Description
This article describes how to change the IP address of a FortiSIEM Appliance.
Scope
FortiSIEM v6.x or v7.x.
Solution
For versions v6.x or v7.x:
- Run configFSM.sh.
- Set TimeZone: select 'No' and then 'Next'.
- Select the element to configure: check where running configFSM.sh and accordingly select the FortiSIEM node type and then 'Next'.
- Select Operation: select 'change_network_config' and then 'Next'.
- Select Network Interface: select eth0 and then 'Next'.
- Select Operation: select 'IPv4' and then 'Next'.
- Configure IPv4 Network: Make the IP changes and then select 'Next'.
- Just select 'Next' for further steps.
For clickhouse-based FortiSIEM deployment, additional steps must be followed as per node type from the guide below for Supervisors and workers (not required for collectors as there is no clickhouse on collectors) post IP change using configFSM.sh tool
Handling ClickHouse Node IP Change
For version 5.x:
Here is a step-by-step guide.
Run a script to change the IP as below.
- Log into AO using a local console, do not do this through SSH as the connection will fail after the IP changes.
- Run the following:
cd /opt/phoenix/deployment/jumpbox
./vami_set_phip.py
Enter the new IP when prompted 'Input hostip'.
Check the following and make the proper changes which will be needed for the update:
Verify Hostname + IP are correctly changed.
-
Verify Hostname has Changed: 'hostname' at Linux prompt should return <New Hostname>.
-
Check /etc/hosts, there should be an entry as: <New-IP> <New Hostname>.
-
Check /etc/sysconfig/network-scripts/ifcfg-eth0 has the same values as those entered in step 1c.
Verify License Now Matches with the following command:
phLicenseTool --verify
Go to the following directory and edit phoenix_config.txt.
cd /opt/phoenix/config/
vi phoenix_config.txt
Search and Replace <Old-IP> with <New-IP>.
Change values in CMDB by entering the following commands:
su postgres
psql -U phoenix -d phoenixdb
The svn_url row likely has a value of the previous IP Address. Change this by:
select * from ph_sys_conf where property=’svn_url’;
update ph_sys_conf set value=’http://<New-IP>/repos/cmdb’ where property=’svn_url’;
select * from ph_sys_server where id='1';
The ip_addr column likely has a value of <Old-IP>. Change this by:
update ph_sys_server set ip_addr=’<New-IP>’ where id=’1’;
\q
If there are workers, the rows in ph_sys_server entries in ph_sys_server also have to be changed to the correct IPs.
Reboot and contact FortiSIEM Support to reset the license.
Re-register the FortiSIEM-VA again after the license is reset.
SSH into the FortiSIEM-VA after the registration process.
phstatus command should show all processes as up.
Log into GUI, check admin->Cloud Health. This should match values given by phstatus. Should also display the new hostname and new host IP.
If the admin needs to move the appliance into a completely different network segment, follow the additional steps.
- Configure Network From VM Console.
- Log in to ESX Host. Bring up the Console on the FortiSIEM VA.
- Select Configure Network.
- Enter the correct Host IP, Network Mask, Gateway, and DNS Servers.
- Configure Proxy if needed.
- Enter the Correct Host Name.
- When Prompted for 'Mount Point', do not enter anything, use Control-C to Escape.
