Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    User Guide

    Home FortiSIEM 7.0.2 User Guide
    7.0.2
    7.5.0
    7.4.2
    7.4.1
    7.4.0
    7.3.5
    7.3.4
    7.3.3
    7.3.2
    7.3.1
    7.3.0
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.9
    7.1.8
    7.1.7
    7.1.6
    7.1.5
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    4.10.0
    4.9.0
    4.8.1
    4.7.2

    Adding Network Interfaces

    Adding Network Interfaces

    FortiSIEM is configured to only use eth0 network interface by default. This section describes steps to add another interface, so that GUI traffic, storage traffic, and device access traffic can be split across multiple interface via proper routing.

    Notes:

    1. Primary (eth0) should not be removed or disabled and is required for normal operation of FortiSIEM.
    2. These are general steps to add interfaces. These instructions do not cover making changes to the firewall.

    To configure an additional network interface, choose the appropriate FortiSIEM deployment.

    Adding Interfaces for FortiSIEM Virtual Machine Based Deployments

    Take the following steps to configure your FortiSIEM Virtual Machine based deployment with an additional network interface.

    Step 1 – Modify VM Hardware Configuration on the Hypervisor

    Log into the hypervisor and add a new network interface into FortiSIEM.

    1. Edit the Supervisor VM.
    2. Add a new network device to the VM.
    3. Associate it with the desired network on the host.
    4. Save configuration.
      Note: You may be required to reboot the FortiSIEM VM so that the network interface is available within the FortiSIEM VM.

    Step 2 - Configure the Additional Interface on FortiSIEM

    SSH into the Supervisor as root.

    1. Verify if the interface added in Step 1 is available by running the following command.

      ifconfig -a

      Note: eth1, bolded in ifconfig -a Output, is the name of the new interface that was added.

      ifconfig -a Output

      eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.30.57.230  netmask 255.255.252.0  broadcast 172.30.59.255
        inet6 fe80::250:56ff:fea9:c9c9  prefixlen 64  scopeid 0x20<link>
        ether 00:50:56:a9:c9:c9  txqueuelen 1000  (Ethernet)
        RX packets 50833491  bytes 30705896470 (28.5 GiB)
        RX errors 0  dropped 26644  overruns 0  frame 0
        TX packets 9726951  bytes 66973923534 (62.3 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::d215:a34c:98a5:6e23  prefixlen 64  scopeid 0x20<link>
        ether 00:50:56:a9:78:29  txqueuelen 1000  (Ethernet)
        RX packets 1200  bytes 74944 (73.1 KiB)
        RX errors 0  dropped 5  overruns 0  frame 0
        TX packets 13  bytes 1790 (1.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 110506670  bytes 72885247042 (67.8 GiB)
        RX errors 0  dropped 418  overruns 0  frame 0
        TX packets 110506670  bytes 72885247042 (67.8 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
    2. Configure the interface by taking the following steps.

      Note: The interface name may differ due to hypervisor naming of interfaces. Below is an example of interface named eth1.

      1. Run the following command to go to the network-scripts directory.

        cd /etc/sysconfig/network-scripts/

      2. Run the following command to create the ifcfg-eth1 file from ifcfg-eth0.

        cp -a ifcfg-eth0 ifcfg-eth1

      3. Edit the ifcfg-eth1 file and save changes (can be done via vi editor for example), following the instructions that appear after "<<".

        TYPE=Ethernet
BOOTPROTO=static
NAME=eth0   << change to new interface name
DEVICE=eth0 << change to new interface name 
ONBOOT=yes
IPV6INIT=no

IPADDR=172.30.57.230  << change the IP to the new IP
NETMASK=255.255.252.0 << change the netmask to the new netmask
GATEWAY=172.30.56.1   << remove the line or comment as eth0 typically has the default gateway defined.

