Deploying FortiSOAR on a Docker platform
You can deploy FortiSOAR on Docker platforms such as VMware ESX or AWS. This allows you to easily provision FortiSOAR into your microservice's architecture and use it as cloud-native and DevOp-enabled.
FortiSOAR also has a management extension (MEA) (Docker image) that is built with FortiAnalyzer and FortiManager. To learn more about the FortiAnalyzer MEA, see the FortiAnalyzer documentation; to learn more about the FortiManager MEA, see the FortiManager documentation.
The following topics introduce how to deploy the FortiSOAR image on Docker.
Planning
Prerequisites
To deploy the FortiSOAR image on Docker, you must have already installed Docker in your environment. If not, refer to the Docker official website for Docker installation instructions: https://docs.docker.com/.
To check whether Docker has been successfully installed, run docker version
.
For resource requirement specifications, see the Deploying FortiSOAR chapter.
System Requirements
Supported Hypervisors
- Docker Engine CE 18.09.1 or higher versions, and the equivalent Docker Engine EE versions.
For best performance in hypervisor deployments, install FortiSOAR on a “bare metal” (Type 1) hypervisor. Hypervisors that are installed as applications on top of a general-purpose operating system (Windows, Mac OS X, or Linux) host have fewer computing resources available due to the host OS’s own overhead. To ensure high performance, it is recommended to deploy FortiSOAR on machine types with a minimum of 8 vCPUs and a memory size larger than 32 GB. |
Downloading the FortiSOAR Docker image
You can download the required FortiSOAR Docker image from the support portal.
To download the FortiSOAR Docker image, do the following:
- Log on to support.fortinet.com.
- Click Support > Firmware Download.
- On the
Fortinet Firmware Images And Software Releases
page, from the Select Product drop-down list, select FortiSOAR.
The page contains information about released versions of FortiSOAR images, and contains two tabs: Release Notes and Downloads.
To view the Release Notes for a particular version, click the version and build number link, which opens the FortiSOAR Document Library, from where you can view or download the release notes for that particular version. - To download the Docker image, do the following:
- Click the Download tab.
- Navigate through the directory structure to open the page containing the required images. For example, to download a Docker image for version 7.3.0, click v7.00 > 7.3 > 7.3.0 and locate the required Docker image. For example,
fortisoar-docker-7.3.0-<build_number>.tar.gz
- Download the Docker image by clicking the HTTPS link.
An HTTPS connection is used to download the Docker image. - Click the Checksum link for the image that you have downloaded.
The image file name and checksum code are displayed in theGet Checksum Code
dialog box. - Confirm that the checksum of the downloaded image file matches the checksum provided on the download site.
Deploying the FortiSOAR Docker image
- Load the downloaded Docker image using the following command:
docker load -i <image-path>
- Download the FortiSOAR Docker installer from
https://repo.fortisoar.fortinet.com/7.3.0/install-fortisoar-docker-7.3.0.bin
- Extract the default
fortisoar.env
file using the following command:./install-fortisoar-docker-7.3.0.bin --export-default-env
NOTE: This command exports thefortisoar.env
file to the current directory. - Update the
fortisoar.env
file as per your environment. For more information, see Understanding thefortisoar.env
file topic. - Once you have updated the
fortisoar.env
file, run the following command:./install-fortisoar-docker-7.3.0.bin --env-file fortisoar.env
NOTE: Thefortisoar.env
file is an important configuration file. Therefore, it is recommended that you take a backup of this file for future reference. - To connect to FortiSOAR Docker using SSH, use the following CLI:
docker exec -it <FSR container id or name> bash
Understanding the fortisoar.env
file
The FortiSOAR Docker installer uses the fortisoar.env
file for information for FortiSOAR container configuration. You can use the FortiSOAR installer to export the default configuration using the following command:./install-fortisoar-docker-7.3.0.bin --export-default-env
Sample fortisoar.env
file:
# cat fortisoar.env # # Do not use space before or after of = # You can retrieve the image id by executing the 'docker images' command
# IMAGE_ID=1xxxxxxxxxx PROJECT_NAME=fortisoar HOSTNAME_DOCKER_HOST=docker-host.myorg.mydomain HOSTNAME_CONTAINER=fsr-container.myorg.mydomain PORT_UI=443 PORT_SME=5671 # RAM in GB RAM=32 CPUS=8 IP_REPO=10.1xx.2xx.1xx HOSTNAME_REPO=fortisoar-offline.myorgdomain IPV6=false #
Configurable parameters of the fortisoar.env
file:
-
IMAGE_ID
: The image ID of your FortiSOAR Docker image. You can find the image ID usingdocker images
. PROJECT_NAME
: The identifier for your FortiSOAR container resources. The FortiSOAR installer creates the container name as '<PROJECT_NAME>_fortisoar_1
', and names all the required volumes as '<PROJECT_NAME>_fortisoar_*
'.HOSTNAME_DOCKER_HOST
: The DNS of the Docker host, which is added by default to the self-signed certificate SAN list.HOSTNAME_CONTAINER
: The DNS of the Docker host, which is added by default to the self-signed certificate SAN list.
