Help
FortiSIEM Discussions
Levi_Li
New Contributor

Created on ‎11-13-2024 07:55 PM

Can Supervisor, collectors and Agents connect by Internet?

We are in POC state and what my expect framework is supervisor, collectors and agents all communicate via Internet, because the VMs and network devices we managed seperate in different physical location and they can only reach each other through the Internet, but it seems not working if I just NAT them to make sure they can ping and telnet :443 to each other. So I am wondering if there is any further configure requirement we have to do?

312
0 Kudos
1 Solution
Secusaurus
Contributor II
In response to Levi_Li

Created on ‎11-14-2024 10:21 PM

Hello @Levi_Li,

 

We are MSSP and managing multiple customers with our supervisor being on the other side of the internet. So yes, this is a very common setup.

 

Note, that in a PoC, an SE should probably be the right person to speak to for deeper questions. 

 

If it is not working for you, you probably missed configuring the cluster setup settings (Admin - Settings - Cluster Setup). Here, you define the public (not internal) IPs, or better, FQDNs of the Supervisor and Workers (or, if no workers, the public one of the Supervisor again). After you initially set up a Collector or Agent, they will receive this value and connect to these IPs/FQDNs, regardless of what you used for the initial connection (reason is, that you are able to change that in future without having to SSH to the Collectors). If it is unset, at the onboarding process, the private IP will be submitted for this purpose.

You obviously need to set this before connecting Collectors or Agents.

 

Hope that helps.

 

Best,

Christian

FCP & FCSS Security Operations | Fortinet Advanced Partner

View solution in original post

FCP & FCSS Security Operations | Fortinet Advanced Partner
257
4 REPLIES 4
premchanderr
Staff
Staff

Created on ‎11-13-2024 09:32 PM

Hi Levi,

You can configure agents to send logs to collector and then collector to supervisor. This is feasible via internet and recommended approach.

Ensure that all ports are open for required traffic:
https://docs.fortinet.com/document/fortisiem/7.2.4/external-systems-configuration-guide/824175/forti...

Regards,
Prem Chander R
301
0 Kudos
Levi_Li
New Contributor
In response to premchanderr

Created on ‎11-14-2024 06:36 PM

Hi,
Thanks for the replay,
Let me try to describe more about my question.
What I have done :
1. set supervisor ip(eth0) as 10.1.111.110
2. set collector ip(eth0) as 192.168.3.111
3. nat superviser and collector with public IPs
4. allow service port to 'any' for any of them connect to each other
5. PING and TELNET 443 port is success from both side to the other

6. New a collector in supervisor named : Collector_V3

7. Use "phProvisionCollector --add admin '<password>' <Supervisor public IP> super Collector_V3" on collector and it says "Register success, waiting for reboot."

What I encountered :

1. Always shows 'No Connection' on Health in Supervisor

2. Collector stick in "Register success, waiting for reboot." but never reboot.

3. I can see Collector keep start connection with supervisor's public IP on firewall

What I want to confirm :

Is there any configuration I missed? Tf so, please give me further advice or guides. Or it's a funcation limitation?

Thank you!!

264
0 Kudos
Secusaurus
Contributor II
In response to Levi_Li

Created on ‎11-14-2024 10:21 PM

Hello @Levi_Li,

 

We are MSSP and managing multiple customers with our supervisor being on the other side of the internet. So yes, this is a very common setup.

 

Note, that in a PoC, an SE should probably be the right person to speak to for deeper questions. 

 

If it is not working for you, you probably missed configuring the cluster setup settings (Admin - Settings - Cluster Setup). Here, you define the public (not internal) IPs, or better, FQDNs of the Supervisor and Workers (or, if no workers, the public one of the Supervisor again). After you initially set up a Collector or Agent, they will receive this value and connect to these IPs/FQDNs, regardless of what you used for the initial connection (reason is, that you are able to change that in future without having to SSH to the Collectors). If it is unset, at the onboarding process, the private IP will be submitted for this purpose.

You obviously need to set this before connecting Collectors or Agents.

 

Hope that helps.

 

Best,

Christian

FCP & FCSS Security Operations | Fortinet Advanced Partner
FCP & FCSS Security Operations | Fortinet Advanced Partner
258
Levi_Li
New Contributor
In response to Secusaurus

Created on ‎11-18-2024 09:47 PM

 

Thank you so much!

After editing supervisor and workers IPs with public, everything goes well.

I didn't get this answer form this POC's SE, he keeps telling us this can't be done.

But I'm very happy we made it eventually! 

204
0 Kudos
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.