DNS1=1.1.1.1
DNS2=172.30.1.106

      4. Reset the interface to take the configuration in effect by running the following commands.

        # ifdown eth1
# ifup eth1
    3. Optional: Configure routes to other networks via the additional interface

      Adding route example:

      # ip route add <network_ip>/<cidr> via <gateway_ip> dev <network_card_name> metric <metric_value>

      Example:

      ip route add 172.30.0.0/16 via 172.30.52.1 dev eth1 metric 101

      If you want to manually create a routing configuration file and make it persistent across reboots, then follow these steps. Suppose you want to create an IPv4 route to the 172.30.0.0/16 network via eth1 interface, with 172.30.52.1 as the default gateway. The gateway for the static route must be directly reachable on eth1.

      1. Add the static IPv4 route to the /etc/sysconfig/network-scripts/route-eth1 file:

        172.30.0.0/16 via 172.30.52.1 dev eth1

      2. Restart the network:

        # systemctl restart NetworkManager.service

    4. Verify connectivity through all interfaces.

    Adding Interfaces for FortiSIEM Hardware Appliances

    The physical interfaces should already be available. The number may vary depending on the HW appliance, e.g. the HW appliance may display 4 interfaces: eth0 thru eth3 (4 interfaces in total).

    After you SSH onto the supervisor as root, take the following steps.

    1. Verify the available interfaces by running the following command.

      # ifconfig -a

      Your ifconfig -a output should appear similar to the following, and allow you to confirm the available interfaces. In this case, eth1, eth2, eth3, which are bolded, are identified interfaces.

      ifconfig -a Output

      eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.65.20.201  netmask 255.255.252.0  broadcast 10.65.23.255
        inet6 fe80::ae1f:6bff:fe47:b318  prefixlen 64  scopeid 0x20<link>
        ether ac:1f:6b:47:b3:18  txqueuelen 1000  (Ethernet)
        RX packets 31177113  bytes 7280636740 (6.7 GiB)
        RX errors 0  dropped 3746071  overruns 0  frame 0
        TX packets 617574  bytes 142045223 (135.4 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device memory 0xfb560000-fb57ffff  

eth1: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether ac:1f:6b:47:b3:19  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device memory 0xfb540000-fb55ffff  

eth2: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether ac:1f:6b:47:b3:1a  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device memory 0xfb520000-fb53ffff  

eth3: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether ac:1f:6b:47:b3:1b  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device memory 0xfb500000-fb51ffff  

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 7419278  bytes 387353322 (369.4 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 7419278  bytes 387353322 (369.4 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
    2. Configure the new interface.

      Note: Choose any interface you would like to configure. This example provides an example for configuring eth1.

      1. Run the following command to go to the network-scripts directory.

        cd /etc/sysconfig/network-scripts/

      2. Run the following command to create ifcfg-eth1 using ifcfg-eth0.

        cp -a ifcfg-eth0 ifcfg-eth1

      3. Edit the ifcfg-eth1 file and save changes, following the instructions that appear after the "<<".

        TYPE=Ethernet
BOOTPROTO=static
NAME=eth0   << change to new interface name
DEVICE=eth0 << change to new interface name 
ONBOOT=yes
IPV6INIT=no

IPADDR=172.30.57.230  << change the IP to the new IP
NETMASK=255.255.252.0 << change the netmask to the new netmask
GATEWAY=172.30.56.1   << remove the line or comment as eth0 typically has the default gateway defined.

DNS1=1.1.1.1  << add at least one DNS server
DNS2=172.30.1.106

        If using vi, save the configuration by pressing ESC then :x!

      4. Reset the interface to take the configuration in effect by running the following commands.

        # ifdown eth1
# ifup eth1
    3. Optional: Configure routes to other networks via the additional interface.

      Adding route example:

      # ip route add <network_ip>/<cidr> via <gateway_ip> dev <network_card_name> metric <metric_value>

      Example:

      ip route add 172.30.0.0/16 via 172.30.52.1 dev eth1 metric 101

      If you want to manually create a routing configuration file and make it persistent across reboots, then follow these steps. Suppose you want to create an IPv4 route to the 172.30.0.0/16 network via eth1 interface, with 172.30.52.1 as the default gateway. The gateway for the static route must be directly reachable on eth1.

