Created on
01-15-2025
06:49 AM
Edited on
01-27-2025
07:25 AM
By
Jean-Philippe_P
Description | This article describes how to allow SSL on port 555 (Core ports 555/559). |
Scope | FortiEDR. |
Solution |
Apply the below commands using PowerShell on any one Windows collector agent: Test-NetConnection <Core IP Address> -Port 559 -informationLevel Detailed
SSH to the Core and run the following commands: netstat -an | grep 555
curl -v telnet://localhost:555
Data is never sent from the collector to the core in clear text. All data is being sent over the proprietary binary protocol which is responsible for encrypting the traffic on port 555. The reason for introducing SSL encryption is for highly regulated industries and customers, where standard encryption protocols are mandatory for any application.
The following are the steps to enable SSL listener on Core:
fortiedr stop
vi /opt/FortiEDR/webapp/application.properties
core.configuration.ssl.enable=true
wq!
fortiedr start
fortiedr start
vi /opt/FortiEDR/core/Config/Core/CoreBootstrap.jsn
"GatewaySslAddress":"[CORE's external IP]:559"
wq!
fortiedr start
firewall-cmd --add-port=559/tcp
Note: A certificate is required on the Core to make communication work from Collector to Core over SSL. |