Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Offline Install and Upgrade

This document describes the steps needed to install and upgrade FortiSIEM in a closed environment without internet access. In some cases, FortiSIEM communicates with a CentOS repository to download the latest updates. This can be eliminated by setting up a local repository.

 

Fresh Installation

There are two options for fresh installation, FIPS disabled, or FIPS enabled.

 

FIPS Disabled Installation

With FIPS disabled, a fresh installation does not require internet access and can be performed in a closed environment. Run the following command:
# configFSM.sh
and select 1 install_without_fips.

 

 

FIPS Enabled Installation

A FIPS enabled fresh installation requires internet access to a CentOS repository. This can be re-routed to an offline repository by taking the following steps.

Note: For hardware appliance users, make sure to skip step 2.

  1. Complete the Local CentOS Repository Mirror Installation.

  2. Deploy your FortiSIEM VA onto your hypervisor.

  3. Log into the FortiSIEM local console through your hypervisor.
    Default login:

    User = root

    Password = ProspectHills

  4. Immediately change the root password.

  5. Modify the Yum Repository Files to use the local repository by running the following commands.

    # cd /etc/yum.repos.d
    # sed -i 's/baseurl=https\:\/\/os-pkgs-cdn.fortisiem.fortinet.com\/centos84/baseurl=https\:\/\/<REPOSITORY MIRROR IP>\/repos\/centos\/84/g' *.repo
    # sed -i 's/https\:\/\/os-pkgs-c8.fortisiem.fortinet.com.*//g' *.repo
    # sed -i 's/enabled=1/enabled=1\nsslverify=false/g' *.repo
    # dnf clean all
  6. Use the appropriate Installation Guide from 6.3 Installation Guides to continue.
    You will need to run the following command, and then select 2 install_with_fips.
    # configFSM.sh

 

5.3.x or 5.4.0 to 6.1.x Migration

FortiSIEM Migration does not require internet access and can be performed in a closed environment. However, if you want to enable FIPS after migrating to 6.1.x, then internet access is required. Follow the steps below to enable FIPS without requiring Internet access.

Enabling FIPS After Migration

Take the following steps to enable FIPS after migration.

  1. Complete the Local CentOS Repository Mirror Installation.

  2. Log into FortiSIEM via SSH.

    # ssh root@<FortISIEM Super/Worker/Collector>

  3. Modify the Yum Repository Files to use the Local Repository by running the following commands.

    # cd /etc/yum.repos.d

    # sed -i 's/baseurl=https\:\/\/os-pkgs-cdn.fortisiem.fortinet.com\/centos8/baseurl=https\:\/\/<REPOSITORY MIRROR IP>\/repos\/centos\/84/g' *.repo

    # sed -i 's/https\:\/\/os-pkgs-c8.fortisiem.fortinet.com.*//g' *.repo

    # sed -i 's/enabled=1/enabled=1\nsslverify=false/g' *.repo

    # dnf clean all

  4. Run the following command and select 3 enable_fips.
    # configFSM.sh

     

 

6.1.x or 6.2.x to 6.3.2 Upgrade

The 6.1.x or 6.2.x to 6.3.2 upgrade is comprised of two parts, the supervisor/worker upgrade and collector upgrade.

Supervisor/Worker Upgrade

Take the following steps to prepare an offline upgrade from 6.1.x or 6.2.x to 6.3.2 for your supervisor and worker(s).

  1. Upload the FSM_Upgrade_All_6.3.2_build0343.zip onto the 6.1.x or 6.2.x Supervisor/Worker under the /tmp/ folder.

  2. Log in and unzip the upgrade package by running the following commands.

    # ssh root@<Super/Worker>

    # mkdir -p /opt/upgrade/

    # mv /tmp/FSM_Upgrade_All_6.3.2_build0343.zip /opt/upgrade/

    # unzip FSM_Upgrade_All_6.3.2_build0343.zip

  3. Modify the necessary repository files by running the following set of commands.

    Update the Repos Files

    # cd /opt/upgrade/FSM_Upgrade_All_6.3.2_build0343/install/roles/upgrade/files/repos/

    # sed -i 's/baseurl=https\:\/\/os-pkgs-cdn.fortisiem.fortinet.com\/centos84/baseurl=https\:\/\/<REPOSITORY MIRROR IP>\/repos\/centos\/84/g' *.repo

