Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • NFS Storage Guide

    Home FortiSIEM 7.2.3 NFS Storage Guide
    7.2.3
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.7
    7.1.6
    7.1.5
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.7.9
    6.7.8
    6.7.7
    6.7.6
    6.7.5
    6.7.4
    6.7.3
    6.7.2
    6.7.1
    6.7.0
    6.6.5
    6.6.4
    6.6.3
    6.6.2
    6.6.1
    6.6.0
    6.5.3
    6.5.2
    6.5.1
    6.5.0
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.3.3
    6.3.2
    6.3.1
    6.3.0
    6.2.1
    6.2.0
    6.1.2
    6.1.1
    6.1.0
    5.4.0
    5.3.3
    5.3.2
    5.3.1
    5.3.0
    5.2.6
    5.2.5
    5.2.1
    5.1.2
    5.0.0

    Installing NFS Server for FortiSIEM Event Storage

    Installing NFS Server for FortiSIEM Event Storage

    When you install FortiSIEM, you have the option to use either local storage or NFS storage. For cluster deployments using Workers, the use of an NFS Server is required for the Supervisor and Workers to communicate with each other. This document describes how to set up and configure NFS servers for use with FortiSIEM.

    note icon
    • NFS Server on Windows is not supported.
    • If Elasticsearch is chosen as the Event Database, the Supervisor needs an additional 8 GB RAM - in this case, the minimum requirement of the Supervisor is 32 GB RAM.
    • If NFS is chosen as the storage option, FortiSIEM mounts the NFS partition using NFSv3 protocol by default. However, most Linux based NFS servers and commercial servers also support the NFSv4.1 protocol which allows parallel I/O from threads/processes on the same node. NFSv3 serializes I/O across threads/processes on one machine. Based on the FortiSIEM performance testing results using NFSv4.1 protocol - if the customer NFS server supports NFS v4.1, it is recommended to change the mount option manually across Super and Workers and reboot the cluster. In the /etc/fstab file, change the value nfsvers=3 to nfsvers=4.1. Make sure you test this on a separate mount point before making the change on FortiSIEM cluster.
    • For sizing the NFS event storage please refer to the Sizing Guide.

    Installation in Rocky Linux

    Step 1: Install the NFS Server

    Follow these steps to install NFS Server in Rocky Linux:

    1. Login to the Rocky Linux server as root.
    2. Download and install the NFS packages using the following command.

      # dnf install nfs-utils

    3. Start and enable the NFS service by running the following scripts.

      # systemctl start nfs-server

      # systemctl enable nfs-server

    4. Check NFS service status:

      # systemctl status nfs-server

    5. Create a new directory in large volume to share with the FortiSIEM Supervisor and Worker nodes, and change the access permissions to provide FortiSIEM with access to the directory using the command:

      # mkdir /FortiSIEM

      # chmod -R 777 /FortiSIEM // without this permission, installation won't work

    6. Edit and the save the /etc/exports file by adding the following lines. This enables the FortiSIEM Supervisor and Worker nodes access to the /FortiSIEM directory.

      /FortiSIEM <Supervisor_IP_Address>(rw,sync,no_root_squash)

      /FortiSIEM <Worker1_IP_Address>(rw,sync,no_root_squash)

      /FortiSIEM <Worker2_IP_Address>(rw,sync,no_root_squash)

    7. Export the directories in /etc/exports by running this command:

      # exportfs -arv

    8. If firewalld is installed, then enable the FortiSIEM Supervisor and Worker to communicate by adding these firewall rules:

      firewall-cmd --permanent --add-service=nfs

      firewall-cmd --permanent --add-service=rpc-bind

      firewall-cmd --permanent --add-service=mountd

      firewall-cmd --reload

    9. Restart the NFS server using the command:

      # systemctl status nfs-server

    Step 2: Check the Exported Directories

    Follow these steps to check the exported directories from the FortiSIEM Supervisor and Worker Nodes:

    1. Login to the Supervisor and run this command:

      # showmount -e <NFS Server>

    2. Make sure the exported list is correct as follows:

      /FortiSIEM <Supervisor_IP>,<Worker1_IP>,<Worker2_IP>

    3. Repeat the previous steps for each Worker node.

    Step 3. Optional—Enable NFS 4.1 on FortiSIEM Nodes

    Follow these steps to enable NFS 4.1 on FortiSIEM Super and Worker Nodes:

    1. Make sure your NFS Server supports NFS 4.1.
    2. Login to each node.
    3. Edit the /etc/fstab file to change the value nfsvers=3 to nfsvers=4.1.
    4. Save the file.
    5. Reboot the node.

