FortiEDR
FortiEDR automates the protection against advanced threats, pre and post-execution, with real time orchestrated incident response functionality.
YehonatanA
Staff
Staff
Article Id 370121
Description

 

This article describes how to perform connectivity tests from a collector to the core and aggregator using 'Connect to Device'.

 

Scope

 

FortiEDR.

 

Solution

 

Testing the connectivity of collectors to key system components (Core and Aggregator) can be critical for troubleshooting and ensuring proper system functionality. This process can be performed directly from the Management Console using the "Connect to Device" option.

 

Steps to Perform a connectivity test using 'Connect to Device':

 

Follow the steps below to test connectivity:

  1. Navigate to Connect to Device
  • Go to Management Console → Inventory → Collectors.
  • Select the desired collector and select 'Connect to Device'.

Connect to Device.png

  1. Open Command Line in the Terminal Window
  • Once the terminal window opens, type '%cmd' (case-sensitive) and press <Enter>.
  • This opens a command line interface within the terminal.

cmd.png

  1. Run Basic Connectivity Test
  • Use the ping command to test basic connectivity for the core and aggregator IPs. For example:

 

ping 8.8.8.8

 

  1. Test Connectivity to System Components Using PowerShell
  • If the device has PowerShell installed, run the following commands for detailed connectivity tests:
    • To test connectivity to the Aggregator:

 

powershell Command "Test-NetConnection <Aggregator FQDN or IP Address> -Port 8081 -InformationLevel Detailed"

 

TestNetConnection.png

    • To test connectivity to the Core:

powershell Command "Test-NetConnection <Core FQDN or IP Address> -Port 555 -InformationLevel Detailed"

 

  • Note: If PowerShell is not installed on the device, an error may occur.

 

Additional Commands Using 'Connect to Device'.

 

The Connect to Device terminal also makes it possible to execute predefined or custom commands. Below are some useful examples:

  1. Service Management Commands
  • Stop the Collector Service:

 

"C:\Program Files\Fortinet\FortiEDR\FortiEDRCollectorService.exe" --stop

 

This will prompt for the registration password available in the Management Console under Administration → Tools.

 

  • Start the Collector Service:

 

"C:\Program Files\Fortinet\FortiEDR\FortiEDRCollectorService.exe" --start

 

  • Check Service Status:

 

"C:\Program Files\Fortinet\FortiEDR\FortiEDRCollectorService.exe" --status

 

status command.png

 

  1. Generate Collector Logs

 

"C:\Program Files\Fortinet\FortiEDR\FortiEDRCollectorService.exe" --support

 

Important notes:

  • For Windows devices, the terminal supports predefined commands, standard Windows command line commands, and Python commands.
  • When entering a file path, ensure the full path is specified (e.g., C:\MyDirectory or C:\MyDirectory\MyFile.bat).
  • Predefined commands can be viewed in the terminal’s Help menu.

 

Additional resources:

For further commands and information, click on the 'Help' icon in the 'Connect to Device' window. 

 

For more details, refer to the official Fortinet documentation: