If a Linux server is not connected to the Internet and the FortiEDR collector needs to connect to an on-premise FortiEDR aggregator, the script attached in this article can be used with a slight modification to update FortiEDR aggregator address, especially in a hybrid environment.

To use the script, download and edit the script file by replacing values as below:

• 'dev_reg_password' with device registration password. This can be found in Administration -> Tools -> Component Authentication -> Display.
• 'original_aggr_addr' with the original aggregator address defined in /opt/FortiEDRCollector/Config/Collector/CollectorBootstrap.jsn file.
• 'new_aggr_addr' with the new aggregator address.