      1. Add the static IPv4 route to the /etc/sysconfig/network-scripts/route-eth1 file:

        172.30.0.0/16 via 172.30.52.1 dev eth1

      2. Restart the network.

        # systemctl restart NetworkManager.service

    4. Verify connectivity through all interfaces.
    Previous
    Next

    Adding Network Interfaces

    Adding Network Interfaces

    FortiSIEM is configured to only use eth0 network interface by default. This section describes steps to add another interface, so that GUI traffic, storage traffic, and device access traffic can be split across multiple interface via proper routing.

    Notes:

    1. Primary (eth0) should not be removed or disabled and is required for normal operation of FortiSIEM.
    2. These are general steps to add interfaces. These instructions do not cover making changes to the firewall.

    To configure an additional network interface, choose the appropriate FortiSIEM deployment.

    Adding Interfaces for FortiSIEM Virtual Machine Based Deployments

    Take the following steps to configure your FortiSIEM Virtual Machine based deployment with an additional network interface.

    Step 1 – Modify VM Hardware Configuration on the Hypervisor

    Log into the hypervisor and add a new network interface into FortiSIEM.

    1. Edit the Supervisor VM.
    2. Add a new network device to the VM.
    3. Associate it with the desired network on the host.
    4. Save configuration.
      Note: You may be required to reboot the FortiSIEM VM so that the network interface is available within the FortiSIEM VM.

    Step 2 - Configure the Additional Interface on FortiSIEM

    SSH into the Supervisor as root.

    1. Verify if the interface added in Step 1 is available by running the following command.

      ifconfig -a

      Note: eth1, bolded in ifconfig -a Output, is the name of the new interface that was added.

      ifconfig -a Output

      eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.30.57.230  netmask 255.255.252.0  broadcast 172.30.59.255
        inet6 fe80::250:56ff:fea9:c9c9  prefixlen 64  scopeid 0x20<link>
        ether 00:50:56:a9:c9:c9  txqueuelen 1000  (Ethernet)
        RX packets 50833491  bytes 30705896470 (28.5 GiB)
        RX errors 0  dropped 26644  overruns 0  frame 0
        TX packets 9726951  bytes 66973923534 (62.3 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::d215:a34c:98a5:6e23  prefixlen 64  scopeid 0x20<link>
        ether 00:50:56:a9:78:29  txqueuelen 1000  (Ethernet)
        RX packets 1200  bytes 74944 (73.1 KiB)
        RX errors 0  dropped 5  overruns 0  frame 0
        TX packets 13  bytes 1790 (1.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 110506670  bytes 72885247042 (67.8 GiB)
        RX errors 0  dropped 418  overruns 0  frame 0
        TX packets 110506670  bytes 72885247042 (67.8 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
    2. Configure the interface by taking the following steps.

      Note: The interface name may differ due to hypervisor naming of interfaces. Below is an example of interface named eth1.

      1. Run the following command to go to the network-scripts directory.

        cd /etc/sysconfig/network-scripts/

      2. Run the following command to create the ifcfg-eth1 file from ifcfg-eth0.

        cp -a ifcfg-eth0 ifcfg-eth1

      3. Edit the ifcfg-eth1 file and save changes (can be done via vi editor for example), following the instructions that appear after "<<".

        TYPE=Ethernet
BOOTPROTO=static
NAME=eth0   << change to new interface name
DEVICE=eth0 << change to new interface name 
ONBOOT=yes
IPV6INIT=no

IPADDR=172.30.57.230  << change the IP to the new IP
NETMASK=255.255.252.0 << change the netmask to the new netmask
GATEWAY=172.30.56.1   << remove the line or comment as eth0 typically has the default gateway defined.

DNS1=1.1.1.1
DNS2=172.30.1.106

      4. Reset the interface to take the configuration in effect by running the following commands.

        # ifdown eth1
# ifup eth1
    3. Optional: Configure routes to other networks via the additional interface

      Adding route example:

      # ip route add <network_ip>/<cidr> via <gateway_ip> dev <network_card_name> metric <metric_value>

      Example:

      ip route add 172.30.0.0/16 via 172.30.52.1 dev eth1 metric 101

      If you want to manually create a routing configuration file and make it persistent across reboots, then follow these steps. Suppose you want to create an IPv4 route to the 172.30.0.0/16 network via eth1 interface, with 172.30.52.1 as the default gateway. The gateway for the static route must be directly reachable on eth1.