NOTE: The value of this parameter is set as the default hostname of the Docker.PORT_UI
: The host port of the Docker used to access the FortiSOAR UI. The traffic on this Docker host port is forwarded by the Docker to the container port 443. For example, if you set thePORT_UI
as 5443 (default), then you can access FortiSOAR athttps://<HOSTNAME_DOCKER_HOST>:5443/
.PORT_SME
: By default, the FortiSOAR Docker image enables the embedded SME. ThePORT_SME
is the host port of the Docker to access the TCP port of the embedded SME. The traffic on this Docker host port is forwarded by Docker to the container port 5671.RAM
: The value of the RAM (in GB) of the FortiSOAR container.CPUS
: The number of CPUs for the FortiSOAR container.IP_REPO
: Only applicable if you are using offline repository for FortiSOAR. This parameter refers to IP address of the offline repository. The/etc/hosts
file of the container contains the following entry:<IP_REPO> repo.fortisoar.fortinet.com
HOSTNAME_REPO
: Only applicable if you are using offline repository for FortiSOAR. This parameter refers to hostname of the offline repository. For offline repository, you must update the CA bundle/chain of the offline repository certificate in the container using the following steps:# docker cp <offline-repo-certificate-CA-bundle> <FortiSOAR-container-name>:/etc/pki/ca-trust/source/anchors/
# docker exec -ti <FortiSOAR-container-name> bash -c "update-ca-trust force-enable"
# docker exec -ti <FortiSOAR-container-name> bash -c "update-ca-trust extract"IPV6
: This parameter determines whether or not IPv6 should be enabled for the docker. Specify true to enable IPv6 after you have ensured that the docker runtime is able to assign IPv6 to the FortiSOAR container.
Running the FortiSOAR Docker
Prerequisites
If your Docker runtime uses SELinux, ensure you enable the 'setsebool
' parameter before starting the FortiSOAR Docker as follows:setsebool -P container_manage_cgroup 1
Mode of running the FortiSOAR Docker
The FortiSOAR Docker runs in the 'non-privileged' mode. The following default privileges are assigned to the FortiSOAR, which are also applied, by default, to your FortiSOAR instance:
SYS_ADMIN
: Required for bind mounting/tmp
on/var/tmp
and for varioussystemd
services.SYS_RAWIO
: Required for running ‘dmidecode
’ and for varioussystemd
services.SYS_TIME
: Required for running 'ntpd
'.SYS_PTRACE
: Required for running 'systemd-journal
'.
Operations that are unsupported on the FortiSOAR Docker
- High availability is not supported on the Docker for FortiSOAR. Therefore, it is recommended that you do not run the '
csadm ha
' commands on the Docker for FortiSOAR.
Frequently Asked Questions
How to clean up the FortiSOAR container?
To clean up the FortiSOAR container, run the following commands:
docker stop <container id> docker rm <container id> docker volume prune
What happens if users re-installs the FortiSOAR container without removing its volumes?
If users re-installs the FortiSOAR container without removing its volumes, then the FortiSOAR container is restored from its last saved state.
How to resolve the issue of Elasticsearch-based recommendations not working on a FortiSOAR instance on a Docker platform?
By default, Elasticsearch-based recommendations do not work on a FortiSOAR Docker instance due to size limitations. To know more about Elasticsearch-based recommendations, see the Recommendation Engine topic in the Application Editor
chapter of the "Administration Guide".
To use Elasticsearch-based recommendations, you must increase the memory allocated to Elasticsearch to 4 GB, using the following steps:
- Update the value of the following parameters in the
/etc/elasticsearch/jvm.options.d/fsr.options
file to 4 GB:-Xms4g
-Xmx4g
- Restart the Elasticsearch service using the following command:
systemctl restart elasticsearch
- Reindex Elasticsearch data using the following command:
sudo -u nginx php /opt/cyops-api/bin/console app:elastic:create --sync=true
Now, you should be able to view Elasticsearch-based recommendations on your FortiSOAR Docker instance.