Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiEDR/XDR 6.0.0 Administration Guide
    6.0.0
    6.2.0
    6.0.0
    5.2.1
    5.2.0
    5.1.0
    5.0.0
    4.2.0
    4.1.1
    4.1.0

    Setting up the FortiEDR Core

    Setting up the FortiEDR Core

    This topic includes the following sections:

    Prerequisites

    The workstation, virtual machine or server on which the FortiEDR Core will be installed, must meet the following requirements:

    • Complies with the requirements described in the System Requirements section in Appendix C – ON PREMISE DEPLOYMENTS.
    • Has connectivity to a Local Area Network (for wired users) or a Wireless Network (for wireless users). If there is no connectivity, consult your IT support person.
    • Has connectivity to the FortiEDR Aggregator. You can check this by browsing to the Aggregator’s IP address. For problems connecting, see Troubleshooting.
    • Has connectivity to the FortiEDR Reputation Server at reputation.cloud.ensilo.com.
    • If the FortiEDR Core is deployed on your organization’s premises (on-premises) and you use a web proxy to filter requests, then before running the installer, set the system proxy to work with an HTTPS connection, as follows:
      • Edit the file /etc/environment to have a proxy address configuration, https_proxy or PAC address.

        For example: https_proxy=https://192.168.0.2:443

        (for PAC): https_proxy=pac+http://192.168.200.100/sample.pac, where the sample.pac file contains an HTTPS address of the proxy.

      • If the definitions of the system proxy are placed somewhere other than /etc/environment, then:
        • Copy the definitions to the file /etc/environment. Note that this affects all processes on the Linux system.
        • Define a specific environment variable for the FortiEDR Linux Core with the name nslo_https_proxy at the file /etc/environment

          For example: nslo_https_proxy=https://192.168.0.2:443

          (for PAC): nslo_https_proxy=pac+http://192.168.200.100/sample.pac

      Note

      For more details about installing a Core in a multi-organization environment, see the Core Registration section in Component registration in a multi-organization environment.

    Installing the FortiEDR Core

    The following describes how to install the FortiEDR Core:

    1. Create a new virtual server by selecting File > New Virtual Machine.
    2. Select the Typical option and click Next.

    3. Select the I will install the operating system later option and click Next.

    4. Select the Linux radio button. In the Version field, select CentOS 64-bit and click Next. Alternatively, you can select a different generic Linux 64-bit in the Version field.

    5. Specify a name for the virtual machine such as FortiEDRCore and the location in which to store the provided ISO file and click Next.

    6. Change the Maximum disk size to 80 GB, leave the default option as Split virtual disk into multiple files and click Next.

    7. Click Finish.

    8. Right-click the new machine and select the Settings option.
    9. Select the Memory option and change the RAM to at least 8 GB.
    10. Select the Processors option and change the value to a total of at least two CPU Cores.
    11. Select the CD/DVD option and then select the Use ISO image file option on the right.

    12. Click the Browse button and select the ISO file provided by Fortinet for the FortiEDR Core. Click OK.
    13. Start the virtual machine. For example, by using the button shown below:

      The virtual machine automatically starts the installation process, which may take a few minutes.
    14. Wait until a success message is displayed requesting that you reboot.
    15. Reboot the virtual machine.
    16. Log into the virtual machine in order to continue the installation process.
      Login: root
      Change the root password, by entering any password you want and then retype it. The password must be strong enough according to Linux standards.
    17. Enter fortiedr config.
    18. At the prompt, select the role of the virtual machine. For this installation, select CORE and click Next.
      NoteAfter the installation of the Core, you can configure the functionality of the Core as Core only, Jumpbox, or Both in the INVENTORY > System Components tab of the Central Manager.
    19. At the prompt, enter your hostname (any hostname) and click Next.
    20. At the prompt, enter the Organization name if this Core is added to a multi-tenant environment and should work only with one organization. For a non-multi-tenant setup, leave the organization name empty. Click Next.
    21. At the prompt, enter the registration password.
      Note

      If this is a multi-tenant setup and this Core is to belong only to a specific organization, then the password should match the registration password that was provided upon creating that organization (listed under ADMINISTRATION > ORGANIZATIONS tab of the FortiEDR Central Manager).

