Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Deployment Guide

    Home FortiSOAR Cloud 7.6.0 Deployment Guide
    7.6.0
    7.6.0
    7.5.0
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.3.1
    7.3.0
    7.2.1
    7.2.0
    7.0.2
    7.0.1
    7.0.0

    Deploying FortiSOAR Cloud

    Deploying FortiSOAR Cloud

    This section provides instructions on deploying FortiSOAR Cloud.

    To deploy FortiSOAR Cloud:

    1. Ensure that you have a product entitlement for FortiSOAR Cloud and note your account ID number in the FortiCloud portal:
      FortiSOAR Cloud Entitlement in FortiCLoud Portal
      Note

      Wait for 30 minutes after creating a FortiCloud account before proceeding to the next step.

    2. Access your FortiSOAR Cloud instance by clicking Services on the FortiCloud portal, and then selecting FortiSOAR Cloud from the Cloud Management section:
      FortiSOAR Instance in the FortiCare portal
    3. Once you log onto FortiSOAR Cloud, from the left menu select the 'Master' FortiSOAR account. This displays all the information associated with this account including the dedicated instance's Account ID:
      FortiSOAR FortiCloud portal - Assets list
    4. In the Asset section, click Provision next to the license serial number of the FortiSOAR instance you wish to provision. This opens the Provision Service page, where you can choose the Region for provisioning the instance:
      FortiSOAR Cloud Portal - Provision Service
    5. Once you select the region, click Submit. Clicking Submit opens the following confirmation dialog:
      Confirmation Dialog for provisioning FSR Cloud
    6. Clicking Confirm opens an Acceptance of Terms and Policies dialog:
      FSR Cloud Provisioning - Terms and Policies dialog
      Select the Terms and Policies and click Accept to initiates the provisioning of the FortiSOAR instance. The provisioning process takes a few minutes:
      FortiSOAR Cloud provision
      During provisioning, initial configuration steps for FortiSOAR are performed. These steps include running the automated, non-interactive FortiSOAR configuration wizard, enabling the embedded Secure Message Exchange, triggering the heartbeat between FortiCloud and FortiSOAR, and installing the selected license.
      NOTE: Static IP configuration in FortiSOAR Cloud deployment is supported, which provides certain benefits including a smoother disaster recovery. For the process of Setting a static IP, see the Deploying FortiSOAR chapter of the "Deployment Guide" that is part of the FortiSOAR Documentation.
      Note

      FortiSOAR VM provisioning is considered successful only after FortiCloud receives the first heartbeat from FortiSOAR.


      If there are any provisioning failures, such as failures during the initial configuration phase using the automated non-interactive FortiSOAR configuration wizard, including failures while configuring the embedded Secure Message Exchange, then a failure screen detailing the status of each configuration step is displayed, making it simpler to identify the issue. Before using FortiSOAR Cloud, you must use WebSSH to fix any issues with the failed steps as their functioning might be hampered. However, if you choose to access FortiSOAR Cloud without rectifying the failed steps, which can cause FortiSOAR functionality to deteriorate, a Proceed Anyway button is provided that lets you to use the product while acknowledging the configuration failure:
      FortiSOAR Cloud provisioning errors

    If your instance is not accessible even after clicking Proceed Anyway, you can try the following steps to fix the issues:

    • Restart all the services using the csadm services --restart command.
    • Manually install ansible in the case of an ansible installation error using the following command:
      sudo -u nginx /opt/cyops-workflow/.env/bin/pip install ansible==7.4.0 --extra-index-url https://repo.fortisoar.fortinet.com/prod/connectors/deps/simple/
    • If the failure screen keeps getting displayed on the FortiSOAR Cloud UI, even after you have attempted to resolve all the backend issues, then you can update the fsr-boot.json to update its state from 'failed' to 'config_vm_failure_acknowledged'.

    Contact support if failures persist even after troubleshooting.

    Once provisioned successfully access the FortiSOAR web GUI by clicking Login or click WebSSH to access the FortiSOAR console to begin using FortiSOAR Cloud. For more information, see the Beginning with FortiSOAR Cloud chapter.
    FortiSOAR Cloud VM Page

    Important notes to be considered before starting to use FortiSOAR Cloud instance:

    • After provisioning the FortiSOAR Cloud instance, it is highly recommended that you log in to the WebSSH interface and immediately change the default 'csadmin' user's password. This step enhances the security of your FortiSOAR Cloud instances.
    • Only the primary account holder can create secondary account holders in FortiCloud. Secondary account holders can log in as restricted users to the same instance. The primary account holder can modify the admin profile for the secondary user. For more information, see the Adding a secondary account chapter.
    • It is highly recommended to set up a backup user for the FortiSOAR appliance. This allows access to the CLI in case the 'csadmin' CLI password is forgotten or the csadmin user gets locked. For the steps to create a backup user, see the Creating a backup user for the FortiSOAR appliance to allow access to the CLI topic in the Deploying FortiSOAR chapter of the "Deployment Guide" that is part of the FortiSOAR Documentation.
    • To restrict access to your FortiSOAR instance, contact the FortiCloud team to add IP addresses to the allowlist. Once added, only those IP addresses can access your FortiSOAR instance.

    Troubleshooting

    Uniqueness error when adding a tenant in an MSSP setup using the Secure Message Exchange

    The embedded Secure Message Exchange (SME) that is enabled by default in the case of FortiSOAR Cloud throws the uniqueness error only when the tenant and master nodes are located in the same Cloud region.