    # sed -i 's/https\:\/\/os-pkgs-c8.fortisiem.fortinet.com.*//g' *.repo

    # sed -i 's/enabled=1/enabled=1\nsslverify=false/g' *.repo

    Update PSQL DB Repo

    # cd /opt/upgrade/FSM_Upgrade_All_6.3.2_build0343/install/roles/upgrade-db-server/files

    # sed -i 's/baseurl=https\:\/\/os-pkgs- cdn.fortisiem.fortinet.com\/centos84/baseurl=https\:\/\/<REPOSITORY MIRROR IP>\/repos\/centos\/84/g' *.repo

    # sed -i 's/https\:\/\/os-pkgs-c8.fortisiem.fortinet.com.*//g' *.repo

    # sed -i 's/enabled=1/enabled=1\nsslverify=false/g' *.repo

    Update Files that Pick Up the GPG Key for PSQL

    # cd /opt/upgrade/FSM_Upgrade_All_6.3.2_build0343/install/roles/upgrade/tasks/

    # sed -i 's/\-o \/etc\/pki\/rpm\-gpg\/RPM\-GPG\-KEY\-PGDG https\:\/\/os\-pkgs\- cdn.fortisiem.fortinet.com\/centos8\/gpg\-keys\/RPM\-GPG\-KEY\-PGDG/\-k \-o \/etc\/pki\/rpm\-gpg\/RPM\-GPG\-KEY\-PGDG https\:\/\/<REPOSITORY MIRROR IP>\/repos\/centos\/84\/gpg\-keys\/RPM\-GPG\-KEY\-PGDG/g' main.yml

    # cd /opt/upgrade/FSM_Upgrade_All_6.3.2_build0343/install/roles/upgrade-db-server/tasks/

    # sed -i 's/\-o \/etc\/pki\/rpm\-gpg\/RPM\-GPG\-KEY\-PGDG https\:\/\/os\-pkgs\- cdn.fortisiem.fortinet.com\/centos8\/gpg\-keys\/RPM\-GPG\-KEY\-PGDG/\-k \-o \/etc\/pki\/rpm\-gpg\/RPM\-GPG\-KEY\-PGDG https\:\/\/<REPOSITORY MIRROR IP>\/repos\/centos\/84\/gpg\-keys\/RPM\-GPG\-KEY\-PGDG/g' main.yml

    Perform Clean Up
    # dnf clean all

  4. Repackage the upgrade zip file to prepare for collector upgrade.

    # cd /opt/upgrade/

    # mv /opt/upgrade/FSM_Upgrade_All_6.3.2_build0343.zip /tmp/

    # zip -r FSM_Upgrade_All_6.3.2_build0343.zip FSM_Upgrade_All_6.3.2_build0343

  5. Use the Upgrade Guide located in 6.3 Reference Manuals to continue with your upgrade for the supervisor and worker(s).

Collector Upgrade

After the supervisor upgrade has been completed, follow the Upgrade Guide in 6.3 Reference Manuals for the collector upgrade. Make sure you use the zip file created at Supervisor/Worker Upgrade step 4.

Upgrading Multiple Collector Nodes in an Online and/or Offline Environment

If an environment contains multiple collectors, some in open environments and some in closed (No internet access) environments, it is recommended to upgrade the collectors in the open environment first. Upgrading collectors that are in an open environment does not require modification to the upgrade package. After all collectors in the open environment are upgraded, handle the offline collector upgrade by performing modifications to the upgrade package, and then performing the upgrade.

Steps:

  1. Upgrade online collector using the steps here

  2. Repeat above step (step 1) for all online collectors. After all online collectors have been upgraded, proceed with step below (step 3).

  3. Modify the upgrade package for offline collector upgrade by following the Supervisor/Worker Upgrade section.

  4. Use the modified upgrade package from Supervisor/Worker Upgrade step 4 to upgrade the offline collectors using the instructions here

  5. Repeat above step (step 4) for all offline collector upgrades.

Configuring Existing FSM Install to use Local Repository Mirror

Sometimes you may want to run a "yum update" on an existing FortiSIEM installation to get the latest patches. Follow these steps to avoid internet access during this step.

Note: This configuration is needed to run Yum updates without needing to go to the internet.

  1. Log into all FortiSIEM Supervisor/Worker(s)/Collector(s) that will pull from the new repository by running the following commands.

    # ssh root@<Super/Worker/Collector IP>

    # cd /etc/yum.repos.d

  2. Modify necessary repository files by running the following commands.

    # sed -i 's/baseurl=https\:\/\/os-pkgs-cdn.fortisiem.fortinet.com\/centos83/baseurl=https\:\/\/<REPOSITORY MIRROR IP>\/repos\/centos\/84/g' *.repo
    # sed -i 's/https\:\/\/os-pkgs-c8.fortisiem.fortinet.com.*//g' *.repo
    # sed -i 's/enabled=1/enabled=1\nsslverify=false/g' *.repo
    # dnf clean all
  3. Connect and update from the local repository mirror by running the following the following command.

