Dears
I want to install the agent V 5 to server operating with windows server 2008 R2 and the our Fortisiem Version is 7
we are facing the issue as you see blow and communication with the super server is allowed
few things to check:
1) is there connectivity to the Super on TCP/443
2) Credential - are you using an agent admin account to register or a normal admin account?
3) make sure the user, password and the org is correct
https://docs.fortinet.com/document/fortisiem/7.0.3/windows-agent-5-x-x-installation-guide/547950/for...
@FSM_FTNT why do we need to allow supervisor port 443 for outgoing from windows agent?
Even when collector is acting as proxy?
Need a way out, as this defeats the purpose of collector setup.
I know supervisor does below agent management jobs:
- Status update to supervisor
- Registration to supervisor
However when we make collector as proxy, everything should be handled by collector itself.
That is correct, if using a proxy on the Collector it should not need access to the Super directly, the Collector can proxy the comms from Agent to Super.
Created on 04-15-2024 12:17 AM Edited on 04-15-2024 02:52 AM
What can be done for this?
I have added proxy file in collector and even I can install agent using collector FQDN.
But then when i check registry values Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Fortinet\FortiSIEM the element supers have supervisor FQDN which I have not mentioned anywhere while installing agent.
Hi @bhinangt ,
Make sure during the installation the Supervisor IP/DNS is set as the collector IP or DNS name of the collector (if there is one).
If you have the collector set correctly as a proxy then all the communication needs to flow via the collector.
Setting in that section the actual Supervisor IP the health functions and the registration process will always utilise the Supervisor.
To verify that you have the correct configuration on the machine you install the agent open the Windows Registry Editor (regedit) and check the Hive Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Fortinet\FortiSIEM the element SuperName should have as a value the collector IP or DNS.
If not then you have not provided the correct information during the installation process.
S
Checked registry "SuperName" is collector FQDN and "Supers" is supervisor FQDN.
While installing agent I have mentioned collector FQDN and agent works without any error.
However question remains same, If I block supervisor access to agent getting error that supervisor is not reachable.
Hi,
You need to unistall the agent and install it again with the correct information.
Also please note if you have Admin->Settings->System->Cluster Config for the supervisor then I think it ovewrites the configuration of the agent. This needs to be tested in the lab.
S.
Tried this on completely new system using collector FQDN.
Agent installed successfully because I have configured proxy in collector.
Now if i go to registry I still see supervisor FQDN in "supers" > Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Fortinet\FortiSIEM
Not sure how will this affect agent, Below I have mentioned 1 supervisor and 2 worker FQDN.
Admin->Settings->System->Cluster Config
How true is this blog with collector in place? Does this means that even if collector acts as proxy, windows agent will always need access to supervisor?
Welcome to your new Fortinet Community!
You'll find your previous forum posts under "Forums"
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.