FortiInsight agent installation

Follow these procedures to install the FortiInsight agent on either support versions of Windows or Mac OSX.

Prerequisites

Configure firewall rules to allow a network route between the FortiInsight agent and the FortiInsight Cloud service. The default port is TCP 8080 (HTTPS). You can do this either during or after installation.

Downloading the latest endpoint agent installer

You download FortiInsight agent installation software from the FortiInsight UI.

Go to Admin > Endpoints.
Click Get Latest Endpoint Installers.
For Windows installation select Download on the Windows File Agent section.
- Follow the steps for Installing the FortiInsight agent for Windows below.
For Mac installation select Download on the Mac File Agent section.
- Follow the steps for Installing the FortiInsight agent for Mac OS below.

Endpoint agent download window example

Installing the FortiInsight agent for Windows

Follow these steps to install and run the FortiInsight agent. By default, the FortiInsight agent installer installs the software in the <Windows drive>:\Program Files (x86)\Fortinet\FortiInsight\ or <Windows drive>:\Program Files\Fortinet\FortiInsight\ directory.

Double-click the FortiInsight agent installer and follow the instructions in the installation wizard.
In the Primary address and port field, enter the address and port information for your primary FortiInsight Cloud service.
In the Secondary address and port field, enter the address and port information for your secondary FortiInsight Cloud service. If you do not have a secondary FortiInsight Cloud service, it is recommended that you add the primary FortiInsight Cloud service settings to these fields instead.
In the Maximum offline database size field, enter a limit. This setting is useful for virtualized deployments when the user profile is copied on and off the machine to a remote location.
If you want the agent to automatically submit crash dump and text logs data to Fortinet (using HTTPS), select the Enable error reporting checkbox.
Click Next, and then Install.
To complete the installation, click Finish.
Verify that communication between the FortiInsight Mac OS agent and the FortiInsight backend is working properly by following the verification process.

Package management installation

The following instructions are intended for system administrators who can use package management software to push the FortiInsight agent out to endpoints.

Installing or updating the agent using MsiExec

To install the FortiInsight agent using MsiExec, use the MSI package that is provided. You must also set some additional parameters. To run the MSI package, a user requires elevated privileges such as the ones granted by the administrators group.

You can also use the MSI installer to update the agent. To update the agent, run the command again with a new version of the FortiInsight agent and the installer will find and replace the product.

Install the agent using one of the following options:

To install the agent without logging, use the following command:
msiexec /i cms.msi /norestart /qn CS_ADDRESS=https://<primary_server> CS_ADDRESS_PORT=<primary_port> CS_ADDRESS_SECONDARY=https://<secondary_server> CS_ADDRESS_PORT_SECONDARY=<secondary_port> ERROR_REPORTING=1 OFFLINE_DB_SIZE_MB=<db_limit>
To install the agent with logging, use the following command:
msiexec /i cms.msi /norestart /qn CS_ADDRESS= https://<primary_server> CS_ADDRESS_PORT=<primary_port> CS_ADDRESS_SECONDARY= https://<secondary_server> CS_ADDRESS_PORT_SECONDARY=<secondary_port> ERROR_REPORTING=1 OFFLINE_DB_SIZE_MB=<db_limit> /L*Vx <log_filename>

where:

Parameter	Description
`<primary_server>`	The address of the primary FortiInsight Cloud service.
`<primary_port>`	The port number of the primary FortiInsight Cloud service (for example, 8080).
`<secondary_server>`	The address of the secondary FortiInsight Cloud service.
`<secondary_port>`	The port number of the secondary FortiInsight Cloud service.
`<db_limit>`	Specify a limit for the offline database (for example, 10280). The offline database will not grow beyond the maximum size that you specify.

If required, you can specify the following optional parameters:

Parameter	Description
`ERROR_REPORTING=1`	Turn on agent error reporting, which creates and uploads error reports to Fortinet.
`/L*Vx <log_filename>`	Write verbose output to the log file that you specify (for example, install.log).
`REBOOT=ReallySuppress`	Prevent soft reboots.
`INSTALLFOLDER=<folder_location>`	Specify an alternate installation folder (for example, T:\ZF).