    # dnf update -y / # yum update -y

    Output when running an update against the mirror
          CentOS Linux 8 - AppStream                                               61 MB/s | 6.3 MB     00:00    
          CentOS Linux 8 - BaseOS                                                  34 MB/s | 2.3 MB     00:00    
          CentOS-8 - Extras                                                       170 kB/s | 8.6 kB     00:00    
          CentOS Linux 8 - PowerTools                                              33 MB/s | 2.0 MB     00:00    
          ELRepo.org Community Enterprise Linux Repository - el8                  4.0 MB/s | 220 kB     00:00    
          Extra Packages for Enterprise Linux 8 - x86_64                          8.6 MB/s | 536 kB     00:00    
          Extra Packages for Enterprise Linux 8 - x86_64                           79 MB/s | 8.9 MB     00:00    
          PostgreSQL common RPMs for RHEL/CentOS 8 - x86_64                       9.9 MB/s | 534 kB     00:00    
          PostgreSQL 13 for RHEL/CentOS 8 - x86_64                                4.5 MB/s | 256 kB     00:00    
          Dependencies resolved.
          Nothing to do.
          Complete!

     

Modifying Repo Destination for Super/Worker/Collector from a Previous Offline Upgrade Destination

This moves your repo target from Centos 8.3 to Centos 8.4. If a previous offline repository has been created, use the steps in Syncing the Local Repository Mirror to ensure you have updated to Centos 8.4 repository before upgrading or modifying the following.

  1. Complete Syncing the Local Repository Mirror for CentosOS 8.4.

  2. Update the Supervisor/Worker/Collector repository before upgrading by running the following.

    # cd /etc/yum.repos.d
    # sed -i 's/\/centos\/83/\/centos\/84/g' *.repo
    # dnf clean all

Local CentOS Repository Mirror Installation

Follow these steps to setup a local CentOS repository mirror in your internal network. FortiSIEM will only communicate with this local CentOS repository mirror whenever needed, thereby avoiding internet access.

You will be going through these general steps:

  1. Deploying the base VM to state and setup access to the repository
  2. Replicating the remote repository into your new internal mirror
  3. Testing the internal mirror for accessibility
  4. A walk through for all the FSM nodes in order to reach the internal mirror:wwq

 

Instructions are broken down into the following sections.

 

Repository Mirror Deployment and Apache Staging

This server is required to have internet access and be able to resolve [os-pkgs-cdn.fortisiem.fortinet.com] or [os-pkgs-c8.fortisiem.fortinet.com] in order to prepare the repository mirror. Once the Repository Mirror is completed, the internet connection can then be cut off from this repository mirror until the next time the mirror needs to be updated.

When the above conditions are met, take the following steps:

 

  1. Download the 6.3.2.0343 FortiSIEM image and create a VM on your preferred hypervisor.
  2. Add an 100GB disk to the FortiSIEM image that was deployed by taking the following steps:
    Note: Instructions to add a disk is based off of vSphere 6.7. Your hypervisor may differ in instructions, but the concept is the same.
    1. Right click the FortiSIEM VM > Editing Settings.
    2. In the pop-up, click "Add New Device".
    3. Find "Hard Disk" and select it.
    4. Configure it for 100GB.
    5. Click "OK" to save the configuration.
    6. Boot the FortiSIEM image.

 

Configuring the Network Adapter

To complete the configuration, take the following steps:

  1. Log into the FortiSIEM console through your hypervisor.
    Default login:
    User = root
    Password = ProspectHills
  2. Immediately change the root password.
  3. Enter the IP address configuration utility by running the following command:
    # nmtui-edit eth0
  4. Go to IPv4 CONFIGURATION, toggle Automatic, and select Manual from the menu.
  5. Toggle Show to expand the configuraion.
  6. In the Addresses field, add an IP address/netmask (CIDR).
    Example: 192.168.1.1/24
    Note: Use the tool at this URL to convert netmask to CIDR.
    https://www.xarg.org/tools/subnet-calculator/
  7. In the Gateway field, enter the Gateway IP address.
    Example: 192.168.1.254
  8. In the DNS Servers field, toggle Add, and select IP of DNS.
    Example: 1.1.1.1
  9. In the DNS Servers field, Toggle Add, and add the IP of the second DNS.
    Example: 1.0.0.1
  10. Toggle the Automatically connect setting to enable.
  11. Toggle the Available to all users setting to enable.
  12. Toggle to OK.