    22. At the prompt, enter the Aggregator external IP address followed by the port (optional). If a port is not provided, the default port 8081 is used.
    23. At the prompt, enter this Core machine’s external IP address without the port.
    24. A list of network interfaces on this virtual machine displays. At the Pick your primary interface prompt, select the interface to be used as the primary network interface through which all FortiEDR Cores and FortiEDR Collectors will reach this server, and then click Next.
    25. At the Do you want to use DHCP prompt, do one of the following:
      1. Select yes to use DHCP and click Next. Proceed to step 29 below.
      2. Select no to configure the IP of this virtual machine manually, and then click Next. Perform steps 26 through 35 below.
    26. At the prompt, enter the IP address of the machine that you are installing.
      Use the following format: xxx.xxx.xxx.xxx/yy, where yy is the routing prefix of the subnet.
    27. At the prompt, enter the default gateway and click Next.
    28. At the Please set your DNS server prompt, enter a valid IP address and click Next.
      Use the following format: xxx.xxx.xxx.xxx/yy, where yy is the routing prefix of the subnet.
    29. At the prompt, select no for debug mode.
    30. At the Please set the date prompt, verify the date and click Next. The installer automatically presents the current date. You can change this date, if necessary.
    31. At the Please set your Time prompt, set the time and click Next.
    32. At the prompt, select the timezone and country in which the server is being installed.
    33. At the Do you want to enable Web proxy prompt, select one of the following:
      • yes—If you select yes, you must manually edit the /etc/environment file to configure the proxy address, which can be https_proxy (such as https_proxy=https://192.168.0.2:443) or PAC address (such as https_proxy=pac+http://192.168.200.100/sample.pac, where sample.pac is the file that contains an HTTPS address of the proxy.
      • no (default)
    34. If you selected yes in the previous step, at the Do you want to exclude proxy configuration for Aggregator communication? prompt, if the Aggregator is also installed on-premise, select yes to ignore the proxy for Core and Aggregator communication. Otherwise, select no.
    35. Wait a few moments while the installation processes, until you see the Installation completed successfully message.
    36. To verify that core installation succeeded, use the fortiedr status and fortiedr version commands.
    37. In the INVENTORY > System Components tab of the Central Manager, verify that the FortiEDR Core details are listed and configure the functionality of the Core as Core only, Jumpbox, or Both.

    1. Disconnect the ISO if it is not disconnected automatically.

    2. Configure the machine as Core by running fortiedr config in the VM CLI and specifying the VM network settings at the prompts.

    3. To verify that core installation succeeded, use the fortiedr status and fortiedr version commands.
    4. In the INVENTORY > System Components tab of the Central Manager, verify that the FortiEDR Core details are listed.
    Previous
    Next

    Setting up the FortiEDR Core

    Setting up the FortiEDR Core

    This topic includes the following sections:

    Prerequisites

    The workstation, virtual machine or server on which the FortiEDR Core will be installed, must meet the following requirements:

    • Complies with the requirements described in the System Requirements section in Appendix C – ON PREMISE DEPLOYMENTS.
    • Has connectivity to a Local Area Network (for wired users) or a Wireless Network (for wireless users). If there is no connectivity, consult your IT support person.
    • Has connectivity to the FortiEDR Aggregator. You can check this by browsing to the Aggregator’s IP address. For problems connecting, see Troubleshooting.
    • Has connectivity to the FortiEDR Reputation Server at reputation.cloud.ensilo.com.
    • If the FortiEDR Core is deployed on your organization’s premises (on-premises) and you use a web proxy to filter requests, then before running the installer, set the system proxy to work with an HTTPS connection, as follows:
      • Edit the file /etc/environment to have a proxy address configuration, https_proxy or PAC address.

        For example: https_proxy=https://192.168.0.2:443

        (for PAC): https_proxy=pac+http://192.168.200.100/sample.pac, where the sample.pac file contains an HTTPS address of the proxy.

      • If the definitions of the system proxy are placed somewhere other than /etc/environment, then:
        • Copy the definitions to the file /etc/environment. Note that this affects all processes on the Linux system.
        • Define a specific environment variable for the FortiEDR Linux Core with the name nslo_https_proxy at the file /etc/environment

          For example: nslo_https_proxy=https://192.168.0.2:443

          (for PAC): nslo_https_proxy=pac+http://192.168.200.100/sample.pac

      Note

      For more details about installing a Core in a multi-organization environment, see the Core Registration section in Component registration in a multi-organization environment.

    Installing the FortiEDR Core

    The following describes how to install the FortiEDR Core:

    1. Create a new virtual server by selecting File > New Virtual Machine.
    2. Select the Typical option and click Next.

    3. Select the I will install the operating system later option and click Next.

    4. Select the Linux radio button. In the Version field, select CentOS 64-bit and click Next. Alternatively, you can select a different generic Linux 64-bit in the Version field.