Uninstalling using MsiExec

To uninstall the FortiInsight agent, use the following command. To run the MSI package, a user requires elevated privileges such as the ones granted by the administrators group.

msiexec /x cms.msi /norestart /qn /L*Vx uninstall.log

When using a deployment technology such as SCCM, you must make sure that the package (cms.msi) is available on the target machine - it must also have permissions for SCCM runners to interact with the directory on the target.

Installing the FortiInsight agent for MAC OS

Follow these steps to install and run the FortiInsight agent.

Unzip the compressed agent package
Double click the FortiInsight.pkg, package file and follow the install wizard.
Follow the instructions to set the FortiInsight Cloud Service settings for the Mac OS Agent.

Package management installation

Installing or updating the agent using Installer

Unzip the compressed agent package.
In a Terminal window, change to the folder containing the FortiInsight.pkg file and run the installer:

sudo installer -pkg ./ FortiInsight.pkg -target /
Follow the instructions to set the FortiInsight Cloud Service settings for the Mac OS Agent.

Note: After installation, the daemon is immediately launched.

Uninstalling the FortiInsight Mac OS Agent

To uninstall the FortiInsight Mac OS Agent, run the following steps:

sudo launchctl unload /Library/LaunchDaemons/com.fortinet.fortiinsight.daemon.plist
sudo launchctl unload /Library/LaunchAgents/com.fortinet.fortiinsight.agent.plist
sudo -u root launchctl unload /Library/LaunchAgents/com.fortinet.fortiinsight.agent.plist 2>/dev/null
sudo rm -r /Library/Extensions/FortiInsight.kext
sudo touch /Library/Extensions/
sudo rm -r /usr/local/libexec/fortiinsight
sudo rm -r /usr/local/libexec/fortiinsightagent
sudo rm /Library/LaunchDaemons/com.fortinet.fortiinsight.daemon.plist
sudo rm /Library/LaunchAgents/com.fortinet.fortiinsight.agent.plist
sudo defaults delete com.fortinet.fortiinsight

Setting the FortiInsight Cloud Service settings

1. To configure the agent to connect to your Collector Server, you must set the correct URL to be used. In a Terminal window, run the following command supplying the URL in the correct format including the port number and ending in /api/, for example https://fortinet.fortiinsight.cloud:8080/api/.

sudo defaults write com.fortinet.fortiinsight ServerURL -string <Collector_Server_URL>

Note: Settings are only re-read on daemon launch, so you must restart the daemon (or reboot the machine) for changes to take effect.

In a Terminal window, to restart the daemon, run:

sudo launchctl unload /Library/LaunchDaemons/com.fortinet.fortiinsight.daemon.plist

sudo launchctl load /Library/LaunchDaemons/com.fortinet.fortiinsight.daemon.plist
After a successful installation, there should be two processes running: FortiInsight, FortiInsightAgent.

Verify that communication between the FortiInsight Mac OS agent and the FortiInsight backend is working properly by following the verification process.

Parameter	Description
`<Collector_Server_URL>`	The address of the primary FortiInsight Cloud service.

Verifying that the agent is reporting to the FortiInsight Cloud service

Follow these steps to verify that the FortiInsight agent is reporting to the FortiInsight Cloud service.

Log in to the FortiInsight UI as an administrator.
Go to Admin > Endpoints.

By default, all agents are listed in the table. Agent details include both the registered time and information about the last activity. To sort the list to display new agents first, click the Registered (UTC) heading.

If an agent does not appear within 10 minutes, see Troubleshooting for more information about steps that you can take to determine why the agent is unable to send data correctly.