  13. Restart the network adapter.
    # ifdown eth0
    # ifup eth0
  14. Check if the IP address is assigned to the network adapter.
    # ifconfig eth0
    The IP address will be assigned to eth0.
  15. Ping an external address to verify network connectivity.
    # ping <ip address>
    or
    # ping google.com

 

Installing the Yum-Utils Package

Take the following steps to install the yum-utils package.

  1. Clean the current respository from the VM.
    # dnf clean all
  2. Install the yum-utils package.
    # dnf install yum-utils -y

 

Preparing the Disk for the Local Repository Mirror

Take the following steps to prepare your disk for the local repository mirror.

  1. Look for the 100GB disk created when the ova was deployed.

    # lsblk
    NAME        MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
    sda           8:0    0   25G  0 disk
    ├─sda1        8:1    0    1G  0 part /boot
    └─sda2        8:2    0   24G  0 part
    ├─cl-swap 253:0    0  2.5G  0 lvm  [SWAP]
    └─cl-root 253:1    0 21.5G  0 lvm  /
    sdb           8:16   0   100G  0 disk 			<< New disk
  2. Format the disk using xfs file system.

    # mkfs.xfs /dev/sdb

  3. Create a new mount point for the new disk.

    # mkdir /repos

  4. Mount the disk.

    # mount -t xfs /dev/sdb /repos

    # chmod 755 /repos

  5. Edit /etc/fstab and add the mount entry permanently.

    # vi /etc/fstab

    /dev/sdb /repos                   xfs     defaults        0 0
  6. Test /etc/fstab to verify configuration.

    # mount -a

 

Configuring Apache to Publish the Local Repository Mirror

Take the following steps to configure Apache to publish the local repository mirror.

  1. Create the link to the repository path.

    # cd /var/www/html/

    # ln -sf /repos repos

    # ls -l /var/www/html/

    result: lrwxrwxrwx. 1 root root 6 Mar 26 16:18 repos -> /repos

  2. Restart Apache.

    # systemctl restart httpd

 

Verifying Remote Connectivity to the Local Repository Mirror

Take the following step to verify remote connectivity with the repository mirror.

  1. From the local network workstation's browser, go to: https://<Repository Mirror IP Address>/

 

Syncing the Local Repository Mirror

Take the following steps to sync the local repository mirror.

  1. Sync the FSM Mirror to the repository mirror.
    # mkdir -p /repos/centos/84/gpg-keys

    # cd /repos/centos/84/gpg-keys

    # wget https://os-pkgs-cdn.fortisiem.fortinet.com/centos84/gpg-keys/RPM-GPG-KEY-EPEL-8

    # wget https://os-pkgs-cdn.fortisiem.fortinet.com/centos84/gpg-keys/RPM-GPG-KEY-PGDG

    # wget https://os-pkgs-cdn.fortisiem.fortinet.com/centos84/gpg-keys/RPM-GPG-KEY-elrepo.org

    # cd /repos/centos/84/

    Note: Reposync will take a larger period of time as it's replicating the entire mirror.

    # reposync --download-meta --repo=elrepo-testing

    # reposync --download-meta --repo=plus

    # reposync --download-meta

  2. Verify repository mirror's folder paths.

    # ls -l /repos/centos/84/
    drwxr-xr-x  4 root root    38 Jun 17 20:21 appstream
    drwxr-xr-x  4 root root    38 Jun 17 20:22 baseos
    drwxr-xr-x  4 root root    34 Jun 17 20:23 elrepo
    drwxr-xr-x  4 root root    52 Jun 17 21:39 elrepo-testing
    drwxr-xr-x  4 root root    38 Jun 17 20:23 epel
    drwxr-xr-x  4 root root    38 Jun 17 20:23 epel-modular
    drwxr-xr-x  4 root root    38 Jun 17 20:22 extras
    drwxr-xr-x  2 root root    86 Jun 17 18:30 gpg-keys
    drwxr-xr-x  3 root root 20480 Jun 17 20:53 pgdg13
    drwxr-xr-x  3 root root 20480 Jun 17 20:52 pgdg-common
    drwxr-xr-x  4 root root    38 Jun 17 20:20 plus
    drwxr-xr-x  4 root root    38 Jun 17 20:22 powertools
    
  3. Modify Permissions and Restart Apache on the repository mirror.
    # chmod -R 755 /repos
    # systemctl restart httpd

  4. Check repository mirror.
    Locally, run the following command:
    # curl -k https://localhost/repos/centos/84/
    Remotely:
    Open a browser, and go to: https://<Repository Mirror IP>/repos/centos/84/

Offline Install and Upgrade

This document describes the steps needed to install and upgrade FortiSIEM in a closed environment without internet access. In some cases, FortiSIEM communicates with a CentOS repository to download the latest updates. This can be eliminated by setting up a local repository.

