Fortinet black logo

Deployment Guide

Home FortiSOAR Cloud 7.4.2 Deployment Guide
7.4.2
7.5.0
7.4.3
7.4.2
7.4.1
7.4.0
7.3.1
7.3.0
7.2.1
7.2.0
7.0.2
7.0.1
7.0.0

Deploying FortiSOAR Cloud

Deploying FortiSOAR Cloud

This section explains how to deploy FortiSOAR Cloud.

To deploy FortiSOAR Cloud:

  1. In the FortiCloud portal, ensure that you have a product entitlement for FortiSOAR Cloud and note your account ID number:
    FortiSOAR Cloud Entitlement in FortiCLoud Portal
    Note

    After creating a FortiCloud account, wait for 30 minutes before moving on to the next step.

  2. On the FortiCare portal, click the FortiSOAR Cloud icon in the upper-left corner to access your FortiSOAR Cloud instance.
    FortiSOAR Instance in the FortiCare portal
  3. Once you log onto FortiSOAR Cloud, you need to select the region and version of the FortiSOAR Cloud image you want to provision:
    FortiSOAR Cloud landing page
    The Account ID on the FortiSOAR Cloud portal represents the dedicated instance.
  4. Once you select the region and image version, click Submit.
    Provisioning the FortiSOAR instance
    Clicking Submit displays the following confirmation dialog:
    Confirmation Dialog for provisioning FSR Cloud
    Clicking Confirm starts the provisioning of the FortiSOAR Cloud instance, which gets provisioned in a few minutes:
    FortiSOAR Cloud provision
    During provisioning, FortiSOAR Cloud performs certain initial configuration steps that are required for FortiSOAR. Initial configuration steps include running the automated, non-interactive FortiSOAR configuration wizard, enabling the embedded Secure Message Exchange, triggering the heartbeat between FortiCloud and FortiSOAR etc.
    Note

    FortiSOAR VM provisioning is considered successful only after FortiCloud receives the first heartbeat from FortiSOAR.


    If there are any provisioning failures, such as failures while FortiSOAR Cloud is performing the initial configuration phase using the automated non-interactive FortiSOAR configuration wizard, including failures while configuring the embedded Secure Message Exchange, then a failure screen detailing the status of each configuration step is displayed, making it simpler to identify the issue. Before using FortiSOAR Cloud, you must use the CLI to fix any issues with the failed steps as their functioning might be hampered. However, if you decide to access FortiSOAR Cloud without rectifying the failed steps, a Proceed Anyway button is provided that enables you to continue using the product while acknowledging the configuration failure:
    FortiSOAR Cloud provisioning errors

If your instance does not come up even after clicking Proceed Anyway, you can try the following steps to fix the issues:

  • Restart all the services using the csadm services --restart command.
  • Manually install ansible in the case of an ansible installation error using the following command:
    sudo -u nginx /opt/cyops-workflow/.env/bin/pip install ansible==7.4.0 --extra-index-url https://repo.fortisoar.fortinet.com/prod/connectors/deps/simple/
  • If the failure screen keeps getting displayed on the FortiSOAR Cloud UI, even after you have attempted to resolve all the backend issues, then you can update the fsr-boot.json to update its state from 'failed' to 'config_vm_failure_acknowledged'.

Contact support if failures persist even after troubleshooting.

Once provisioned, click Enter to access the FortiSOAR web GUI or click WebSSH to access the FortiSOAR console to begin using FortiSOAR Cloud. For more information, see the Beginning with FortiSOAR Cloud chapter.
FortiSOAR Cloud VM Page
Important: Once the VM is provisioned successfully, you must update the correct hostname value in the "Server_fqhn" global variable. You can update Server_fqhn using by opening the playbook designer and clicking Tools > Global Variables. In the 'Global Variables' list, click the edit icon beside Server_fqhn and in the Field Value field, replace the current hostname value with fortisoar.localhost. The hostname will be <forticare_accountId>.fortisoar.forticloud.com.

Note

Only the primary account holder can create secondary account holders in FortiCloud. The secondary account holder can log in to the same instance as a restricted user. The primary account holder can modify the admin profile for the secondary user. For more information, see the Adding a secondary account chapter.
Tooltip

It is highly recommended that you set up a backup user for the FortiSOAR appliance so that, in the event you forget the 'csadmin' CLI password for CLI access and your csadmin user gets locked, you can still access the CLI using the backup user's account. For the steps to create a backup user, see the Creating a backup user for the FortiSOAR appliance to allow access to the CLI topic in the Deploying FortiSOAR chapter of the "Deployment Guide" that is part of the FortiSOAR Documentation.
Note To restrict access to your FortiSOAR instance, contact the FortiCloud team to add the IP addresses to the allowlist. Once the IP addresses are added to the allowlist, only those IP addresses can access your FortiSOAR instance.

Troubleshooting

Uniqueness error while adding a tenant in an MSSP setup using the Secure Message Exchange

The embedded Secure Message Exchange (SME) that is enabled by default in the case of FortiSOAR Cloud throws the uniqueness error only when the tenant and master are in the same Cloud region.