      1. Add the static IPv4 route to the /etc/sysconfig/network-scripts/route-eth1 file:

        172.30.0.0/16 via 172.30.52.1 dev eth1

      2. Restart the network:

        # systemctl restart NetworkManager.service

    4. Verify connectivity through all interfaces.

    Adding Interfaces for FortiSIEM Hardware Appliances

    The physical interfaces should already be available. The number may vary depending on the HW appliance, e.g. the HW appliance may display 4 interfaces: eth0 thru eth3 (4 interfaces in total).

    After you SSH onto the supervisor as root, take the following steps.

    1. Verify the available interfaces by running the following command.

      # ifconfig -a

      Your ifconfig -a output should appear similar to the following, and allow you to confirm the available interfaces. In this case, eth1, eth2, eth3, which are bolded, are identified interfaces.

      ifconfig -a Output

      eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.65.20.201  netmask 255.255.252.0  broadcast 10.65.23.255
        inet6 fe80::ae1f:6bff:fe47:b318  prefixlen 64  scopeid 0x20<link>
        ether ac:1f:6b:47:b3:18  txqueuelen 1000  (Ethernet)
        RX packets 31177113  bytes 7280636740 (6.7 GiB)
        RX errors 0  dropped 3746071  overruns 0  frame 0
        TX packets 617574  bytes 142045223 (135.4 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device memory 0xfb560000-fb57ffff  

eth1: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether ac:1f:6b:47:b3:19  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device memory 0xfb540000-fb55ffff  

eth2: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether ac:1f:6b:47:b3:1a  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device memory 0xfb520000-fb53ffff  

eth3: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether ac:1f:6b:47:b3:1b  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device memory 0xfb500000-fb51ffff  

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 7419278  bytes 387353322 (369.4 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 7419278  bytes 387353322 (369.4 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
    2. Configure the new interface.

      Note: Choose any interface you would like to configure. This example provides an example for configuring eth1.

      1. Run the following command to go to the network-scripts directory.

        cd /etc/sysconfig/network-scripts/

      2. Run the following command to create ifcfg-eth1 using ifcfg-eth0.

        cp -a ifcfg-eth0 ifcfg-eth1

      3. Edit the ifcfg-eth1 file and save changes, following the instructions that appear after the "<<".

        TYPE=Ethernet
BOOTPROTO=static
NAME=eth0   << change to new interface name
DEVICE=eth0 << change to new interface name 
ONBOOT=yes
IPV6INIT=no

IPADDR=172.30.57.230  << change the IP to the new IP
NETMASK=255.255.252.0 << change the netmask to the new netmask
GATEWAY=172.30.56.1   << remove the line or comment as eth0 typically has the default gateway defined.

DNS1=1.1.1.1  << add at least one DNS server
DNS2=172.30.1.106

        If using vi, save the configuration by pressing ESC then :x!

      4. Reset the interface to take the configuration in effect by running the following commands.

        # ifdown eth1
# ifup eth1
    3. Optional: Configure routes to other networks via the additional interface.

      Adding route example:

      # ip route add <network_ip>/<cidr> via <gateway_ip> dev <network_card_name> metric <metric_value>

      Example:

      ip route add 172.30.0.0/16 via 172.30.52.1 dev eth1 metric 101

      If you want to manually create a routing configuration file and make it persistent across reboots, then follow these steps. Suppose you want to create an IPv4 route to the 172.30.0.0/16 network via eth1 interface, with 172.30.52.1 as the default gateway. The gateway for the static route must be directly reachable on eth1.

      1. Add the static IPv4 route to the /etc/sysconfig/network-scripts/route-eth1 file:

        172.30.0.0/16 via 172.30.52.1 dev eth1

      2. Restart the network.

        # systemctl restart NetworkManager.service

    4. Verify connectivity through all interfaces.
    Previous
    Next