 

Fresh Installation

There are two options for fresh installation, FIPS disabled, or FIPS enabled.

 

FIPS Disabled Installation

With FIPS disabled, a fresh installation does not require internet access and can be performed in a closed environment. Run the following command:
# configFSM.sh
and select 1 install_without_fips.

 

 

FIPS Enabled Installation

A FIPS enabled fresh installation requires internet access to a CentOS repository. This can be re-routed to an offline repository by taking the following steps.

Note: For hardware appliance users, make sure to skip step 2.

  1. Complete the Local CentOS Repository Mirror Installation.

  2. Deploy your FortiSIEM VA onto your hypervisor.

  3. Log into the FortiSIEM local console through your hypervisor.
    Default login:

    User = root

    Password = ProspectHills

  4. Immediately change the root password.

  5. Modify the Yum Repository Files to use the local repository by running the following commands.

    # cd /etc/yum.repos.d
    # sed -i 's/baseurl=https\:\/\/os-pkgs-cdn.fortisiem.fortinet.com\/centos84/baseurl=https\:\/\/<REPOSITORY MIRROR IP>\/repos\/centos\/84/g' *.repo
    # sed -i 's/https\:\/\/os-pkgs-c8.fortisiem.fortinet.com.*//g' *.repo
    # sed -i 's/enabled=1/enabled=1\nsslverify=false/g' *.repo
    # dnf clean all
  6. Use the appropriate Installation Guide from 6.3 Installation Guides to continue.
    You will need to run the following command, and then select 2 install_with_fips.
    # configFSM.sh

 

5.3.x or 5.4.0 to 6.1.x Migration

FortiSIEM Migration does not require internet access and can be performed in a closed environment. However, if you want to enable FIPS after migrating to 6.1.x, then internet access is required. Follow the steps below to enable FIPS without requiring Internet access.

Enabling FIPS After Migration

Take the following steps to enable FIPS after migration.

  1. Complete the Local CentOS Repository Mirror Installation.

  2. Log into FortiSIEM via SSH.

    # ssh root@<FortISIEM Super/Worker/Collector>

  3. Modify the Yum Repository Files to use the Local Repository by running the following commands.

    # cd /etc/yum.repos.d

    # sed -i 's/baseurl=https\:\/\/os-pkgs-cdn.fortisiem.fortinet.com\/centos8/baseurl=https\:\/\/<REPOSITORY MIRROR IP>\/repos\/centos\/84/g' *.repo

    # sed -i 's/https\:\/\/os-pkgs-c8.fortisiem.fortinet.com.*//g' *.repo

    # sed -i 's/enabled=1/enabled=1\nsslverify=false/g' *.repo

    # dnf clean all

  4. Run the following command and select 3 enable_fips.
    # configFSM.sh

     

 

6.1.x or 6.2.x to 6.3.2 Upgrade

The 6.1.x or 6.2.x to 6.3.2 upgrade is comprised of two parts, the supervisor/worker upgrade and collector upgrade.

Supervisor/Worker Upgrade

Take the following steps to prepare an offline upgrade from 6.1.x or 6.2.x to 6.3.2 for your supervisor and worker(s).

  1. Upload the FSM_Upgrade_All_6.3.2_build0343.zip onto the 6.1.x or 6.2.x Supervisor/Worker under the /tmp/ folder.

  2. Log in and unzip the upgrade package by running the following commands.

    # ssh root@<Super/Worker>

    # mkdir -p /opt/upgrade/

    # mv /tmp/FSM_Upgrade_All_6.3.2_build0343.zip /opt/upgrade/

    # unzip FSM_Upgrade_All_6.3.2_build0343.zip

  3. Modify the necessary repository files by running the following set of commands.

    Update the Repos Files

    # cd /opt/upgrade/FSM_Upgrade_All_6.3.2_build0343/install/roles/upgrade/files/repos/

    # sed -i 's/baseurl=https\:\/\/os-pkgs-cdn.fortisiem.fortinet.com\/centos84/baseurl=https\:\/\/<REPOSITORY MIRROR IP>\/repos\/centos\/84/g' *.repo

