Fortinet black logo

User Guide

FortiMonitor Agent Security

24.1.0
Copy Link
Copy Doc ID af1daa65-c273-11ec-9fd1-fa163e15d75b:434507
Download PDF

FortiMonitor Agent Security

Network Communication + Encryption

The FortiMonitor Agent performs all of its monitoring and reporting without opening any inbound ports from the outside. When the Agent needs to report monitoring data to FortiMonitor, an HTTPS call is initiated from the Agent to one of FortiMonitor’s secure servers, the data is exchanged, and then the connection is closed. Furthermore, all traffic exchanged between the Agent and FortiMonitor is encrypted with SSL/TLS to keep your monitoring data safe.

Linux Agent: Supports TLS 1.2 and 1.3 if OpenSSL version is 1.0.1 or higher.

Windows Agent: Supports TLS 1.2 and 1.3 on DotNet versions 4.5 or higher.

The agent communicates with secure FortiMonitor endpoints which are listed below. If you are whitelisting access, please allow the below addresses to ensure proper agent function.

Port

Destination

443/tcp

rx.us01.fortimonitor.com (resolves to 34.102.162.51)

aggregator2.panopta.com (resolves to 35.190.4.8)

aggregator2-secondary.panopta.com (regional failover, resolves to 35.186.218.62)

80/tcp, 443/tcp

packages.panopta.com (resolves to either 162.243.0.67 or 165.227.86.161)

repo.fortimonitor.com (resolves to 34.111.115.83)

Data and Metrics

The FortiMonitor Agent only collects data and metrics which are specific to the health and performance of the systems. No customer information, PII data or log files are gathered and sent to the cloud. The FortiMonitor Agent uses a plugin-based model for metric collection and each plugin uses the appropriate system command, utility, or API to pull only the data required to evaluate the necessary thresholds for alerting and event management. On Windows, the plugins leverage the standard Perfmon counters which the OS maintains to measure the various resource levels and health metrics.

Open Source

On Linux, the Agent itself consists of a set of Python scripts. Feel free to take a look at the code in /usr/lib/fm-agent after installing and let us know if you have any questions or concerns.

Non Administrative User

The agent is run on the server as a non-administrative user. On Linux, the installation creates a user account with limited privileges and does not have any shell access. All actions which require higher permissions need to be explicitly elevated by an admin. On Windows, the agent runs the service as the LOCAL SYSTEM user and is primarily leveraging PerfMon counters to facilitate the monitoring.

FortiMonitor Agent Security

Network Communication + Encryption

The FortiMonitor Agent performs all of its monitoring and reporting without opening any inbound ports from the outside. When the Agent needs to report monitoring data to FortiMonitor, an HTTPS call is initiated from the Agent to one of FortiMonitor’s secure servers, the data is exchanged, and then the connection is closed. Furthermore, all traffic exchanged between the Agent and FortiMonitor is encrypted with SSL/TLS to keep your monitoring data safe.

Linux Agent: Supports TLS 1.2 and 1.3 if OpenSSL version is 1.0.1 or higher.

Windows Agent: Supports TLS 1.2 and 1.3 on DotNet versions 4.5 or higher.

The agent communicates with secure FortiMonitor endpoints which are listed below. If you are whitelisting access, please allow the below addresses to ensure proper agent function.

Port

Destination

443/tcp

rx.us01.fortimonitor.com (resolves to 34.102.162.51)

aggregator2.panopta.com (resolves to 35.190.4.8)

aggregator2-secondary.panopta.com (regional failover, resolves to 35.186.218.62)

80/tcp, 443/tcp

packages.panopta.com (resolves to either 162.243.0.67 or 165.227.86.161)

repo.fortimonitor.com (resolves to 34.111.115.83)

Data and Metrics

The FortiMonitor Agent only collects data and metrics which are specific to the health and performance of the systems. No customer information, PII data or log files are gathered and sent to the cloud. The FortiMonitor Agent uses a plugin-based model for metric collection and each plugin uses the appropriate system command, utility, or API to pull only the data required to evaluate the necessary thresholds for alerting and event management. On Windows, the plugins leverage the standard Perfmon counters which the OS maintains to measure the various resource levels and health metrics.

Open Source

On Linux, the Agent itself consists of a set of Python scripts. Feel free to take a look at the code in /usr/lib/fm-agent after installing and let us know if you have any questions or concerns.

Non Administrative User

The agent is run on the server as a non-administrative user. On Linux, the installation creates a user account with limited privileges and does not have any shell access. All actions which require higher permissions need to be explicitly elevated by an admin. On Windows, the agent runs the service as the LOCAL SYSTEM user and is primarily leveraging PerfMon counters to facilitate the monitoring.