    Resolution

    To resolve this issue, make sure to update the name of the SME on either the master node or the tenant node before configuring your MSSP setup.

    Previous
    Next

    Deploying FortiSOAR Cloud

    Deploying FortiSOAR Cloud

    This section provides instructions on deploying FortiSOAR Cloud.

    To deploy FortiSOAR Cloud:

    1. Ensure that you have a product entitlement for FortiSOAR Cloud and note your account ID number in the FortiCloud portal:
      FortiSOAR Cloud Entitlement in FortiCLoud Portal
      Note

      Wait for 30 minutes after creating a FortiCloud account before proceeding to the next step.

    2. Access your FortiSOAR Cloud instance by clicking Services on the FortiCloud portal, and then selecting FortiSOAR Cloud from the Cloud Management section:
      FortiSOAR Instance in the FortiCare portal
    3. Once you log onto FortiSOAR Cloud, from the left menu select the 'Master' FortiSOAR account. This displays all the information associated with this account including the dedicated instance's Account ID:
      FortiSOAR FortiCloud portal - Assets list
    4. In the Asset section, click Provision next to the license serial number of the FortiSOAR instance you wish to provision. This opens the Provision Service page, where you can choose the Region for provisioning the instance:
      FortiSOAR Cloud Portal - Provision Service
    5. Once you select the region, click Submit. Clicking Submit opens the following confirmation dialog:
      Confirmation Dialog for provisioning FSR Cloud
    6. Clicking Confirm opens an Acceptance of Terms and Policies dialog:
      FSR Cloud Provisioning - Terms and Policies dialog
      Select the Terms and Policies and click Accept to initiates the provisioning of the FortiSOAR instance. The provisioning process takes a few minutes:
      FortiSOAR Cloud provision
      During provisioning, initial configuration steps for FortiSOAR are performed. These steps include running the automated, non-interactive FortiSOAR configuration wizard, enabling the embedded Secure Message Exchange, triggering the heartbeat between FortiCloud and FortiSOAR, and installing the selected license.
      NOTE: Static IP configuration in FortiSOAR Cloud deployment is supported, which provides certain benefits including a smoother disaster recovery. For the process of Setting a static IP, see the Deploying FortiSOAR chapter of the "Deployment Guide" that is part of the FortiSOAR Documentation.
      Note

      FortiSOAR VM provisioning is considered successful only after FortiCloud receives the first heartbeat from FortiSOAR.


      If there are any provisioning failures, such as failures during the initial configuration phase using the automated non-interactive FortiSOAR configuration wizard, including failures while configuring the embedded Secure Message Exchange, then a failure screen detailing the status of each configuration step is displayed, making it simpler to identify the issue. Before using FortiSOAR Cloud, you must use WebSSH to fix any issues with the failed steps as their functioning might be hampered. However, if you choose to access FortiSOAR Cloud without rectifying the failed steps, which can cause FortiSOAR functionality to deteriorate, a Proceed Anyway button is provided that lets you to use the product while acknowledging the configuration failure:
      FortiSOAR Cloud provisioning errors

    If your instance is not accessible even after clicking Proceed Anyway, you can try the following steps to fix the issues:

    • Restart all the services using the csadm services --restart command.
    • Manually install ansible in the case of an ansible installation error using the following command:
      sudo -u nginx /opt/cyops-workflow/.env/bin/pip install ansible==7.4.0 --extra-index-url https://repo.fortisoar.fortinet.com/prod/connectors/deps/simple/
    • If the failure screen keeps getting displayed on the FortiSOAR Cloud UI, even after you have attempted to resolve all the backend issues, then you can update the fsr-boot.json to update its state from 'failed' to 'config_vm_failure_acknowledged'.

    Contact support if failures persist even after troubleshooting.

    Once provisioned successfully access the FortiSOAR web GUI by clicking Login or click WebSSH to access the FortiSOAR console to begin using FortiSOAR Cloud. For more information, see the Beginning with FortiSOAR Cloud chapter.
    FortiSOAR Cloud VM Page

    Important notes to be considered before starting to use FortiSOAR Cloud instance:

    • After provisioning the FortiSOAR Cloud instance, it is highly recommended that you log in to the WebSSH interface and immediately change the default 'csadmin' user's password. This step enhances the security of your FortiSOAR Cloud instances.
    • Only the primary account holder can create secondary account holders in FortiCloud. Secondary account holders can log in as restricted users to the same instance. The primary account holder can modify the admin profile for the secondary user. For more information, see the Adding a secondary account chapter.
    • It is highly recommended to set up a backup user for the FortiSOAR appliance. This allows access to the CLI in case the 'csadmin' CLI password is forgotten or the csadmin user gets locked. For the steps to create a backup user, see the Creating a backup user for the FortiSOAR appliance to allow access to the CLI topic in the Deploying FortiSOAR chapter of the "Deployment Guide" that is part of the FortiSOAR Documentation.
    • To restrict access to your FortiSOAR instance, contact the FortiCloud team to add IP addresses to the allowlist. Once added, only those IP addresses can access your FortiSOAR instance.

    Troubleshooting

    Uniqueness error when adding a tenant in an MSSP setup using the Secure Message Exchange

    The embedded Secure Message Exchange (SME) that is enabled by default in the case of FortiSOAR Cloud throws the uniqueness error only when the tenant and master nodes are located in the same Cloud region.

    Resolution

    To resolve this issue, make sure to update the name of the SME on either the master node or the tenant node before configuring your MSSP setup.

    Previous
    Next