    # sed -i 's/https\:\/\/os-pkgs-c8.fortisiem.fortinet.com.*//g' *.repo

    # sed -i 's/enabled=1/enabled=1\nsslverify=false/g' *.repo

    Update PSQL DB Repo

    # cd /opt/upgrade/FSM_Upgrade_All_6.3.2_build0343/install/roles/upgrade-db-server/files

    # sed -i 's/baseurl=https\:\/\/os-pkgs- cdn.fortisiem.fortinet.com\/centos84/baseurl=https\:\/\/<REPOSITORY MIRROR IP>\/repos\/centos\/84/g' *.repo

    # sed -i 's/https\:\/\/os-pkgs-c8.fortisiem.fortinet.com.*//g' *.repo

    # sed -i 's/enabled=1/enabled=1\nsslverify=false/g' *.repo

    Update Files that Pick Up the GPG Key for PSQL

    # cd /opt/upgrade/FSM_Upgrade_All_6.3.2_build0343/install/roles/upgrade/tasks/

    # sed -i 's/\-o \/etc\/pki\/rpm\-gpg\/RPM\-GPG\-KEY\-PGDG https\:\/\/os\-pkgs\- cdn.fortisiem.fortinet.com\/centos8\/gpg\-keys\/RPM\-GPG\-KEY\-PGDG/\-k \-o \/etc\/pki\/rpm\-gpg\/RPM\-GPG\-KEY\-PGDG https\:\/\/<REPOSITORY MIRROR IP>\/repos\/centos\/84\/gpg\-keys\/RPM\-GPG\-KEY\-PGDG/g' main.yml

    # cd /opt/upgrade/FSM_Upgrade_All_6.3.2_build0343/install/roles/upgrade-db-server/tasks/

    # sed -i 's/\-o \/etc\/pki\/rpm\-gpg\/RPM\-GPG\-KEY\-PGDG https\:\/\/os\-pkgs\- cdn.fortisiem.fortinet.com\/centos8\/gpg\-keys\/RPM\-GPG\-KEY\-PGDG/\-k \-o \/etc\/pki\/rpm\-gpg\/RPM\-GPG\-KEY\-PGDG https\:\/\/<REPOSITORY MIRROR IP>\/repos\/centos\/84\/gpg\-keys\/RPM\-GPG\-KEY\-PGDG/g' main.yml

    Perform Clean Up
    # dnf clean all

  4. Repackage the upgrade zip file to prepare for collector upgrade.

    # cd /opt/upgrade/

    # mv /opt/upgrade/FSM_Upgrade_All_6.3.2_build0343.zip /tmp/

    # zip -r FSM_Upgrade_All_6.3.2_build0343.zip FSM_Upgrade_All_6.3.2_build0343

  5. Use the Upgrade Guide located in 6.3 Reference Manuals to continue with your upgrade for the supervisor and worker(s).

Collector Upgrade

After the supervisor upgrade has been completed, follow the Upgrade Guide in 6.3 Reference Manuals for the collector upgrade. Make sure you use the zip file created at Supervisor/Worker Upgrade step 4.

Upgrading Multiple Collector Nodes in an Online and/or Offline Environment

If an environment contains multiple collectors, some in open environments and some in closed (No internet access) environments, it is recommended to upgrade the collectors in the open environment first. Upgrading collectors that are in an open environment does not require modification to the upgrade package. After all collectors in the open environment are upgraded, handle the offline collector upgrade by performing modifications to the upgrade package, and then performing the upgrade.

Steps:

  1. Upgrade online collector using the steps here

  2. Repeat above step (step 1) for all online collectors. After all online collectors have been upgraded, proceed with step below (step 3).

  3. Modify the upgrade package for offline collector upgrade by following the Supervisor/Worker Upgrade section.

  4. Use the modified upgrade package from Supervisor/Worker Upgrade step 4 to upgrade the offline collectors using the instructions here

  5. Repeat above step (step 4) for all offline collector upgrades.

Configuring Existing FSM Install to use Local Repository Mirror

Sometimes you may want to run a "yum update" on an existing FortiSIEM installation to get the latest patches. Follow these steps to avoid internet access during this step.

Note: This configuration is needed to run Yum updates without needing to go to the internet.

  1. Log into all FortiSIEM Supervisor/Worker(s)/Collector(s) that will pull from the new repository by running the following commands.

    # ssh root@<Super/Worker/Collector IP>

    # cd /etc/yum.repos.d

  2. Modify necessary repository files by running the following commands.

    # sed -i 's/baseurl=https\:\/\/os-pkgs-cdn.fortisiem.fortinet.com\/centos83/baseurl=https\:\/\/<REPOSITORY MIRROR IP>\/repos\/centos\/84/g' *.repo
    # sed -i 's/https\:\/\/os-pkgs-c8.fortisiem.fortinet.com.*//g' *.repo
    # sed -i 's/enabled=1/enabled=1\nsslverify=false/g' *.repo
    # dnf clean all
  3. Connect and update from the local repository mirror by running the following the following command.

