Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    User Guide

    26.1.0
    26.1.0

    OnSight vCollector

    OnSight vCollector

    The OnSight vCollector is a lightweight appliance that functions similarly to our public monitoring nodes, which runs uptime checks and synthetic monitoring against your publicly available servers and web endpoints. However, the OnSight vCollector sits within your private network and monitors resources that are not publicly exposed. The OnSight can run uptime and synthetic checks on your private infrastructure, monitoring things like RDP, database connectivity, and port availability.

    The OnSight can also function as a proxy for servers that have the Server Agent installed but have no outbound connectivity. Also, the OnSight can monitor network devices, storage arrays, VMWare clusters, and private network-managed cloud resources such as RDS and DynamoDB.

    The OnSight is a collection of Docker containers that provide the necessary services. During the installation of the OnSight, if Docker is not found on the target machine it will automatically be installed.

    Note: Only Docker version 23.0 and above are supported.

    System requirements

    OS requirements

    The OnSight vCollector supports the following Linux distributions:

    Note: The OnSight only supports operating systems that are actively under standard support from their corresponding vendors.

    • Debian 9 and 10

    • Ubuntu Server 20.04 LTS, 24.04 LTS, and 24.10

    • Redhat Enterprise 7.x, 8.0-8.9, and 9.0-9.6

    • Oracle Enterprise Linux 7.0, 9.0-9.6

    • Amazon Linux 2 and 2018.03

    • Rocky Linux 9.3-9.6

    Please note that podman should not be installed on the OS. We only use Docker currently. The installation process will install it if it is not found.

    The docker SNAP package requires additional configuration that may be environment dependent. We currently only support the docker.io package installation. If the SNAP version was installed during installation, you should remove it and install the docker.io package using your package manager.

    Resource requirements

    These are the minimum resources required to install the OnSight.

    • Processor: 4 cores

    • Memory: 8 GB

    • Hard disk space: 50 GB

    Note: You can use the SMALL=1 parameter to install the OnSight to machines that only have 2 cores and 4 GB of memory. This can be used for deployments with less than 1000 metrics. Command example:

    curl -fsSL https://repo.fortimonitor.com/install/onsight/onsight-install.sh > onsight-install.sh && SMALL=1 bash onsight-install.sh <CUSTOMER KEY>

    For larger deployments involving a significant number of network devices or advanced synthetic checks, please contact our support team to help determine the resource requirements for your environment.

    Network connectivity requirements

    The host machine must have outbound access to the following:

    Port

    Destination

    Used for

    443

    rx.us01.fortimonitor.com (US region)

    rx.eu01.fortimonitor.com (EU region)

    aggregator2.panopta.com

    aggregator2-secondary.panopta.com

    global.fortimonitor.com

    Primary and fail-over communication with the FortiMonitor cloud

    443

    irx.us01.fortimonitor.com (US region)

    irx.eu01.fortimonitor.com (EU region)

    Third-party integrations such as Alkira and Arista

    443, 80

    repo.fortimonitor.com

    registry.fortimonitor.com

    OnSight software downloads and updates

    443

    hub.docker.com

    OnSight software updates

    443

    download.docker.com

    get.docker.com

    *.docker.io

    *.cloudfront.net

    *.cloudflare.docker.com

    Docker download and installation

    443

    archive.ubuntu.com

    security.ubuntu.com

    esm.ubuntu.com

    Required for OnSight OVA

    The host machine must have inbound access to the following ports allowed:

    Port

    Protocol

    Usage

    22

    TCP

    Used to SSH into host

    8443

    TCP

    Used to configure the OnSight as a proxy for agents

    162

    UDP

    Used for SNMP Trap receipt

    444

    TCP

    Used for NCM console

    Docker IP change requirements

    The OnSight vCollector uses Docker. The default network space defined by Docker is 172.17.0.0/12 with Docker using 172.17.0.1/16 as its IP address and the first container using the 172.17.0.2/16 IP address.

    This can conflict with the your internal network IP space and cause the OnSight to not be able to communicate with the your network devices. Specifically, if you have any hosts in the 172.16.0.0/12 space, as defined by RFC 1918, then you must change your Docker configuration to allow for the OnSight to successfully reach those networks.

    To resolve this, update your Docker host to use a different IP range.

    Note: The following must be performed before installing the OnSight vCollector.

    1. Add a file (or modify if it exists): /etc/docker/daemon.json

    {

    "default-address-pools":

    [

    {"base":"192.168.0.0/16","size":24}

    ]

    }

    Where:

    • base is the network to allocate to docker created and managed networks.

    • size is the netmask of each block created within the base.

      In the above example this would use 192.168.0.0/16 for all networks and an individual network would have a netmask of /24.

    2. After adding or modifying the above file, restart the docker service. The docker service and all the associated iptables NAT rules will get set up accordingly.

