Fortinet black logo

Administration Guide

Home FortiInsight Cloud 5.4.0 Administration Guide
5.4.0
21.2.0
21.1.0
6.4.0
6.2.0
6.0.0
5.6.0
5.4.0

FortiInsight agent installation

FortiInsight agent installation

Follow these procedures to install the FortiInsight agent for Windows.

Prerequisites

  • Configure firewall rules to allow a network route between the FortiInsight agent and the FortiInsight Cloud service. The default port is TCP 8080 (HTTPS). You can do this either during or after installation.

Downloading the endpoint agent installer

You download FortiInsight agent installation software from the FortiInsight UI.

  1. Go to Admin > Endpoints.
  2. Click Get Latest Endpoint Installers.
  3. Download the Windows File Agent (cms_v<version>.msi file).

The following image shows an example of the endpoint agent download window.

Installing the FortiInsight agent

Follow these steps to install and run the FortiInsight agent. By default, the FortiInsight agent installer installs the software in the <Windows drive>:\Program Files (x86)\Fortinet\FortiInsight\ or <Windows drive>:\Program Files\Fortinet\FortiInsight\ directory.

  1. Double-click the FortiInsight agent installer and follow the instructions in the installation wizard.
  2. In the Primary address and port field, enter the address and port information for your primary FortiInsight Cloud service.
  3. In the Secondary address and port field, enter the address and port information for your secondary FortiInsight Cloud service. If you do not have a secondary FortiInsight Cloud service, it is recommended that you add the primary FortiInsight Cloud service settings to these fields instead.
  4. In the Maximum offline database size field, enter a limit. This setting is useful for virtualized deployments when the user profile is copied on and off the machine to a remote location.
  5. If you want the agent to automatically submit crash dump and text logs data to Fortinet (using HTTPS), select the Enable error reporting checkbox.

  6. Click Next, and then Install.
  7. To complete the installation, click Finish.

Verifying that the agent is reporting to the FortiInsight Cloud service

Follow these steps to verify that the FortiInsight agent is reporting to the FortiInsight Cloud service.

  1. Log in to the FortiInsight UI as an administrator.

  2. Go to Admin > Endpoints.

    By default, all agents are listed in the table. Agent details include both the registered time and information about the last activity. To sort the list to display new agents first, click the Registered (UTC) heading.

If an agent does not appear within 10 minutes, see Troubleshooting for more information about steps that you can take to determine why the agent is unable to send data correctly.

Package management installation

The following instructions are intended for system administrators who can use package management software to push the FortiInsight agent out to endpoints.

Installing or updating the agent using MsiExec

To install the FortiInsight agent using MsiExec, use the MSI package that is provided. You must also set some additional parameters. To run the MSI package, a user requires elevated privileges such as the ones granted by the administrators group.

You can also use the MSI installer to update the agent. To update the agent, run the command again with a new version of the FortiInsight agent and the installer will find and replace the product.

  1. Install the agent using one of the following options:
    • To install the agent without logging, use the following command:

      msiexec /i cms_v<version>.msi /norestart /qn CS_ADDRESS=https://<primary_server> CS_ADDRESS_PORT=<primary_port> CS_ADDRESS_SECONDARY=https://<secondary_server> CS_ADDRESS_PORT_SECONDARY=<secondary_port> ERROR_REPORTING=1 OFFLINE_DB_SIZE_MB=<db_limit>

    • To install the agent with logging, use the following command:

      msiexec /i cms_v<version>.msi /norestart /qn CS_ADDRESS= https://<primary_server> CS_ADDRESS_PORT=<primary_port> CS_ADDRESS_SECONDARY= https://<secondary_server> CS_ADDRESS_PORT_SECONDARY=<secondary_port> ERROR_REPORTING=1 OFFLINE_DB_SIZE_MB=<db_limit> /L*Vx <log_filename>

    2. where:

    Parameter

    Description

    <primary_server>

    The address of the primary FortiInsight Cloud service.

    <primary_port>

    The port number of the primary FortiInsight Cloud service (for example, 8080).

    <secondary_server>

    The address of the secondary FortiInsight Cloud service.

    <secondary_port>

    The port number of the secondary FortiInsight Cloud service.

    If required, you can specify the following optional parameters:

    Parameter

    Description

    ERROR_REPORTING=1

    Turn on agent error reporting, which creates and uploads error reports to Fortinet.