    Installation in an AWS Environment

    Follow these steps to install NFS Server in an AWS Environment

    Step 1: Launch NFS Server

    Follow these steps to launch the NFS Server from the AWS Marketplace

    1. Login to your AWS account.
    2. Go to Services > Compute > EC2.
    3. Click EC2 Dashboard > Launch Instance.
    4. Select the Rocky Linux Instance.
    5. Click Compute Optimized C5 Instance.
    6. Configure the Instance details following the steps:
      1. Choose '1' in the number of instances.
      2. Choose 'Network' as the VPC selected for Supervisor and Worker nodes.
      3. Choose 'Subnet' as the subnet where you want to launch FortiSIEM VMs.
      4. Set Auto-assign public IP as 'Disabled'.
      5. Set Shutdown behavior as 'Stop'
      6. Check Enable termination protection.
      7. In Network Interfaces, choose the Primary IP as the Private IP of your choice within that subnet.

        You can select 'Auto-Assign' which is the default option.

      8. Click Add Storage.

        You can the default for root partition. Since you need storage for event data, add a new EBS volume based on your storage requirements (minimum 50GB).

      9. Click Add Tags. You can add a tag similar to “FortiSIEM EventDB NFS” to search the instance.
      10. Click Configure Security Group.
      11. Create a new Security Group and keep the defaults which are needed for FortiSIEM to operate.
      12. Click Review and Launch and click Launch.
      13. Select Create a new key pair and provide a key pair name of your choice.
      14. Click Download Key Pair and save the .pem file.
      15. Click Launch Instance and wait for the instance to start.
    7. Configure Elastic IP following these steps:
      1. Go to EC2 Dashboard > Elastic IPs.
      2. Click Allocate New Address.
      3. Select VPC and click Allocate.

        The IP address will be allocated.

      4. Click the Elastic IP that was allocated.
      5. Click Actions > Associate address and select the instance by searching the tag you created in Step 6i.
      6. Click Associate.

    Step 2: Start and Configure the NFS Server

    Follow these steps to start and configure the NFS server.

    1. SSH into the NFS server using the keys in Step 6m above, using user 'rocky'.

      For details about connecting to the instance, see here.

    2. Follow the instructions in Steps 1, 2 and 3 in Installation in Rocky Linux.
    Previous
    Next

    Installing NFS Server for FortiSIEM Event Storage

    Installing NFS Server for FortiSIEM Event Storage

    When you install FortiSIEM, you have the option to use either local storage or NFS storage. For cluster deployments using Workers, the use of an NFS Server is required for the Supervisor and Workers to communicate with each other. This document describes how to set up and configure NFS servers for use with FortiSIEM.

    note icon
    • NFS Server on Windows is not supported.
    • If Elasticsearch is chosen as the Event Database, the Supervisor needs an additional 8 GB RAM - in this case, the minimum requirement of the Supervisor is 32 GB RAM.
    • If NFS is chosen as the storage option, FortiSIEM mounts the NFS partition using NFSv3 protocol by default. However, most Linux based NFS servers and commercial servers also support the NFSv4.1 protocol which allows parallel I/O from threads/processes on the same node. NFSv3 serializes I/O across threads/processes on one machine. Based on the FortiSIEM performance testing results using NFSv4.1 protocol - if the customer NFS server supports NFS v4.1, it is recommended to change the mount option manually across Super and Workers and reboot the cluster. In the /etc/fstab file, change the value nfsvers=3 to nfsvers=4.1. Make sure you test this on a separate mount point before making the change on FortiSIEM cluster.
    • For sizing the NFS event storage please refer to the Sizing Guide.

