FortiEDR
FortiEDR automates the protection against advanced threats, pre and post-execution, with real time orchestrated incident response functionality.
YehonatanA
Staff
Staff
Article Id 359037
Description This article describes how to allow SSL on port 555 (Core ports 555/559).
Scope FortiEDR.
Solution

Apply the below commands using PowerShell on any one Windows collector agent: 
 

Test-NetConnection <Core IP Address> -Port 559 -informationLevel Detailed
Test-NetConnection <Core IP Address> -Port 555 -informationLevel Detailed

 

SSH to the Core and run the following commands: 
 

netstat -an | grep 555
netstat -an | grep 555

 

curl -v telnet://localhost:555
curl -v telnet://localhost:559

 

Data is never sent from the collector to the core in clear text. All data is being sent over the proprietary binary protocol which is responsible for encrypting the traffic on port 555. The reason for introducing SSL encryption is for highly regulated industries and customers, where standard encryption protocols are mandatory for any application.

 

The following are the steps to enable SSL listener on Core: 
 

  1. SSH to the Manager and stop the service using the following command:

 

fortiedr stop

 

  1. Run the following command:

 

vi /opt/FortiEDR/webapp/application.properties

 

  1. Change the below key value to true: 

 

core.configuration.ssl.enable=true 

 

  1. Save it using the following command:

 

wq! 

 

  1. Start the service:

 

fortiedr start
 

  1. SSH to the core and stop the service using the command:

 

fortiedr start

 

  1. Run the following:

 

vi /opt/FortiEDR/core/Config/Core/CoreBootstrap.jsn 

 

  1. Change the following key value: 

 

"GatewaySslAddress":"[CORE's external IP]:559" 

 

  1. Save it using this command:

 

wq!

 

  1. Start the service:

 

fortiedr start
 

  1. Open the port in the firewall:

 

firewall-cmd --add-port=559/tcp 

 

Note: A certificate is required on the Core to make communication work from Collector to Core over SSL.