    <db_limit>

    Specify a limit for the offline database (for example, 10280). The offline database will not grow beyond the maximum size that you specify.

    /L*Vx <log_filename>

    Write verbose output to the log file that you specify (for example, install.log).

    REBOOT=ReallySuppress

    Prevent soft reboots.

    INSTALLFOLDER=<folder_location>

    Specify an alternate installation folder (for example, T:\ZF).

Uninstalling using MsiExec

To uninstall the FortiInsight agent, use the following command. To run the MSI package, a user requires elevated privileges such as the ones granted by the administrators group.

msiexec /x cms_v<version>.msi /norestart /qn /L*Vx uninstall.log

Troubleshooting

How to whitelist files if antivirus software interferes with FortiInsight

If antivirus software interferes with FortiInsight, you can consider whitelisting the following files on the endpoint. This is useful if the antivirus software uses application sandboxing heuristics that wrap around any new applications. This can result in high CPU and memory usage and can significantly slow down the machine.

x64
  • <Windows drive>:\Program Files (x86)\Fortinet\FortiInsight\end.col.man.exe
  • <Windows drive>:\Program Files (x86)\Fortinet\FortiInsight\end.col.man.xml
  • <Windows drive>:\Program Files (x86)\Fortinet\FortiInsight\*.tmp
  • <Windows drive>:\Program Files (x86)\Fortinet\FortiInsight\data\agentID.bin
  • <Windows drive>:\Program Files (x86)\Fortinet\FortiInsight\data\agentSettings.xml
  • <Windows drive>:\Program Files (x86)\Fortinet\FortiInsight\data\offline.sqlite
  • <Windows drive>:\Program Files (x86)\Fortinet\FortiInsight\logs\cms*.log
  • <Windows drive>:\Windows\System32\drivers\KernelAgent32.sys
  • %appdata%\Fortinet\FortiInsight\*
x86
  • <Windows drive>:\Program Files\Fortinet\FortiInsight\end.col.man.exe
  • <Windows drive>:\Program Files\Fortinet\FortiInsight\end.col.man.xml
  • <Windows drive>:\Program Files\Fortinet\FortiInsight\*.tmp
  • <Windows drive>:\Program Files\Fortinet\FortiInsight\data\agentID.bin
  • <Windows drive>:\Program Files\Fortinet\FortiInsight\data\agentSettings.xml
  • <Windows drive>:\Program Files\Fortinet\FortiInsight\data\offline.sqlite
  • <Windows drive>:\Program Files\Fortinet\FortiInsight\logs\cms*.log

  • <Windows drive>:\Windows\System32\drivers\KernelAgent32.sys

  • %appdata%\Fortinet\FortiInsight\*

How to verify FortiInsight Cloud service details in the config files

  1. Navigate to the directory where the FortiInsight agent is installed. By default, FortiInsight installs the agent software in the <Windows drive>:\Program Files (x86)\Fortinet\FortiInsight directory.
  2. Open the end.col.man.xml config file.
  3. Confirm that the Host and Port values are correct for your FortiInsight server installation. If the entries are wrong, edit the file and enter the correct values. Save the file, and the configuration changes automatically take effect.

How to verify that the host computer can reach the FortiInsight Cloud service

  1. In a web browser, visit https://<ip_address>:<port_number> (insert the appropriate IP address or HTTPS IP address from your config file or Customer Specific Information document).

    2. You should see an XML document with version numbers similar to the following:

    {

    "Version": "4.0.14.0",

    "ApiVersions": [

    "1.0",

    "1.1",

    "1.2",

    "1.3",

    "1.4",

    "2.0",

    "2.8"

    ]

    }

How to gather data for a Fortinet Support request

If you need to contact Fortinet Support for help, gather the following data and have the cms.log file ready to share with Fortinet Support.

  1. Navigate to the directory where the FortiInsight agent is installed. By default, FortiInsight installs the agent software in the <Windows drive>:\Program Files (x86)\Fortinet\FortiInsight directory.
  2. Open the end.col.man.xml config file.
  3. Change the LogLevel value from 4 to 2, and save the file.
  4. Wait 5 minutes to allow for data to be gathered.
  5. Open the end.col.man.xml config file.
  6. Change the LogLevel value from 2 to 4, and save the file.
  7. Navigate to the logs folder in the agent installation folder and locate the cms.log file. Have the file ready to share with Fortinet Support.
Previous
Next

FortiInsight agent installation

Follow these procedures to install the FortiInsight agent for Windows.