Resolution

Before you configure your MSSP setup, ensure that you update the name of the SME on either the master node or the tenant node.

Previous
Next

Deploying FortiSOAR Cloud

This section explains how to deploy FortiSOAR Cloud.

To deploy FortiSOAR Cloud:

  1. In the FortiCloud portal, ensure that you have a product entitlement for FortiSOAR Cloud and note your account ID number:
    FortiSOAR Cloud Entitlement in FortiCLoud Portal
    Note

    After creating a FortiCloud account, wait for 30 minutes before moving on to the next step.

  2. On the FortiCare portal, click the FortiSOAR Cloud icon in the upper-left corner to access your FortiSOAR Cloud instance.
    FortiSOAR Instance in the FortiCare portal
  3. Once you log onto FortiSOAR Cloud, you need to select the region and version of the FortiSOAR Cloud image you want to provision:
    FortiSOAR Cloud landing page
    The Account ID on the FortiSOAR Cloud portal represents the dedicated instance.
  4. Once you select the region and image version, click Submit.
    Provisioning the FortiSOAR instance
    Clicking Submit displays the following confirmation dialog:
    Confirmation Dialog for provisioning FSR Cloud
    Clicking Confirm starts the provisioning of the FortiSOAR Cloud instance, which gets provisioned in a few minutes:
    FortiSOAR Cloud provision
    During provisioning, FortiSOAR Cloud performs certain initial configuration steps that are required for FortiSOAR. Initial configuration steps include running the automated, non-interactive FortiSOAR configuration wizard, enabling the embedded Secure Message Exchange, triggering the heartbeat between FortiCloud and FortiSOAR etc.
    Note

    FortiSOAR VM provisioning is considered successful only after FortiCloud receives the first heartbeat from FortiSOAR.


    If there are any provisioning failures, such as failures while FortiSOAR Cloud is performing the initial configuration phase using the automated non-interactive FortiSOAR configuration wizard, including failures while configuring the embedded Secure Message Exchange, then a failure screen detailing the status of each configuration step is displayed, making it simpler to identify the issue. Before using FortiSOAR Cloud, you must use the CLI to fix any issues with the failed steps as their functioning might be hampered. However, if you decide to access FortiSOAR Cloud without rectifying the failed steps, a Proceed Anyway button is provided that enables you to continue using the product while acknowledging the configuration failure:
    FortiSOAR Cloud provisioning errors

If your instance does not come up even after clicking Proceed Anyway, you can try the following steps to fix the issues:

  • Restart all the services using the csadm services --restart command.
  • Manually install ansible in the case of an ansible installation error using the following command:
    sudo -u nginx /opt/cyops-workflow/.env/bin/pip install ansible==7.4.0 --extra-index-url https://repo.fortisoar.fortinet.com/prod/connectors/deps/simple/
  • If the failure screen keeps getting displayed on the FortiSOAR Cloud UI, even after you have attempted to resolve all the backend issues, then you can update the fsr-boot.json to update its state from 'failed' to 'config_vm_failure_acknowledged'.

Contact support if failures persist even after troubleshooting.

Once provisioned, click Enter to access the FortiSOAR web GUI or click WebSSH to access the FortiSOAR console to begin using FortiSOAR Cloud. For more information, see the Beginning with FortiSOAR Cloud chapter.
FortiSOAR Cloud VM Page
Important: Once the VM is provisioned successfully, you must update the correct hostname value in the "Server_fqhn" global variable. You can update Server_fqhn using by opening the playbook designer and clicking Tools > Global Variables. In the 'Global Variables' list, click the edit icon beside Server_fqhn and in the Field Value field, replace the current hostname value with fortisoar.localhost. The hostname will be <forticare_accountId>.fortisoar.forticloud.com.

Note

Only the primary account holder can create secondary account holders in FortiCloud. The secondary account holder can log in to the same instance as a restricted user. The primary account holder can modify the admin profile for the secondary user. For more information, see the Adding a secondary account chapter.
Tooltip

It is highly recommended that you set up a backup user for the FortiSOAR appliance so that, in the event you forget the 'csadmin' CLI password for CLI access and your csadmin user gets locked, you can still access the CLI using the backup user's account. For the steps to create a backup user, see the Creating a backup user for the FortiSOAR appliance to allow access to the CLI topic in the Deploying FortiSOAR chapter of the "Deployment Guide" that is part of the FortiSOAR Documentation.
Note To restrict access to your FortiSOAR instance, contact the FortiCloud team to add the IP addresses to the allowlist. Once the IP addresses are added to the allowlist, only those IP addresses can access your FortiSOAR instance.

Troubleshooting

Uniqueness error while adding a tenant in an MSSP setup using the Secure Message Exchange

The embedded Secure Message Exchange (SME) that is enabled by default in the case of FortiSOAR Cloud throws the uniqueness error only when the tenant and master are in the same Cloud region.

Resolution

Before you configure your MSSP setup, ensure that you update the name of the SME on either the master node or the tenant node.

Previous
Next