FortiSIEM: Single host deployment for all components?

terasto · ‎11-14-2025

Hello everyone! The question is quite simple, regarding FortiSIEM deployment architecture (All-in-one Installation, ESXi). Is it acceptable to install Supervisor, Worker and Collector on one host? Or is this scheme not workable and each component needs to be installed separately?

aebadi · ‎11-18-2025

Hello,

You cannot add a Worker node to a single-node (All-in-One) instance. An All-in-One deployment consists only of a Supervisor and, optionally, a Collector. Adding a Worker node would change the setup and it would no longer be considered an All-in-One cluster.

For your second question: each role requires its own separate VM . one VM for the Supervisor and another VM for the Collector. However, adding a second Collector to an All-in-One is not required, since the standalone Collector can already perform both Supervisor and Collector functions.

You may still deploy a second Collector if you want to further distribute or reduce incoming traffic .

terasto · ‎11-18-2025

Hi, Aebadi

Let me clarify if I understood correctly: with an All-in-One deployment, you already have both Supervisor and Collector functionality in a single VM. Is this sufficient for Windows agents to connect and send data?

aebadi · ‎11-19-2025

Hi Terasto,

yes, you understood correctly: in an All-in-One deployment, the single VM already includes both the Supervisor and Collector functionality. This means Windows agents can connect directly to the All-in-One and send logs without requiring an additional Collector.

However, if you want to apply a Windows template, segregate traffic, or scale the environment, then you will need a separate, dedicated Collector VM.

FortiSIEM: Single host deployment for all components?

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website