    Installation in Rocky Linux

    Step 1: Install the NFS Server

    Follow these steps to install NFS Server in Rocky Linux:

    1. Login to the Rocky Linux server as root.
    2. Download and install the NFS packages using the following command.

      # dnf install nfs-utils

    3. Start and enable the NFS service by running the following scripts.

      # systemctl start nfs-server

      # systemctl enable nfs-server

    4. Check NFS service status:

      # systemctl status nfs-server

    5. Create a new directory in large volume to share with the FortiSIEM Supervisor and Worker nodes, and change the access permissions to provide FortiSIEM with access to the directory using the command:

      # mkdir /FortiSIEM

      # chmod -R 777 /FortiSIEM // without this permission, installation won't work

    6. Edit and the save the /etc/exports file by adding the following lines. This enables the FortiSIEM Supervisor and Worker nodes access to the /FortiSIEM directory.

      /FortiSIEM <Supervisor_IP_Address>(rw,sync,no_root_squash)

      /FortiSIEM <Worker1_IP_Address>(rw,sync,no_root_squash)

      /FortiSIEM <Worker2_IP_Address>(rw,sync,no_root_squash)

    7. Export the directories in /etc/exports by running this command:

      # exportfs -arv

    8. If firewalld is installed, then enable the FortiSIEM Supervisor and Worker to communicate by adding these firewall rules:

      firewall-cmd --permanent --add-service=nfs

      firewall-cmd --permanent --add-service=rpc-bind

      firewall-cmd --permanent --add-service=mountd

      firewall-cmd --reload

    9. Restart the NFS server using the command:

      # systemctl status nfs-server

    Step 2: Check the Exported Directories

    Follow these steps to check the exported directories from the FortiSIEM Supervisor and Worker Nodes:

    1. Login to the Supervisor and run this command:

      # showmount -e <NFS Server>

    2. Make sure the exported list is correct as follows:

      /FortiSIEM <Supervisor_IP>,<Worker1_IP>,<Worker2_IP>

    3. Repeat the previous steps for each Worker node.

    Step 3. Optional—Enable NFS 4.1 on FortiSIEM Nodes

    Follow these steps to enable NFS 4.1 on FortiSIEM Super and Worker Nodes:

    1. Make sure your NFS Server supports NFS 4.1.
    2. Login to each node.
    3. Edit the /etc/fstab file to change the value nfsvers=3 to nfsvers=4.1.
    4. Save the file.
    5. Reboot the node.

    Installation in an AWS Environment

    Follow these steps to install NFS Server in an AWS Environment

    Step 1: Launch NFS Server

    Follow these steps to launch the NFS Server from the AWS Marketplace

    1. Login to your AWS account.
    2. Go to Services > Compute > EC2.
    3. Click EC2 Dashboard > Launch Instance.
    4. Select the Rocky Linux Instance.
    5. Click Compute Optimized C5 Instance.
    6. Configure the Instance details following the steps:
      1. Choose '1' in the number of instances.
      2. Choose 'Network' as the VPC selected for Supervisor and Worker nodes.
      3. Choose 'Subnet' as the subnet where you want to launch FortiSIEM VMs.
      4. Set Auto-assign public IP as 'Disabled'.
      5. Set Shutdown behavior as 'Stop'
      6. Check Enable termination protection.
      7. In Network Interfaces, choose the Primary IP as the Private IP of your choice within that subnet.

        You can select 'Auto-Assign' which is the default option.

      8. Click Add Storage.

        You can the default for root partition. Since you need storage for event data, add a new EBS volume based on your storage requirements (minimum 50GB).

      9. Click Add Tags. You can add a tag similar to “FortiSIEM EventDB NFS” to search the instance.
      10. Click Configure Security Group.
      11. Create a new Security Group and keep the defaults which are needed for FortiSIEM to operate.
      12. Click Review and Launch and click Launch.
      13. Select Create a new key pair and provide a key pair name of your choice.
      14. Click Download Key Pair and save the .pem file.
      15. Click Launch Instance and wait for the instance to start.
    7. Configure Elastic IP following these steps:
      1. Go to EC2 Dashboard > Elastic IPs.
      2. Click Allocate New Address.
      3. Select VPC and click Allocate.

        The IP address will be allocated.

      4. Click the Elastic IP that was allocated.
      5. Click Actions > Associate address and select the instance by searching the tag you created in Step 6i.
      6. Click Associate.

    Step 2: Start and Configure the NFS Server

    Follow these steps to start and configure the NFS server.

    1. SSH into the NFS server using the keys in Step 6m above, using user 'rocky'.

      For details about connecting to the instance, see here.

    2. Follow the instructions in Steps 1, 2 and 3 in Installation in Rocky Linux.
    Previous
    Next