:

    The virtual machine automatically starts the installation process, which may take a few minutes.
  14. Wait until a success message is displayed requesting that you reboot.
  15. Reboot the virtual machine.
  16. Log into the virtual machine in order to continue the installation process.
    Login: root
    Change the root password, by entering any password you want and then retype it. The password must be strong enough according to Linux standards.
  17. Enter fortiedr config.
  18. At the prompt, enter your hostname (any hostname) and click Next.
  19. At the prompt, select the role of the virtual machine. For this installation, select CORE and click Next.
    NoteAfter the installation of the Core, you can configure the functionality of the Core as JumpBox in the INVENTORY > System Components tab of the Central Manager.
  20. At the prompt, enter the registration password.
    Note

    If this is a multi-tenant setup and this Core is to belong only to a specific organization, then the password should match the registration password that was provided upon creating that organization (listed under ADMINISTRATION > ORGANIZATIONS tab of the FortiEDR Central Manager).

  21. At the prompt, enter the Aggregator external IP address followed by the port (optional). If a port is not provided, the default port 8081 is used.
  22. At the prompt, enter this machine’s external IP address followed by the port (optional). If a port is not provided, the default port 555 is used.
  23. At the prompt, enter the Organization name. For a non-multi-tenant setup, this must be left empty.
  24. A list of network interfaces on this virtual machine displays. At the Pick your primary interface prompt, select the interface to be used as the primary network interface through which all FortiEDR Cores and FortiEDR Collectors will reach this server, and then click Next.
  25. At the Do you want to use DHCP prompt, do one of the following:
    1. Select Yes to use DHCP and click Next. Proceed to step 29 below.
    2. Select No to configure the IP of this virtual machine manually, and then click Next. Perform steps 26 through 34 below.
  26. At the prompt, enter the IP address of the machine that you are installing.
    Use the following format: xxx.xxx.xxx.xxx/yy, where yy is the routing prefix of the subnet.
  27. At the prompt, enter the default gateway and click Next.
  28. At the Please set your DNS server prompt, enter a valid IP address and click Next.
    Use the following format: xxx.xxx.xxx.xxx/yy, where yy is the routing prefix of the subnet.
  29. At the prompt, select No for debug mode.
  30. At the Please set the date prompt, verify the date and click Next. The installer automatically presents the current date. You can change this date, if necessary.
  31. At the Please set your Time prompt, set the time and click Next.
  32. At the prompt, select the timezone and country in which the server is being installed.
  33. At the Do you want to enable Web proxy prompt, select one of the following:
    • No (the default)
    • Yes (only for an on-premises Core installation, which should be configured to pass a web proxy)
  34. Wait a few moments while the installation processes, until you see the Installation completed successfully message.
  35. To verify that core installation succeeded, use the fortiedr status and fortiedr version commands.
  36. In the INVENTORY > System Components tab of the Central Manager, verify that the FortiEDR Core details are listed and configure the functionality of the Core as JumpBox.

Setting up a FortiEDR Core as a Jumpbox

Setting up a FortiEDR Core as a Jumpbox

While you do not need to set up any Cores for cloud deployment, you can optionally set up a Core as a Jumpbox on premise.

Preparing for the FortiEDR Core installation

The workstation, virtual machine or server on which the FortiEDR Core will be installed, must meet the following requirements:

  • System requirements: 2 CPUs, 4 GB of physical memory, 50 GB (non-SSD).
  • Has connectivity to a Local Area Network (for wired users) or a Wireless Network (for wireless users). If there is no connectivity, consult your IT support person.
  • Has connectivity to the FortiEDR Aggregator. You can check this by browsing to the Aggregator’s IP address. For problems connecting, see Troubleshooting.
  • Has connectivity to the FortiEDR Reputation Server at 35.186.218.233.
  • If the FortiEDR Core is deployed on your organization’s premises (on-premises) and you use a web proxy to filter requests, then before running the installer, set the system proxy to work with an HTTPS connection, as follows:
    • Edit the file /etc/environment to have a proxy address configuration, https_proxy or PAC address.

      For example: https_proxy=https://192.168.0.2:443

      (for PAC): https_proxy=pac+http://192.168.200.100/sample.pac, where the sample.pac file contains an HTTPS address of the proxy.