    # dnf update -y / # yum update -y

    Output when running an update against the mirror
          CentOS Linux 8 - AppStream                                               61 MB/s | 6.3 MB     00:00    
          CentOS Linux 8 - BaseOS                                                  34 MB/s | 2.3 MB     00:00    
          CentOS-8 - Extras                                                       170 kB/s | 8.6 kB     00:00    
          CentOS Linux 8 - PowerTools                                              33 MB/s | 2.0 MB     00:00    
          ELRepo.org Community Enterprise Linux Repository - el8                  4.0 MB/s | 220 kB     00:00    
          Extra Packages for Enterprise Linux 8 - x86_64                          8.6 MB/s | 536 kB     00:00    
          Extra Packages for Enterprise Linux 8 - x86_64                           79 MB/s | 8.9 MB     00:00    
          PostgreSQL common RPMs for RHEL/CentOS 8 - x86_64                       9.9 MB/s | 534 kB     00:00    
          PostgreSQL 13 for RHEL/CentOS 8 - x86_64                                4.5 MB/s | 256 kB     00:00    
          Dependencies resolved.
          Nothing to do.
          Complete!

     

Modifying Repo Destination for Super/Worker/Collector from a Previous Offline Upgrade Destination

This moves your repo target from Centos 8.3 to Centos 8.4. If a previous offline repository has been created, use the steps in Syncing the Local Repository Mirror to ensure you have updated to Centos 8.4 repository before upgrading or modifying the following.

  1. Complete Syncing the Local Repository Mirror for CentosOS 8.4.

  2. Update the Supervisor/Worker/Collector repository before upgrading by running the following.

    # cd /etc/yum.repos.d
    # sed -i 's/\/centos\/83/\/centos\/84/g' *.repo
    # dnf clean all

Local CentOS Repository Mirror Installation

Follow these steps to setup a local CentOS repository mirror in your internal network. FortiSIEM will only communicate with this local CentOS repository mirror whenever needed, thereby avoiding internet access.

You will be going through these general steps:

  1. Deploying the base VM to state and setup access to the repository
  2. Replicating the remote repository into your new internal mirror
  3. Testing the internal mirror for accessibility
  4. A walk through for all the FSM nodes in order to reach the internal mirror:wwq

 

Instructions are broken down into the following sections.

 

Repository Mirror Deployment and Apache Staging

This server is required to have internet access and be able to resolve [os-pkgs-cdn.fortisiem.fortinet.com] or [os-pkgs-c8.fortisiem.fortinet.com] in order to prepare the repository mirror. Once the Repository Mirror is completed, the internet connection can then be cut off from this repository mirror until the next time the mirror needs to be updated.

When the above conditions are met, take the following steps:

 

  1. Download the 6.3.2.0343 FortiSIEM image and create a VM on your preferred hypervisor.
  2. Add an 100GB disk to the FortiSIEM image that was deployed by taking the following steps:
    Note: Instructions to add a disk is based off of vSphere 6.7. Your hypervisor may differ in instructions, but the concept is the same.
    1. Right click the FortiSIEM VM > Editing Settings.
    2. In the pop-up, click "Add New Device".
    3. Find "Hard Disk" and select it.
    4. Configure it for 100GB.
    5. Click "OK" to save the configuration.
    6. Boot the FortiSIEM image.

 

Configuring the Network Adapter

To complete the configuration, take the following steps:

  1. Log into the FortiSIEM console through your hypervisor.
    Default login:
    User = root
    Password = ProspectHills
  2. Immediately change the root password.
  3. Enter the IP address configuration utility by running the following command:
    # nmtui-edit eth0
  4. Go to IPv4 CONFIGURATION, toggle Automatic, and select Manual from the menu.
  5. Toggle Show to expand the configuraion.
  6. In the Addresses field, add an IP address/netmask (CIDR).
    Example: 192.168.1.1/24
    Note: Use the tool at this URL to convert netmask to CIDR.
    https://www.xarg.org/tools/subnet-calculator/
  7. In the Gateway field, enter the Gateway IP address.
    Example: 192.168.1.254
  8. In the DNS Servers field, toggle Add, and select IP of DNS.
    Example: 1.1.1.1
  9. In the DNS Servers field, Toggle Add, and add the IP of the second DNS.
    Example: 1.0.0.1
  10. Toggle the Automatically connect setting to enable.
  11. Toggle the Available to all users setting to enable.
  12. Toggle to OK.


