Technical Tip: How to allow SSL on port 559 (Changing the Core list port from 555 to 559)
| Description | This article describes how to allow SSL on port 559 (Changing the Core list port from 555 to 559). |
| Scope | FortiEDR On-Prem Manager v6.2.x/v7.2.x and On-Prem Core v6.0.x/v6.1.x |
| Solution | Apply the commands below using PowerShell on any one Windows collector agent to verify on which port the Core is listening: Test-NetConnection <Core IP Address> -Port 559 -informationLevel Detailed
SSH to the Core and run the following commands to verify on which port the Core is listening: netstat -an | grep 555
curl -v telnet://localhost:555
Data is never sent from the collector to the core in clear text. All data is being sent over the proprietary binary protocol, which is responsible for encrypting the traffic on port 555. The reason for introducing SSL encryption is for highly regulated industries and customers, where standard encryption protocols are mandatory for any application.
The following are the steps to enable an SSL listener on Core over port 559:
fortiedr stop
vi /opt/FortiEDR/webapp/application.properties
core.configuration.ssl.enable=true
:wq!
fortiedr start
fortiedr stop
vi /opt/FortiEDR/core/Config/Core/CoreBootstrap.jsn
"GatewaySslAddress":"[CORE's external IP]:559"
:wq!
firewall-cmd --add-port=559/tcp
Note: A certificate is required on the Core to make communication work from Collector to Core over SSL. |