Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FSM 500F Collector Configuration Guide

    Home FortiSIEM 6.1.2 FSM 500F Collector Configuration Guide
    6.1.2
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.7
    7.1.6
    7.1.5
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.7.9
    6.7.8
    6.7.7
    6.7.6
    6.7.5
    6.7.4
    6.7.3
    6.7.2
    6.7.1
    6.7.0
    6.6.5
    6.6.4
    6.6.3
    6.6.2
    6.6.1
    6.6.0
    6.5.3
    6.5.2
    6.5.1
    6.5.0
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.3.3
    6.3.2
    6.3.1
    6.3.0
    6.2.1
    6.2.0
    6.1.2
    6.1.0
    5.4.0
    5.3.3

    Migrating from Pre-6.1.2 to 6.1.2

    Migrating from Pre-6.1.2 to 6.1.2

    This section describes how upgrade the 500F Collector appliance from any older FortiSIEM version to 6.1.2. FortiSIEM performs migration in-place, via a bootloader. There is no need to create a new image or copy disks. The bootloader shell contains the new version of FortiSIEM.

    Pre-Migration Checklist

    To perform the migration, the following prerequisites must be met:

    1. Make sure your system can connect to the Internet.
    2. Make sure the /opt directory # mount /dev/mapper/FSIEM500F-phx_opt disk exists.
    3. Log in to your FSM as root and run the following commands:

      # mkdir -p /opt/images

      # ln -s /opt/images /images

    4. Go to the /images directory. Download the 6.1.2 hardware image from the support site, then unzip it. For example:

      # unzip_FSM_Full_All_RAW_HARDWARE_6.1.2_0119.

    5. Create a soft link to images, for example:

      # ln -sf /images/FortiSIEM-RAW-Hardware-6.1.2.0119.img /images/latest

    Migrate Collector Installation

    Download the Bootloader

    Install and configure the FortiSIEM bootloader to start migration. Follow these steps:

    1. Download the bootloader FSM_Bootloader_6.1.2_build0119.zip from the support site and copy it to the /images directory.
    2. Unzip the file, for example:

      # unzip FSM_Bootloader_6.1.2_build0119.zip

    Prepare the Bootloader

    Follow these steps to run the prepare_bootloader script:

    1. Go to the bootloader directory, for example:

      # cd /images/FSM_Bootloader_6.1.2_build0119

    2. Run the prepare_bootloader script to install and configure the bootloader. This script installs, configures, and reboots the system. The script may take a few minutes to complete.

      # sh prepare_bootloader

    3. The script will open the FortiSIEM bootloader shell.

      Note: you might have to reboot the system manually if auto-reboot does not work.

    4. In the FortiSIEM bootloader shell, choose FortiSIEM Boot Loader. Press Return.

    Load the FortiSIEM 6.1.2 Image

    Follow these steps to load the FortiSIEM image:

    1. Log in to the bootloader shell as user root with password ProspectHills.

    2. Mount the /opt directory:
      1. Mount the /opt directory, for example:

        # mount /dev/mapper/FSIEM500F-phx_opt /opt

      2. Create a symbolic link to images from opt:

        # ln -sf /opt/images /images

      3. Change to the /images directory, for example:

        # cd /images

      4. Run the ll command to check disk usage.

        # ll

        These steps are illustrated in the following screen shot.

    3. Run the load_image script to swipe the old image with the new image, for example:
      1. Change to the root directory and check the contents, for example:

        # cd /

        # ll

      2. Run the load_image script, for example:

        # sh load_image

      3. Press Return again when the load_image script finishes.
      4. Reboot your system manually if it does not do so automatically.

    Migrate to FortiSIEM 6.1.2

    Follow these steps to complete the migration process:

    1. Log in to the bootloader shell as user root with password ProspectHills. You will immediately be asked to change your password.
    2. Create and mount the /images directory from /opt:
      1. Change directory to root, for example:

        # cd /

      2. Mount the opt directory, for example:

        # mount /dev/mapper/FSIEM500F-phx_opt /opt

      3. Create images directory under /:

        # mkdir -p /images

      4. Copy backup files to /images directory from /opt/images directory:

        # cd /opt/images

        # cp -far fsm_53_phoenix.xz VERSION phoenix_config.txt passwds network_params.json .fortisiem4x0 /images

      5. Unmount the /opt directory from root:

        # cd /

        # umount /opt

    3. Run the configFSM.sh command to configure the migration via a GUI, for example:

      # configFSM.sh

    4. In the first screen of the GUI select 1 Yes to set a timezone. Press Next.

    5. Select a region for the timezone. In this example, US is selected. Press Next.

    6. Select a timezone in the selected region. In this example, Pacific is selected. Press Next.

    7. Select a target to configure. In this example, the Collector is selected. Press Next.

    8. Select option 5 migrate_6_1_1.

    9. Test connectivity by connecting to a well-known internet site. Press Next.

    10. Press the Run command to complete migration, for example:

      The options for the command are described in the following table:

      OptionDescription
      -rThe FortiSIEM component being configured
      -zThe time zone being configured
      -iIPv4-formatted address
      -mAddress of the subnet mask
      -gAddress of the gateway server used
      --hostHost name
      -fFQDN address: fully-qualified domain name
      -tThe IP type. The values can be either 4 (for ipv4) or 6 (for v6) Note: the 6 value is not currently supported.
      --dns1, --dns2Addresses of DNS server 1 and DNS server 2.
      -oInstallation option.
      -zTime zone. Possible values are US/Pacific, Asia/Shanghai, Europe/London, or Africa/Tunis
      --testpinghostThe host used to test connectivity
    11. The script will take some minutes to run. When it is finished, migration is complete.
    12. Log in to your system again as user root with your new password.
    13. To ensure phMonitor is running, execute the phstatus command, for example:

      # phstatus

    Restore the HTTP Password File From Backup

    Run the following command to restore the HTTP password file.

    # cp -far /images/passwds /etc/httpd/accounts/

    Make sure that the permissions are correct, for example:

    [root@co56120 ~]# ls -la /etc/httpd/accounts/

    total 8

    drwxr-xr-x 2 root root 34 Nov 3 09:47 .

    drwxr-xr-x 6 root root 121 Oct 29 18:02 ..

    -rw-r--r-- 1 root root 62 Nov 3 13:36 passwds

    Re-Register to the Supervisor

    Run the following command; note the update option. This keeps old associations.

    # /opt/phoenix/bin/phProvisionCollector --update <user> '<password>' <Super IP or Host>

    The password should be enclosed in single quotes to ensure that any non-alphanumeric characters are escaped.

    Reboot the Appliance

    If the appliance does not reboot automatically, then manually reboot.

    Previous
    Next

    Migrating from Pre-6.1.2 to 6.1.2

    Migrating from Pre-6.1.2 to 6.1.2

    This section describes how upgrade the 500F Collector appliance from any older FortiSIEM version to 6.1.2. FortiSIEM performs migration in-place, via a bootloader. There is no need to create a new image or copy disks. The bootloader shell contains the new version of FortiSIEM.

    Pre-Migration Checklist

    To perform the migration, the following prerequisites must be met:

    1. Make sure your system can connect to the Internet.
    2. Make sure the /opt directory # mount /dev/mapper/FSIEM500F-phx_opt disk exists.
    3. Log in to your FSM as root and run the following commands:

      # mkdir -p /opt/images

      # ln -s /opt/images /images

    4. Go to the /images directory. Download the 6.1.2 hardware image from the support site, then unzip it. For example:

      # unzip_FSM_Full_All_RAW_HARDWARE_6.1.2_0119.

    5. Create a soft link to images, for example:

      # ln -sf /images/FortiSIEM-RAW-Hardware-6.1.2.0119.img /images/latest

    Migrate Collector Installation

    Download the Bootloader

    Install and configure the FortiSIEM bootloader to start migration. Follow these steps:

    1. Download the bootloader FSM_Bootloader_6.1.2_build0119.zip from the support site and copy it to the /images directory.
    2. Unzip the file, for example:

      # unzip FSM_Bootloader_6.1.2_build0119.zip

    Prepare the Bootloader

    Follow these steps to run the prepare_bootloader script:

    1. Go to the bootloader directory, for example:

      # cd /images/FSM_Bootloader_6.1.2_build0119

    2. Run the prepare_bootloader script to install and configure the bootloader. This script installs, configures, and reboots the system. The script may take a few minutes to complete.