Prerequisites

  • Configure firewall rules to allow a network route between the FortiInsight agent and the FortiInsight Cloud service. The default port is TCP 8080 (HTTPS). You can do this either during or after installation.

Downloading the endpoint agent installer

You download FortiInsight agent installation software from the FortiInsight UI.

  1. Go to Admin > Endpoints.
  2. Click Get Latest Endpoint Installers.
  3. Download the Windows File Agent (cms_v<version>.msi file).

The following image shows an example of the endpoint agent download window.

Installing the FortiInsight agent

Follow these steps to install and run the FortiInsight agent. By default, the FortiInsight agent installer installs the software in the <Windows drive>:\Program Files (x86)\Fortinet\FortiInsight\ or <Windows drive>:\Program Files\Fortinet\FortiInsight\ directory.

  1. Double-click the FortiInsight agent installer and follow the instructions in the installation wizard.
  2. In the Primary address and port field, enter the address and port information for your primary FortiInsight Cloud service.
  3. In the Secondary address and port field, enter the address and port information for your secondary FortiInsight Cloud service. If you do not have a secondary FortiInsight Cloud service, it is recommended that you add the primary FortiInsight Cloud service settings to these fields instead.
  4. In the Maximum offline database size field, enter a limit. This setting is useful for virtualized deployments when the user profile is copied on and off the machine to a remote location.
  5. If you want the agent to automatically submit crash dump and text logs data to Fortinet (using HTTPS), select the Enable error reporting checkbox.

  6. Click Next, and then Install.
  7. To complete the installation, click Finish.

Verifying that the agent is reporting to the FortiInsight Cloud service

Follow these steps to verify that the FortiInsight agent is reporting to the FortiInsight Cloud service.

  1. Log in to the FortiInsight UI as an administrator.

  2. Go to Admin > Endpoints.

    By default, all agents are listed in the table. Agent details include both the registered time and information about the last activity. To sort the list to display new agents first, click the Registered (UTC) heading.

If an agent does not appear within 10 minutes, see Troubleshooting for more information about steps that you can take to determine why the agent is unable to send data correctly.

Package management installation

The following instructions are intended for system administrators who can use package management software to push the FortiInsight agent out to endpoints.

Installing or updating the agent using MsiExec

To install the FortiInsight agent using MsiExec, use the MSI package that is provided. You must also set some additional parameters. To run the MSI package, a user requires elevated privileges such as the ones granted by the administrators group.

You can also use the MSI installer to update the agent. To update the agent, run the command again with a new version of the FortiInsight agent and the installer will find and replace the product.

  1. Install the agent using one of the following options:
    • To install the agent without logging, use the following command:

      msiexec /i cms_v<version>.msi /norestart /qn CS_ADDRESS=https://<primary_server> CS_ADDRESS_PORT=<primary_port> CS_ADDRESS_SECONDARY=https://<secondary_server> CS_ADDRESS_PORT_SECONDARY=<secondary_port> ERROR_REPORTING=1 OFFLINE_DB_SIZE_MB=<db_limit>

    • To install the agent with logging, use the following command:

      msiexec /i cms_v<version>.msi /norestart /qn CS_ADDRESS= https://<primary_server> CS_ADDRESS_PORT=<primary_port> CS_ADDRESS_SECONDARY= https://<secondary_server> CS_ADDRESS_PORT_SECONDARY=<secondary_port> ERROR_REPORTING=1 OFFLINE_DB_SIZE_MB=<db_limit> /L*Vx <log_filename>

    2. where:

    Parameter

    Description

    <primary_server>

    The address of the primary FortiInsight Cloud service.

    <primary_port>

    The port number of the primary FortiInsight Cloud service (for example, 8080).

    <secondary_server>

    The address of the secondary FortiInsight Cloud service.

    <secondary_port>

    The port number of the secondary FortiInsight Cloud service.

    If required, you can specify the following optional parameters:

    Parameter

    Description

    ERROR_REPORTING=1

    Turn on agent error reporting, which creates and uploads error reports to Fortinet.

    <db_limit>

    Specify a limit for the offline database (for example, 10280). The offline database will not grow beyond the maximum size that you specify.

