Help
FortiSIEM Discussions
KarlH
Contributor II

Created on ‎03-12-2025 11:43 AM Edited on ‎03-12-2025 11:44 AM

A Collector needs to martial Linux agents and Windows agents.

Hello,

Should two proxy files be run?

 

How should all this be executed for the different OS's?

 

Is there one proxy conf file that handles both system types? or do I run two different conf files.

 

 

The linux proxy is supposed to look like this :

 

ProxyPass /phoenix/rest/register/linuxAgent https://{actual IP address of the Supervisor node}/phoenix/rest/register/linuxAgent

ProxyPassReverse /phoenix/rest/register/linuxAgent https://{actual IP address of the Supervisor node}/phoenix/rest/register/linuxAgent

 

ProxyPass /phoenix/rest/linuxAgent/update https://{actual IP address of the Supervisor node}/phoenix/rest/linuxAgent/update

ProxyPassReverse /phoenix/rest/linuxAgent/update https://{actual IP address of the Supervisor node}/phoenix/rest/linuxAgent/update

 

SSLProxyEngine on

SSLProxyVerify none

SSLProxyCheckPeerCN off

SSLProxyCheckPeerExpire off

-------------------------------------------------------------------------------------------------------------------------------

 

The Windows Proxy is supposed to look like this

ProxyPass /phoenix/rest/register/windowsAgent https://<Supervisor IP Address>/phoenix/rest/register/windowsAgent
ProxyPassReverse /phoenix/rest/register/windowsAgent https://<Supervisor IP Address>/phoenix/rest/register/windowsAgent
ProxyPass /phoenix/rest/windowsAgent/update https://<Supervisor IP Address>/phoenix/rest/windowsAgent/update
ProxyPassReverse /phoenix/rest/windowsAgent/update https://<Supervisor IP Address>/phoenix/rest/windowsAgent/update
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerExpire off

#Required for upgrade Windows Agent on FortiSIEM 6.4.0+

ProxyPass /WinAgentUpgrade/FSMLogAgent.exe https://<Supervisor IP Address>/WinAgentUpgrade/FSMLogAgent.exe
ProxyPassReverse /WinAgentUpgrade/FSMLogAgent.exe https://<Supervisor IP Address>/WinAgentUpgrade/FSMLogAgent.exe

ProxyPass /WinAgentUpgrade/AutoUpdate.exe https://<Supervisor IP Address>/WinAgentUpgrade/AutoUpdate.exe
ProxyPassReverse /WinAgentUpgrade/AutoUpdate.exe https://<Supervisor IP Address>/WinAgentUpgrade/AutoUpdate.exe

#Required for Windows Agent 5.0.0 or later

ProxyPass /phoenix/rest/device/update https://<Supervisor IP Address>/phoenix/rest/device/update
ProxyPassReverse /phoenix/rest/device/update https://<Supervisor IP Address>/phoenix/rest/device/update

#Required for Windows Agent 7.1.0 or later

ProxyPass /phoenix/rest/osquery/result https://<Supervisor IP Address>/phoenix/rest/osquery/result
ProxyPassReverse /phoenix/rest/osquery/result https://<Supervisor IP Address>/phoenix/rest/osquery/result

 

 

Can some one please enlighten me? are we meant to run two different files? or somehow make one file with an if than else that looks at the OS?

 

Thanks in advance all!

 

~Karl

Karl Henning, Security Engineer, CISSP
Karl Henning, Security Engineer, CISSP
Labels:
499
0 Kudos
5 REPLIES 5
Stephen_G
Moderator
Moderator

Created on ‎03-16-2025 02:52 PM

Hello,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Stephen - Fortinet Community Team
454
Arjunpatil
New Contributor
In response to Stephen_G

Created on ‎06-10-2025 03:53 AM

Hi Stephan,

Could you please update on query raised by Karl?

 

278
0 Kudos
Stephen_G
Moderator
Moderator
In response to Arjunpatil

Created on ‎06-10-2025 04:32 AM

Hi Arjunpatil,

 

Sorry it took so long to get back on this thread. 

 

To add a proxy for both Linux and Windows, you can add all of the lines in agent-proxy.conf on the collector. I hope that helps!

Stephen - Fortinet Community Team
269
Arjunpatil
New Contributor
In response to Stephen_G

Created on ‎06-10-2025 04:37 AM

Hi @Stephen_G ,

Thank you for quick reply on this.

So while adding both lines in single file can you please help me with command to add those on collector with Hyper-V image?
or please let me know if we can run below curl command on collector to replace super IP?
curl https://gitlab.com/-/snippets/4805419/raw/main/agent-proxy.conf -o /etc/httpd/conf.d/agent-proxy.conf; sed -i "s/<Supervisor IP Address>/super IP/" /etc/httpd/conf.d/agent-proxy.conf; cat /etc/httpd/conf.d/agent-proxy.conf

263
0 Kudos
Stephen_G
Moderator
Moderator
In response to Arjunpatil

Created on ‎06-10-2025 04:44 AM

Hi Arjunpatil,

 

Sorry, I don't think I can help you with that. :( I recommend you create a new post in FortiSIEM discussions (the current forum) - you'll be more likely to receive a reply for your setup.

 

 

Stephen - Fortinet Community Team
257
0 Kudos
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.