      # sh prepare_bootloader

    3. The script will open the FortiSIEM bootloader shell.

      Note: you might have to reboot the system manually if auto-reboot does not work.

    4. In the FortiSIEM bootloader shell, choose FortiSIEM Boot Loader. Press Return.

    Load the FortiSIEM 6.1.2 Image

    Follow these steps to load the FortiSIEM image:

    1. Log in to the bootloader shell as user root with password ProspectHills.

    2. Mount the /opt directory:
      1. Mount the /opt directory, for example:

        # mount /dev/mapper/FSIEM500F-phx_opt /opt

      2. Create a symbolic link to images from opt:

        # ln -sf /opt/images /images

      3. Change to the /images directory, for example:

        # cd /images

      4. Run the ll command to check disk usage.

        # ll

        These steps are illustrated in the following screen shot.

    3. Run the load_image script to swipe the old image with the new image, for example:
      1. Change to the root directory and check the contents, for example:

        # cd /

        # ll

      2. Run the load_image script, for example:

        # sh load_image

      3. Press Return again when the load_image script finishes.
      4. Reboot your system manually if it does not do so automatically.

    Migrate to FortiSIEM 6.1.2

    Follow these steps to complete the migration process:

    1. Log in to the bootloader shell as user root with password ProspectHills. You will immediately be asked to change your password.
    2. Create and mount the /images directory from /opt:
      1. Change directory to root, for example:

        # cd /

      2. Mount the opt directory, for example:

        # mount /dev/mapper/FSIEM500F-phx_opt /opt

      3. Create images directory under /:

        # mkdir -p /images

      4. Copy backup files to /images directory from /opt/images directory:

        # cd /opt/images

        # cp -far fsm_53_phoenix.xz VERSION phoenix_config.txt passwds network_params.json .fortisiem4x0 /images

      5. Unmount the /opt directory from root:

        # cd /

        # umount /opt

    3. Run the configFSM.sh command to configure the migration via a GUI, for example:

      # configFSM.sh

    4. In the first screen of the GUI select 1 Yes to set a timezone. Press Next.

    5. Select a region for the timezone. In this example, US is selected. Press Next.

    6. Select a timezone in the selected region. In this example, Pacific is selected. Press Next.

    7. Select a target to configure. In this example, the Collector is selected. Press Next.

    8. Select option 5 migrate_6_1_1.

    9. Test connectivity by connecting to a well-known internet site. Press Next.

    10. Press the Run command to complete migration, for example:

      The options for the command are described in the following table:

      OptionDescription
      -rThe FortiSIEM component being configured
      -zThe time zone being configured
      -iIPv4-formatted address
      -mAddress of the subnet mask
      -gAddress of the gateway server used
      --hostHost name
      -fFQDN address: fully-qualified domain name
      -tThe IP type. The values can be either 4 (for ipv4) or 6 (for v6) Note: the 6 value is not currently supported.
      --dns1, --dns2Addresses of DNS server 1 and DNS server 2.
      -oInstallation option.
      -zTime zone. Possible values are US/Pacific, Asia/Shanghai, Europe/London, or Africa/Tunis
      --testpinghostThe host used to test connectivity
    11. The script will take some minutes to run. When it is finished, migration is complete.
    12. Log in to your system again as user root with your new password.
    13. To ensure phMonitor is running, execute the phstatus command, for example:

      # phstatus

    Restore the HTTP Password File From Backup

    Run the following command to restore the HTTP password file.

    # cp -far /images/passwds /etc/httpd/accounts/

    Make sure that the permissions are correct, for example:

    [root@co56120 ~]# ls -la /etc/httpd/accounts/

    total 8

    drwxr-xr-x 2 root root 34 Nov 3 09:47 .

    drwxr-xr-x 6 root root 121 Oct 29 18:02 ..

    -rw-r--r-- 1 root root 62 Nov 3 13:36 passwds

    Re-Register to the Supervisor

    Run the following command; note the update option. This keeps old associations.

    # /opt/phoenix/bin/phProvisionCollector --update <user> '<password>' <Super IP or Host>

    The password should be enclosed in single quotes to ensure that any non-alphanumeric characters are escaped.

    Reboot the Appliance

    If the appliance does not reboot automatically, then manually reboot.

    Previous
    Next