    • If the definitions of the system proxy are placed somewhere other than /etc/environment, then:
      • Copy the definitions to the file /etc/environment. Note that this affects all processes on the Linux system.
      • Define a specific environment variable for the FortiEDR Linux Core with the name nslo_https_proxy at the file /etc/environment

        For example: nslo_https_proxy=https://192.168.0.2:443

        (for PAC): nslo_https_proxy=pac+http://192.168.200.100/sample.pac

    Note

    For more details about installing a Core in a multi-organization environment, see the Core Registration section in Component registration in a multi-organization environment.

Installing the FortiEDR Core

The following describes how to install the FortiEDR Core.

  1. Create a new virtual serve by selecting File > New Virtual Machine.

  2. Select the Typical option and click Next.

  3. Select the I will install the operating system later option and click Next.

  4. Select the Linux radio button. In the Version field, select CentOS 64-bit and click Next. Alternatively, you can select a different generic Linux 64-bit in the Version field.

  5. Specify a name for the virtual machine such as FortiEDRCore and the location in which to store the provided ISO file and click Next.

  6. Change the Maximum disk size to 80 GB, leave the default option as Split virtual disk into multiple files and click Next.

  7. Click Finish.
  8. Right-click the new machine and select the Settings option.

  9. Select the Memory option and change the RAM to at least 8 GB.
  10. Select the Processors option and change the value to a total of at least two CPU Cores.
  11. Select the CD/DVD option and then select the Use ISO image file option on the right.
  12. Click the Browse button and select the ISO file provided by Fortinet for the FortiEDR Core. Click OK.
  13. Start the virtual machine. For example, by using the button shown below:

    The virtual machine automatically starts the installation process, which may take a few minutes.
  14. Wait until a success message is displayed requesting that you reboot.
  15. Reboot the virtual machine.
  16. Log into the virtual machine in order to continue the installation process.
    Login: root
    Change the root password, by entering any password you want and then retype it. The password must be strong enough according to Linux standards.
  17. Enter fortiedr config.
  18. At the prompt, enter your hostname (any hostname) and click Next.
  19. At the prompt, select the role of the virtual machine. For this installation, select CORE and click Next.
    NoteAfter the installation of the Core, you can configure the functionality of the Core as JumpBox in the INVENTORY > System Components tab of the Central Manager.
  20. At the prompt, enter the registration password.
    Note

    If this is a multi-tenant setup and this Core is to belong only to a specific organization, then the password should match the registration password that was provided upon creating that organization (listed under ADMINISTRATION > ORGANIZATIONS tab of the FortiEDR Central Manager).

  21. At the prompt, enter the Aggregator external IP address followed by the port (optional). If a port is not provided, the default port 8081 is used.
  22. At the prompt, enter this machine’s external IP address followed by the port (optional). If a port is not provided, the default port 555 is used.
  23. At the prompt, enter the Organization name. For a non-multi-tenant setup, this must be left empty.
  24. A list of network interfaces on this virtual machine displays. At the Pick your primary interface prompt, select the interface to be used as the primary network interface through which all FortiEDR Cores and FortiEDR Collectors will reach this server, and then click Next.
  25. At the Do you want to use DHCP prompt, do one of the following:
    1. Select Yes to use DHCP and click Next. Proceed to step 29 below.
    2. Select No to configure the IP of this virtual machine manually, and then click Next. Perform steps 26 through 34 below.
  26. At the prompt, enter the IP address of the machine that you are installing.
    Use the following format: xxx.xxx.xxx.xxx/yy, where yy is the routing prefix of the subnet.
  27. At the prompt, enter the default gateway and click Next.
  28. At the Please set your DNS server prompt, enter a valid IP address and click Next.
    Use the following format: xxx.xxx.xxx.xxx/yy, where yy is the routing prefix of the subnet.
  29. At the prompt, select No for debug mode.
  30. At the Please set the date prompt, verify the date and click Next. The installer automatically presents the current date. You can change this date, if necessary.
  31. At the Please set your Time prompt, set the time and click Next.
  32. At the prompt, select the timezone and country in which the server is being installed.
  33. At the Do you want to enable Web proxy prompt, select one of the following:
    • No (the default)
    • Yes (only for an on-premises Core installation, which should be configured to pass a web proxy)
  34. Wait a few moments while the installation processes, until you see the Installation completed successfully message.
  35. To verify that core installation succeeded, use the fortiedr status and fortiedr version commands.
  36. In the INVENTORY > System Components tab of the Central Manager, verify that the FortiEDR Core details are listed and configure the functionality of the Core as JumpBox.