Troubleshooting

Whitelist files if antivirus software interferes with FortiInsight on Windows

If antivirus software interferes with FortiInsight, you can consider whitelisting the following files on the endpoint. This is useful if the antivirus software uses application sandboxing heuristics that wrap around any new applications. This can result in high CPU and memory usage and can significantly slow down the machine.

x64

<Windows drive>:\Program Files (x86)\Fortinet\FortiInsight\end.col.man.exe
<Windows drive>:\Program Files (x86)\Fortinet\FortiInsight\end.col.man.xml
<Windows drive>:\Program Files (x86)\Fortinet\FortiInsight\*.tmp
<Windows drive>:\Program Files (x86)\Fortinet\FortiInsight\data\agentID.bin
<Windows drive>:\Program Files (x86)\Fortinet\FortiInsight\data\agentSettings.xml
<Windows drive>:\Program Files (x86)\Fortinet\FortiInsight\data\offline.sqlite
<Windows drive>:\Program Files (x86)\Fortinet\FortiInsight\logs\cms*.log
<Windows drive>:\Windows\System32\drivers\KernelAgent32.sys
%appdata%\Fortinet\FortiInsight\*

x86

<Windows drive>:\Program Files\Fortinet\FortiInsight\end.col.man.exe
<Windows drive>:\Program Files\Fortinet\FortiInsight\end.col.man.xml
<Windows drive>:\Program Files\Fortinet\FortiInsight\*.tmp
<Windows drive>:\Program Files\Fortinet\FortiInsight\data\agentID.bin
<Windows drive>:\Program Files\Fortinet\FortiInsight\data\agentSettings.xml
<Windows drive>:\Program Files\Fortinet\FortiInsight\data\offline.sqlite
<Windows drive>:\Program Files\Fortinet\FortiInsight\logs\cms*.log
<Windows drive>:\Windows\System32\drivers\KernelAgent32.sys
%appdata%\Fortinet\FortiInsight\*

How to verify FortiInsight Cloud service details in the config files on Windows

Navigate to the directory where the FortiInsight agent is installed. By default, FortiInsight installs the agent software in the <Windows drive>:\Program Files (x86)\Fortinet\FortiInsight directory.
Open the end.col.man.xml config file.
Confirm that the Host and Port values are correct for your FortiInsight server installation. If the entries are wrong, edit the file and enter the correct values. Save the file, and the configuration changes automatically take effect.

How to verify FortiInsight Cloud service details in the FortiInsight defaults on Mac OS

In a Terminal windows run the following:

sudo defaults read com.fortinet.fortiinsight

This will print the last known setting for the defaults for the FortiInsight Mac OS Agent, example:

{

ServerURL = "https://fortinet.fortiinsight.cloud:8080/api/";

}

How to verify that the host computer can reach the FortiInsight Cloud service

In a web browser, visit https://<ip_address>:<port_number> (insert the appropriate IP address or HTTPS IP address from your config file or Customer Specific Information document).

You should see an JSON document with version numbers similar to the following:

{

"Version": "4.0.14.0",

"ApiVersions": [

"1.0",

"1.1",

"1.2",

"1.3",

"1.4",

"2.0",

"2.8"

]

}

How to gather data for a Fortinet Support request for Windows

If you need to contact Fortinet Support for help, gather the following data and have the cms.log file ready to share with Fortinet Support.

Navigate to the directory where the FortiInsight agent is installed. By default, FortiInsight installs the agent software in the <Windows drive>:\Program Files (x86)\Fortinet\FortiInsight directory.
Open the end.col.man.xml config file.
Change the LogLevel value from 4 to 2, and save the file.
Wait 5 minutes to allow for data to be gathered.
Open the end.col.man.xml config file.
Change the LogLevel value from 2 to 4, and save the file.
Navigate to the logs folder in the agent installation folder and locate the cms.log file. Have the file ready to share with Fortinet Support.

How to gather data for a Fortinet Support request for Mac OS

If you need to contact Fortinet Support for help, gather the following data and have the FortiInsight.log file ready to share with Fortinet Support.

Read the current settings from the defaults and ensure they are correct
Collect the latest log file from /var/log/FortiInsight.log. Have the file ready to share with Fortinet Support.

FortiInsight agent installation

Follow these procedures to install the FortiInsight agent on either support versions of Windows or Mac OSX.

Prerequisites

Configure firewall rules to allow a network route between the FortiInsight agent and the FortiInsight Cloud service. The default port is TCP 8080 (HTTPS). You can do this either during or after installation.

Downloading the latest endpoint agent installer

You download FortiInsight agent installation software from the FortiInsight UI.