    Deployment methods

    Installation Method

    Best for

    One-liner installer

    You're comfortable operating in a Linux environment
    You have a specific server image you want to conform to
    You have an available Linux VM

    AWS AMI

    You're deploying the OnSight in an AWS environment
    You're looking for the simplest cloud deployment method

    Virtual image

    You prefer a "black box" deployment
    You have the available resources to allocate to a VM
    You'd like to deploy on the HyperVisor of your choosing

    Previous
    Next

    OnSight vCollector

    OnSight vCollector

    The OnSight vCollector is a lightweight appliance that functions similarly to our public monitoring nodes, which runs uptime checks and synthetic monitoring against your publicly available servers and web endpoints. However, the OnSight vCollector sits within your private network and monitors resources that are not publicly exposed. The OnSight can run uptime and synthetic checks on your private infrastructure, monitoring things like RDP, database connectivity, and port availability.

    The OnSight can also function as a proxy for servers that have the Server Agent installed but have no outbound connectivity. Also, the OnSight can monitor network devices, storage arrays, VMWare clusters, and private network-managed cloud resources such as RDS and DynamoDB.

    The OnSight is a collection of Docker containers that provide the necessary services. During the installation of the OnSight, if Docker is not found on the target machine it will automatically be installed.

    Note: Only Docker version 23.0 and above are supported.

    System requirements

    OS requirements

    The OnSight vCollector supports the following Linux distributions:

    Note: The OnSight only supports operating systems that are actively under standard support from their corresponding vendors.

    • Debian 9 and 10

    • Ubuntu Server 20.04 LTS, 24.04 LTS, and 24.10

    • Redhat Enterprise 7.x, 8.0-8.9, and 9.0-9.6

    • Oracle Enterprise Linux 7.0, 9.0-9.6

    • Amazon Linux 2 and 2018.03

    • Rocky Linux 9.3-9.6

    Please note that podman should not be installed on the OS. We only use Docker currently. The installation process will install it if it is not found.

    The docker SNAP package requires additional configuration that may be environment dependent. We currently only support the docker.io package installation. If the SNAP version was installed during installation, you should remove it and install the docker.io package using your package manager.

    Resource requirements

    These are the minimum resources required to install the OnSight.

    • Processor: 4 cores

    • Memory: 8 GB

    • Hard disk space: 50 GB

    Note: You can use the SMALL=1 parameter to install the OnSight to machines that only have 2 cores and 4 GB of memory. This can be used for deployments with less than 1000 metrics. Command example:

    curl -fsSL https://repo.fortimonitor.com/install/onsight/onsight-install.sh > onsight-install.sh && SMALL=1 bash onsight-install.sh <CUSTOMER KEY>

    For larger deployments involving a significant number of network devices or advanced synthetic checks, please contact our support team to help determine the resource requirements for your environment.

    Network connectivity requirements

    The host machine must have outbound access to the following:

    Port

    Destination

    Used for

    443

    rx.us01.fortimonitor.com (US region)

    rx.eu01.fortimonitor.com (EU region)

    aggregator2.panopta.com

    aggregator2-secondary.panopta.com

    global.fortimonitor.com

    Primary and fail-over communication with the FortiMonitor cloud

    443

    irx.us01.fortimonitor.com (US region)

    irx.eu01.fortimonitor.com (EU region)

    Third-party integrations such as Alkira and Arista

    443, 80

    repo.fortimonitor.com

    registry.fortimonitor.com

    OnSight software downloads and updates

    443

    hub.docker.com

    OnSight software updates

    443

    download.docker.com

    get.docker.com

    *.docker.io

    *.cloudfront.net

    *.cloudflare.docker.com

    Docker download and installation

    443

    archive.ubuntu.com

    security.ubuntu.com

    esm.ubuntu.com

    Required for OnSight OVA

    The host machine must have inbound access to the following ports allowed:

    Port

    Protocol

    Usage

    22

    TCP

    Used to SSH into host

    8443

    TCP

    Used to configure the OnSight as a proxy for agents

    162

    UDP

    Used for SNMP Trap receipt

    444

    TCP

    Used for NCM console

    Docker IP change requirements

    The OnSight vCollector uses Docker. The default network space defined by Docker is 172.17.0.0/12 with Docker using 172.17.0.1/16 as its IP address and the first container using the 172.17.0.2/16 IP address.

    This can conflict with the your internal network IP space and cause the OnSight to not be able to communicate with the your network devices. Specifically, if you have any hosts in the 172.16.0.0/12 space, as defined by RFC 1918, then you must change your Docker configuration to allow for the OnSight to successfully reach those networks.

    To resolve this, update your Docker host to use a different IP range.

    Note: The following must be performed before installing the OnSight vCollector.

    1. Add a file (or modify if it exists): /etc/docker/daemon.json

    {

    "default-address-pools":

    [

    {"base":"192.168.0.0/16","size":24}

    ]

    }

    Where:

    • base is the network to allocate to docker created and managed networks.

    • size is the netmask of each block created within the base.

      In the above example this would use 192.168.0.0/16 for all networks and an individual network would have a netmask of /24.

    2. After adding or modifying the above file, restart the docker service. The docker service and all the associated iptables NAT rules will get set up accordingly.

    Deployment methods

    Installation Method

    Best for

    One-liner installer

    You're comfortable operating in a Linux environment
    You have a specific server image you want to conform to
    You have an available Linux VM

    AWS AMI

    You're deploying the OnSight in an AWS environment
    You're looking for the simplest cloud deployment method

    Virtual image

    You prefer a "black box" deployment
    You have the available resources to allocate to a VM
    You'd like to deploy on the HyperVisor of your choosing

    Previous
    Next