FortiSIEM communicates to devices and applications using multiple protocols. In many instances, access credentials for discovery protocols such as SNMP and WMI must be associated to the real IP address (assigned to a network interface) of the device, while application performance or synthetic transaction monitoring protocols (such as JDBC) will need the Virtual IP (VIP) assigned to the cluster. Since FortiSIEM uses a single access IP to communicate to a device, you must create an address translation for the Virtual IPs.
- Log into your FortiSIEM virtual appliance as
- Update the mapping in your IP table to map the IP address used in setting up your access credentials to the virtual IP.
iptables -t nat -A OUTPUT -p tcp --destination <access-ip> --dport <destPort> -j DNAT --to-destination <virtual-ip>:<destPort>'
As an example, suppose an Oracle database server is running on a server with a network address of
10.1.1.1, which is in a cluster with a VIP of
192.168.1.1. The port used to communicate with Oracle over JDBC is 1521. In this case, the update command would be:
iptables -t nat -A OUTPUT -p tcp --destination 10.1.1.1 --dport 1521 -j DNAT --to-destination 192.168.1.1:1521