Go to Admin > Endpoints.
Click Get Latest Endpoint Installers.
For Windows installation select Download on the Windows File Agent section.
- Follow the steps for Installing the FortiInsight agent for Windows below.
For Mac installation select Download on the Mac File Agent section.
- Follow the steps for Installing the FortiInsight agent for Mac OS below.

Endpoint agent download window example

Installing the FortiInsight agent for Windows

Double-click the FortiInsight agent installer and follow the instructions in the installation wizard.
In the Primary address and port field, enter the address and port information for your primary FortiInsight Cloud service.
In the Secondary address and port field, enter the address and port information for your secondary FortiInsight Cloud service. If you do not have a secondary FortiInsight Cloud service, it is recommended that you add the primary FortiInsight Cloud service settings to these fields instead.
In the Maximum offline database size field, enter a limit. This setting is useful for virtualized deployments when the user profile is copied on and off the machine to a remote location.
If you want the agent to automatically submit crash dump and text logs data to Fortinet (using HTTPS), select the Enable error reporting checkbox.
Click Next, and then Install.
To complete the installation, click Finish.
Verify that communication between the FortiInsight Mac OS agent and the FortiInsight backend is working properly by following the verification process.

Package management installation

The following instructions are intended for system administrators who can use package management software to push the FortiInsight agent out to endpoints.

Installing or updating the agent using MsiExec

You can also use the MSI installer to update the agent. To update the agent, run the command again with a new version of the FortiInsight agent and the installer will find and replace the product.

Install the agent using one of the following options:

To install the agent without logging, use the following command:
msiexec /i cms.msi /norestart /qn CS_ADDRESS=https://<primary_server> CS_ADDRESS_PORT=<primary_port> CS_ADDRESS_SECONDARY=https://<secondary_server> CS_ADDRESS_PORT_SECONDARY=<secondary_port> ERROR_REPORTING=1 OFFLINE_DB_SIZE_MB=<db_limit>
To install the agent with logging, use the following command:
msiexec /i cms.msi /norestart /qn CS_ADDRESS= https://<primary_server> CS_ADDRESS_PORT=<primary_port> CS_ADDRESS_SECONDARY= https://<secondary_server> CS_ADDRESS_PORT_SECONDARY=<secondary_port> ERROR_REPORTING=1 OFFLINE_DB_SIZE_MB=<db_limit> /L*Vx <log_filename>

where:

Parameter	Description
`<primary_server>`	The address of the primary FortiInsight Cloud service.
`<primary_port>`	The port number of the primary FortiInsight Cloud service (for example, 8080).
`<secondary_server>`	The address of the secondary FortiInsight Cloud service.
`<secondary_port>`	The port number of the secondary FortiInsight Cloud service.
`<db_limit>`	Specify a limit for the offline database (for example, 10280). The offline database will not grow beyond the maximum size that you specify.

If required, you can specify the following optional parameters:

Parameter	Description
`ERROR_REPORTING=1`	Turn on agent error reporting, which creates and uploads error reports to Fortinet.
`/L*Vx <log_filename>`	Write verbose output to the log file that you specify (for example, install.log).
`REBOOT=ReallySuppress`	Prevent soft reboots.
`INSTALLFOLDER=<folder_location>`	Specify an alternate installation folder (for example, T:\ZF).

Uninstalling using MsiExec

To uninstall the FortiInsight agent, use the following command. To run the MSI package, a user requires elevated privileges such as the ones granted by the administrators group.

msiexec /x cms.msi /norestart /qn /L*Vx uninstall.log

Installing the FortiInsight agent for MAC OS

Follow these steps to install and run the FortiInsight agent.

Unzip the compressed agent package
Double click the FortiInsight.pkg, package file and follow the install wizard.
Follow the instructions to set the FortiInsight Cloud Service settings for the Mac OS Agent.

Package management installation

Installing or updating the agent using Installer

Unzip the compressed agent package.
In a Terminal window, change to the folder containing the FortiInsight.pkg file and run the installer:

sudo installer -pkg ./ FortiInsight.pkg -target /
Follow the instructions to set the FortiInsight Cloud Service settings for the Mac OS Agent.

Note: After installation, the daemon is immediately launched.