    /L*Vx <log_filename>

    Write verbose output to the log file that you specify (for example, install.log).

    REBOOT=ReallySuppress

    Prevent soft reboots.

    INSTALLFOLDER=<folder_location>

    Specify an alternate installation folder (for example, T:\ZF).

Uninstalling using MsiExec

To uninstall the FortiInsight agent, use the following command. To run the MSI package, a user requires elevated privileges such as the ones granted by the administrators group.

msiexec /x cms_v<version>.msi /norestart /qn /L*Vx uninstall.log

Troubleshooting

How to whitelist files if antivirus software interferes with FortiInsight

If antivirus software interferes with FortiInsight, you can consider whitelisting the following files on the endpoint. This is useful if the antivirus software uses application sandboxing heuristics that wrap around any new applications. This can result in high CPU and memory usage and can significantly slow down the machine.

x64
  • <Windows drive>:\Program Files (x86)\Fortinet\FortiInsight\end.col.man.exe
  • <Windows drive>:\Program Files (x86)\Fortinet\FortiInsight\end.col.man.xml
  • <Windows drive>:\Program Files (x86)\Fortinet\FortiInsight\*.tmp
  • <Windows drive>:\Program Files (x86)\Fortinet\FortiInsight\data\agentID.bin
  • <Windows drive>:\Program Files (x86)\Fortinet\FortiInsight\data\agentSettings.xml
  • <Windows drive>:\Program Files (x86)\Fortinet\FortiInsight\data\offline.sqlite
  • <Windows drive>:\Program Files (x86)\Fortinet\FortiInsight\logs\cms*.log
  • <Windows drive>:\Windows\System32\drivers\KernelAgent32.sys
  • %appdata%\Fortinet\FortiInsight\*
x86
  • <Windows drive>:\Program Files\Fortinet\FortiInsight\end.col.man.exe
  • <Windows drive>:\Program Files\Fortinet\FortiInsight\end.col.man.xml
  • <Windows drive>:\Program Files\Fortinet\FortiInsight\*.tmp
  • <Windows drive>:\Program Files\Fortinet\FortiInsight\data\agentID.bin
  • <Windows drive>:\Program Files\Fortinet\FortiInsight\data\agentSettings.xml
  • <Windows drive>:\Program Files\Fortinet\FortiInsight\data\offline.sqlite
  • <Windows drive>:\Program Files\Fortinet\FortiInsight\logs\cms*.log

  • <Windows drive>:\Windows\System32\drivers\KernelAgent32.sys

  • %appdata%\Fortinet\FortiInsight\*

How to verify FortiInsight Cloud service details in the config files

  1. Navigate to the directory where the FortiInsight agent is installed. By default, FortiInsight installs the agent software in the <Windows drive>:\Program Files (x86)\Fortinet\FortiInsight directory.
  2. Open the end.col.man.xml config file.
  3. Confirm that the Host and Port values are correct for your FortiInsight server installation. If the entries are wrong, edit the file and enter the correct values. Save the file, and the configuration changes automatically take effect.

How to verify that the host computer can reach the FortiInsight Cloud service

  1. In a web browser, visit https://<ip_address>:<port_number> (insert the appropriate IP address or HTTPS IP address from your config file or Customer Specific Information document).

    2. You should see an XML document with version numbers similar to the following:

    {

    "Version": "4.0.14.0",

    "ApiVersions": [

    "1.0",

    "1.1",

    "1.2",

    "1.3",

    "1.4",

    "2.0",

    "2.8"

    ]

    }

How to gather data for a Fortinet Support request

If you need to contact Fortinet Support for help, gather the following data and have the cms.log file ready to share with Fortinet Support.

  1. Navigate to the directory where the FortiInsight agent is installed. By default, FortiInsight installs the agent software in the <Windows drive>:\Program Files (x86)\Fortinet\FortiInsight directory.
  2. Open the end.col.man.xml config file.
  3. Change the LogLevel value from 4 to 2, and save the file.
  4. Wait 5 minutes to allow for data to be gathered.
  5. Open the end.col.man.xml config file.
  6. Change the LogLevel value from 2 to 4, and save the file.
  7. Navigate to the logs folder in the agent installation folder and locate the cms.log file. Have the file ready to share with Fortinet Support.
Previous
Next