Fortinet Security Orchestration, Automation, and Response Platform (FortiSOAR™) is a centralized hub for all of your security operations. Our platform provides customizable mechanisms for prevention, detection, and response that work across tools in your environment. The FortiSOAR MEA gets installed on FortiManager and allows you to manage your security operations using FortiManager and without the need of having a separate FortiSOAR instance.
When enabled, the FortiSOAR MEA gets installed on FortiManager. An MEA is a management extension application that is released and signed by Fortinet to run on FortiManager. An MEA is full-fledged running instance of product in form of a docker container, enabling you to use and monitor different solutions from Fortinet using a single pane of glass.
|From FortiManager version 7.0.0 onwards, there is a capping of 50% on RAM and CPU for MEAs. This means if FortiManager has 8 CPUs and 16 GB RAM, then only 4 CPUs and 8 GB RAM will be available to MEAs. Note that this 4 CPUs and 8 GB RAM will be used for all the MEAs, and not just for the FortiSOAR MEA. Therefore, users need to ensure that they provision FortiManager with sufficient resources to meet the minimum (default) FortiSOAR MEA configuration of 4 CPU cores and 8 GB RAM, which would mean that FortiManager should be deployed with a minimum of 8 CPUs and 16 GB RAM. However, to use FortiSOAR MEA at a production volume, you should provide the standard configuration of 8 CPUs and 32 GB RAM and depending on the number of running applications, the FortiManager resources should be increased. For example, if you are running only the FortiSOAR MEA at a production volume, i.e., at the standard configuration of 8 CPUs and 32 GB RAM on FortiManager, then ensure that the FortiManager has a minimum configuration of 16 CPUs and 64 GB RAM.|
You must also specify the ElasticSearch and Celeryd configuration follows, if your FortiSOAR MEA is running at a production volume of 8 CPUs and 32 GB RAM:
/etc/elasticsearch/jvm.options(within the FortiSOAR running container):
/etc/celeryd/celeryd.conf(within the FortiSOAR running container):