Uninstalling the FortiInsight Mac OS Agent

To uninstall the FortiInsight Mac OS Agent, run the following steps:

sudo launchctl unload /Library/LaunchDaemons/com.fortinet.fortiinsight.daemon.plist
sudo launchctl unload /Library/LaunchAgents/com.fortinet.fortiinsight.agent.plist
sudo -u root launchctl unload /Library/LaunchAgents/com.fortinet.fortiinsight.agent.plist 2>/dev/null
sudo rm -r /Library/Extensions/FortiInsight.kext
sudo touch /Library/Extensions/
sudo rm -r /usr/local/libexec/fortiinsight
sudo rm -r /usr/local/libexec/fortiinsightagent
sudo rm /Library/LaunchDaemons/com.fortinet.fortiinsight.daemon.plist
sudo rm /Library/LaunchAgents/com.fortinet.fortiinsight.agent.plist
sudo defaults delete com.fortinet.fortiinsight

Setting the FortiInsight Cloud Service settings

1. To configure the agent to connect to your Collector Server, you must set the correct URL to be used. In a Terminal window, run the following command supplying the URL in the correct format including the port number and ending in /api/, for example https://fortinet.fortiinsight.cloud:8080/api/.

sudo defaults write com.fortinet.fortiinsight ServerURL -string <Collector_Server_URL>

Note: Settings are only re-read on daemon launch, so you must restart the daemon (or reboot the machine) for changes to take effect.

In a Terminal window, to restart the daemon, run:

sudo launchctl unload /Library/LaunchDaemons/com.fortinet.fortiinsight.daemon.plist

sudo launchctl load /Library/LaunchDaemons/com.fortinet.fortiinsight.daemon.plist
After a successful installation, there should be two processes running: FortiInsight, FortiInsightAgent.

Verify that communication between the FortiInsight Mac OS agent and the FortiInsight backend is working properly by following the verification process.

Parameter	Description
`<Collector_Server_URL>`	The address of the primary FortiInsight Cloud service.

Verifying that the agent is reporting to the FortiInsight Cloud service

Follow these steps to verify that the FortiInsight agent is reporting to the FortiInsight Cloud service.

Log in to the FortiInsight UI as an administrator.
Go to Admin > Endpoints.

By default, all agents are listed in the table. Agent details include both the registered time and information about the last activity. To sort the list to display new agents first, click the Registered (UTC) heading.

If an agent does not appear within 10 minutes, see Troubleshooting for more information about steps that you can take to determine why the agent is unable to send data correctly.

Troubleshooting

Whitelist files if antivirus software interferes with FortiInsight on Windows

x64

<Windows drive>:\Program Files (x86)\Fortinet\FortiInsight\end.col.man.exe
<Windows drive>:\Program Files (x86)\Fortinet\FortiInsight\end.col.man.xml
<Windows drive>:\Program Files (x86)\Fortinet\FortiInsight\*.tmp
<Windows drive>:\Program Files (x86)\Fortinet\FortiInsight\data\agentID.bin
<Windows drive>:\Program Files (x86)\Fortinet\FortiInsight\data\agentSettings.xml
<Windows drive>:\Program Files (x86)\Fortinet\FortiInsight\data\offline.sqlite
<Windows drive>:\Program Files (x86)\Fortinet\FortiInsight\logs\cms*.log
<Windows drive>:\Windows\System32\drivers\KernelAgent32.sys
%appdata%\Fortinet\FortiInsight\*

x86

<Windows drive>:\Program Files\Fortinet\FortiInsight\end.col.man.exe
<Windows drive>:\Program Files\Fortinet\FortiInsight\end.col.man.xml
<Windows drive>:\Program Files\Fortinet\FortiInsight\*.tmp
<Windows drive>:\Program Files\Fortinet\FortiInsight\data\agentID.bin
<Windows drive>:\Program Files\Fortinet\FortiInsight\data\agentSettings.xml
<Windows drive>:\Program Files\Fortinet\FortiInsight\data\offline.sqlite
<Windows drive>:\Program Files\Fortinet\FortiInsight\logs\cms*.log
<Windows drive>:\Windows\System32\drivers\KernelAgent32.sys
%appdata%\Fortinet\FortiInsight\*

How to verify FortiInsight Cloud service details in the config files on Windows

Navigate to the directory where the FortiInsight agent is installed. By default, FortiInsight installs the agent software in the <Windows drive>:\Program Files (x86)\Fortinet\FortiInsight directory.
Open the end.col.man.xml config file.
Confirm that the Host and Port values are correct for your FortiInsight server installation. If the entries are wrong, edit the file and enter the correct values. Save the file, and the configuration changes automatically take effect.