  13. Restart the network adapter.
    # ifdown eth0
    # ifup eth0
  14. Check if the IP address is assigned to the network adapter.
    # ifconfig eth0
    The IP address will be assigned to eth0.
  15. Ping an external address to verify network connectivity.
    # ping <ip address>
    or
    # ping google.com

 

Installing the Yum-Utils Package

Take the following steps to install the yum-utils package.

  1. Clean the current respository from the VM.
    # dnf clean all
  2. Install the yum-utils package.
    # dnf install yum-utils -y

 

Preparing the Disk for the Local Repository Mirror

Take the following steps to prepare your disk for the local repository mirror.

  1. Look for the 100GB disk created when the ova was deployed.

    # lsblk
    NAME        MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
    sda           8:0    0   25G  0 disk
    ├─sda1        8:1    0    1G  0 part /boot
    └─sda2        8:2    0   24G  0 part
    ├─cl-swap 253:0    0  2.5G  0 lvm  [SWAP]
    └─cl-root 253:1    0 21.5G  0 lvm  /
    sdb           8:16   0   100G  0 disk 			<< New disk
  2. Format the disk using xfs file system.

    # mkfs.xfs /dev/sdb

  3. Create a new mount point for the new disk.

    # mkdir /repos

  4. Mount the disk.

    # mount -t xfs /dev/sdb /repos

    # chmod 755 /repos

  5. Edit /etc/fstab and add the mount entry permanently.

    # vi /etc/fstab

    /dev/sdb /repos                   xfs     defaults        0 0
  6. Test /etc/fstab to verify configuration.

    # mount -a

 

Configuring Apache to Publish the Local Repository Mirror

Take the following steps to configure Apache to publish the local repository mirror.

  1. Create the link to the repository path.

    # cd /var/www/html/

    # ln -sf /repos repos

    # ls -l /var/www/html/

    result: lrwxrwxrwx. 1 root root 6 Mar 26 16:18 repos -> /repos

  2. Restart Apache.

    # systemctl restart httpd

 

Verifying Remote Connectivity to the Local Repository Mirror

Take the following step to verify remote connectivity with the repository mirror.

  1. From the local network workstation's browser, go to: https://<Repository Mirror IP Address>/

 

Syncing the Local Repository Mirror

Take the following steps to sync the local repository mirror.

  1. Sync the FSM Mirror to the repository mirror.
    # mkdir -p /repos/centos/84/gpg-keys

    # cd /repos/centos/84/gpg-keys

    # wget https://os-pkgs-cdn.fortisiem.fortinet.com/centos84/gpg-keys/RPM-GPG-KEY-EPEL-8

    # wget https://os-pkgs-cdn.fortisiem.fortinet.com/centos84/gpg-keys/RPM-GPG-KEY-PGDG

    # wget https://os-pkgs-cdn.fortisiem.fortinet.com/centos84/gpg-keys/RPM-GPG-KEY-elrepo.org

    # cd /repos/centos/84/

    Note: Reposync will take a larger period of time as it's replicating the entire mirror.

    # reposync --download-meta --repo=elrepo-testing

    # reposync --download-meta --repo=plus

    # reposync --download-meta

  2. Verify repository mirror's folder paths.

    # ls -l /repos/centos/84/
    drwxr-xr-x  4 root root    38 Jun 17 20:21 appstream
    drwxr-xr-x  4 root root    38 Jun 17 20:22 baseos
    drwxr-xr-x  4 root root    34 Jun 17 20:23 elrepo
    drwxr-xr-x  4 root root    52 Jun 17 21:39 elrepo-testing
    drwxr-xr-x  4 root root    38 Jun 17 20:23 epel
    drwxr-xr-x  4 root root    38 Jun 17 20:23 epel-modular
    drwxr-xr-x  4 root root    38 Jun 17 20:22 extras
    drwxr-xr-x  2 root root    86 Jun 17 18:30 gpg-keys
    drwxr-xr-x  3 root root 20480 Jun 17 20:53 pgdg13
    drwxr-xr-x  3 root root 20480 Jun 17 20:52 pgdg-common
    drwxr-xr-x  4 root root    38 Jun 17 20:20 plus
    drwxr-xr-x  4 root root    38 Jun 17 20:22 powertools
    
  3. Modify Permissions and Restart Apache on the repository mirror.
    # chmod -R 755 /repos
    # systemctl restart httpd

  4. Check repository mirror.
    Locally, run the following command:
    # curl -k https://localhost/repos/centos/84/
    Remotely:
    Open a browser, and go to: https://<Repository Mirror IP>/repos/centos/84/