FortiSRA appliance setup

Before using FortiSRA-VM, you need to install the KVM or the VMware application to host the FortiSRA-VM device. The installation instructions for FortiSRA-VM assume you are familiar with KVM or the VMware products and terminology.

FortiSRA-VM image installation and initial setup

After FortiSRA is installed, FortiSRA listens using the following default ports:

• HTTPS GUI: 443

• Web proxy: 8080

  (If web proxy is enabled)

Ensure that ports 443 and 8080 are open if using a firewall before FortiSRA.

Once FortiSRA-VM is powered on:

1. At the login prompt, enter admin and hit Enter.

   By default, there is no password, however, a password must be set before you can proceed. Enter and confirm the new administrator password.

2. At the CLI prompt, enter show system storage to verify the disk usage type for the two added hard disks. The output looks like the following:

   Administrators need to configure a dedicated FortiSRA video disk for video recording.

   Two hard disks and two virtual network interface cards need to be added to the VM in VM manager before FortiSRA image installation.

   config system storage

   edit "HD1"

   set status enable

   set media-status enable

   set order 1

   set partition "LOGUSEDXDE8326F6"

   set device "/dev/vda1"

   set size 20023

   set usage log

   next

   edit "HD2"

   set status enable

   set media-status enable

   set order 2

   set partition "PAMVIDEOB471724F"

   set device "/dev/vdb1"

   set size 20029

   set usage video

   next

   end

3. Enter the following CLI commands to set up FortiSRA:

   config system interface

   edit "port1"

   set ip 172.16.x.x/x #Depending on your network setting

   set type physical

   set snmp-index 1

   next

   edit "port2"

   set ip x.x.x.x/x

   set type physical

   set snmp-index 2

   next

   end

   config router static

   edit 1

   set gateway x.x.x.x

   set device "port1"

   next

   end

   When upgrading a FortiSRA instance, use the following CLI command to enable synchronizing the virtual IP address to the IP address of the external interface: Example config firewall vip set intf-ip-sync enable set extintf "port1" #The interface connected to the source network that receives the packets forwarded to the destination network. end When installing a new FortiSRA instance, the synchronization happens automatically.

4. Optionally, enable TPM or vTPM. See FortiSRA with TPM.
5. Optionally, to encrypt disk to protect logs and videos, see Configuring log and video disk encryption.
6. On a web browser, go to https://172.16.xxx.xxx to access FortiSRA GUI.

   To upload the FortiSRA license file, see Uploading the license file to FortiSRA-VM.

7. Optionally, enable displaying a login disclaimer message to show the last successful or failed login date and time:

     config system global
      set post-login-banner enable
     end

   For a detailed example on setting up the login disclaimer using the CLI console, see Disclaimers via the CLI.

   To set up the login disclaimer using the GUI, see the Login Disclaimer option in System > Settings.

8. After logging in to the FortiSRA GUI, go to Log & Report > Email Alert Settings, and:
   1. Select Enable Email Notification.
   2. Add receiver email addresses for critical system notifications in the Critical System Notification tab.

      See Email alert settings and Email alert when the glass breaking mode is activated example.

To update a firmware image:

1. Enter maintenance mode. See Maintenance mode.
2. In the user dropdown on the top-right, go to System > Firmware.

   The Firmware Management window opens.

3. Go to File Upload:
   1. Select Browse, then locate the image.out FortiSRA firmware image on your local computer.
   2. Click Open.
4. Click Confirm and Backup Config. FortiSRA then reboots and the firmware has been updated.

   FortiSRA may take few minutes to reboot.