How to verify FortiInsight Cloud service details in the FortiInsight defaults on Mac OS

In a Terminal windows run the following:

sudo defaults read com.fortinet.fortiinsight

This will print the last known setting for the defaults for the FortiInsight Mac OS Agent, example:

{

ServerURL = "https://fortinet.fortiinsight.cloud:8080/api/";

}

How to verify that the host computer can reach the FortiInsight Cloud service

In a web browser, visit https://<ip_address>:<port_number> (insert the appropriate IP address or HTTPS IP address from your config file or Customer Specific Information document).

You should see an JSON document with version numbers similar to the following:

{

"Version": "4.0.14.0",

"ApiVersions": [

"1.0",

"1.1",

"1.2",

"1.3",

"1.4",

"2.0",

"2.8"

]

}

How to gather data for a Fortinet Support request for Windows

If you need to contact Fortinet Support for help, gather the following data and have the cms.log file ready to share with Fortinet Support.

Navigate to the directory where the FortiInsight agent is installed. By default, FortiInsight installs the agent software in the <Windows drive>:\Program Files (x86)\Fortinet\FortiInsight directory.
Open the end.col.man.xml config file.
Change the LogLevel value from 4 to 2, and save the file.
Wait 5 minutes to allow for data to be gathered.
Open the end.col.man.xml config file.
Change the LogLevel value from 2 to 4, and save the file.
Navigate to the logs folder in the agent installation folder and locate the cms.log file. Have the file ready to share with Fortinet Support.

How to gather data for a Fortinet Support request for Mac OS

If you need to contact Fortinet Support for help, gather the following data and have the FortiInsight.log file ready to share with Fortinet Support.

Read the current settings from the defaults and ensure they are correct
Collect the latest log file from /var/log/FortiInsight.log. Have the file ready to share with Fortinet Support.

Administration Guide

FortiInsight agent installation

FortiInsight agent installation

Prerequisites

Downloading the latest endpoint agent installer

Installing the FortiInsight agent for Windows

Package management installation

Installing or updating the agent using MsiExec

Uninstalling using MsiExec

Installing the FortiInsight agent for MAC OS

Package management installation

Installing or updating the agent using Installer

Uninstalling the FortiInsight Mac OS Agent

Setting the FortiInsight Cloud Service settings

Verifying that the agent is reporting to the FortiInsight Cloud service

Troubleshooting

Whitelist files if antivirus software interferes with FortiInsight on Windows

How to verify FortiInsight Cloud service details in the config files on Windows

How to verify FortiInsight Cloud service details in the FortiInsight defaults on Mac OS

How to verify that the host computer can reach the FortiInsight Cloud service

How to gather data for a Fortinet Support request for Windows

How to gather data for a Fortinet Support request for Mac OS

FortiInsight agent installation

Prerequisites

Downloading the latest endpoint agent installer

Installing the FortiInsight agent for Windows

Package management installation

Installing or updating the agent using MsiExec

Uninstalling using MsiExec

Installing the FortiInsight agent for MAC OS

Package management installation

Installing or updating the agent using Installer

Uninstalling the FortiInsight Mac OS Agent

Setting the FortiInsight Cloud Service settings

Verifying that the agent is reporting to the FortiInsight Cloud service

Troubleshooting

Whitelist files if antivirus software interferes with FortiInsight on Windows

How to verify FortiInsight Cloud service details in the config files on Windows

How to verify FortiInsight Cloud service details in the FortiInsight defaults on Mac OS

How to verify that the host computer can reach the FortiInsight Cloud service

How to gather data for a Fortinet Support request for Windows

How to gather data for a Fortinet Support request for Mac OS