    5. Specify a name for the virtual machine such as FortiEDRCore and the location in which to store the provided ISO file and click Next.

    6. Change the Maximum disk size to 80 GB, leave the default option as Split virtual disk into multiple files and click Next.

    7. Click Finish.

    8. Right-click the new machine and select the Settings option.
    9. Select the Memory option and change the RAM to at least 8 GB.
    10. Select the Processors option and change the value to a total of at least two CPU Cores.
    11. Select the CD/DVD option and then select the Use ISO image file option on the right.

    12. Click the Browse button and select the ISO file provided by Fortinet for the FortiEDR Core. Click OK.
    13. Start the virtual machine. For example, by using the button shown below:

      The virtual machine automatically starts the installation process, which may take a few minutes.
    14. Wait until a success message is displayed requesting that you reboot.
    15. Reboot the virtual machine.
    16. Log into the virtual machine in order to continue the installation process.
      Login: root
      Change the root password, by entering any password you want and then retype it. The password must be strong enough according to Linux standards.
    17. Enter fortiedr config.
    18. At the prompt, select the role of the virtual machine. For this installation, select CORE and click Next.
      NoteAfter the installation of the Core, you can configure the functionality of the Core as Core only, Jumpbox, or Both in the INVENTORY > System Components tab of the Central Manager.
    19. At the prompt, enter your hostname (any hostname) and click Next.
    20. At the prompt, enter the Organization name if this Core is added to a multi-tenant environment and should work only with one organization. For a non-multi-tenant setup, leave the organization name empty. Click Next.
    21. At the prompt, enter the registration password.
      Note

      If this is a multi-tenant setup and this Core is to belong only to a specific organization, then the password should match the registration password that was provided upon creating that organization (listed under ADMINISTRATION > ORGANIZATIONS tab of the FortiEDR Central Manager).

    22. At the prompt, enter the Aggregator external IP address followed by the port (optional). If a port is not provided, the default port 8081 is used.
    23. At the prompt, enter this Core machine’s external IP address without the port.
    24. A list of network interfaces on this virtual machine displays. At the Pick your primary interface prompt, select the interface to be used as the primary network interface through which all FortiEDR Cores and FortiEDR Collectors will reach this server, and then click Next.
    25. At the Do you want to use DHCP prompt, do one of the following:
      1. Select yes to use DHCP and click Next. Proceed to step 29 below.
      2. Select no to configure the IP of this virtual machine manually, and then click Next. Perform steps 26 through 35 below.
    26. At the prompt, enter the IP address of the machine that you are installing.
      Use the following format: xxx.xxx.xxx.xxx/yy, where yy is the routing prefix of the subnet.
    27. At the prompt, enter the default gateway and click Next.
    28. At the Please set your DNS server prompt, enter a valid IP address and click Next.
      Use the following format: xxx.xxx.xxx.xxx/yy, where yy is the routing prefix of the subnet.
    29. At the prompt, select no for debug mode.
    30. At the Please set the date prompt, verify the date and click Next. The installer automatically presents the current date. You can change this date, if necessary.
    31. At the Please set your Time prompt, set the time and click Next.
    32. At the prompt, select the timezone and country in which the server is being installed.
    33. At the Do you want to enable Web proxy prompt, select one of the following:
      • yes—If you select yes, you must manually edit the /etc/environment file to configure the proxy address, which can be https_proxy (such as https_proxy=https://192.168.0.2:443) or PAC address (such as https_proxy=pac+http://192.168.200.100/sample.pac, where sample.pac is the file that contains an HTTPS address of the proxy.
      • no (default)
    34. If you selected yes in the previous step, at the Do you want to exclude proxy configuration for Aggregator communication? prompt, if the Aggregator is also installed on-premise, select yes to ignore the proxy for Core and Aggregator communication. Otherwise, select no.
    35. Wait a few moments while the installation processes, until you see the Installation completed successfully message.
    36. To verify that core installation succeeded, use the fortiedr status and fortiedr version commands.
    37. In the INVENTORY > System Components tab of the Central Manager, verify that the FortiEDR Core details are listed and configure the functionality of the Core as Core only, Jumpbox, or Both.

    1. Disconnect the ISO if it is not disconnected automatically.

    2. Configure the machine as Core by running fortiedr config in the VM CLI and specifying the VM network settings at the prompts.

    3. To verify that core installation succeeded, use the fortiedr status and fortiedr version commands.
    4. In the INVENTORY > System Components tab of the Central Manager, verify that the FortiEDR Core details are listed.
    Previous
    Next