Help
FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
ogullikstad
Staff
Staff

Created on ‎05-23-2024 01:46 AM Edited on ‎05-29-2024 03:02 AM By Community Manager

Article Id 316711

Technical Tip: Setting up FortiSIEM in Proxmox

Description This article describes how to set up FortiSIEM in Proxmox for lab usage. 
Scope Since Proxmox is not supported officially for production this guide is intended for lab usage, and it is expected that the Proxmox server has been configured before this installation.
Solution
  1. Start by downloading the KVM SW from support.fortinet.com
  2. Unzip the content and upload the .qcow2 file to the root folder of the Proxmox server using SCP.
  3. Create the VM in Proxmox by 'right-clicking' and choosing 'Create VM'.

1.jpg

 

  1. Give it a name (in this case 'Supervisor'), and make a note of the VM ID (102). It is preferable to choose 'Start at boot'. When this is done, press 'Next'.

     

    2.jpg

     

  2. Select 'Do not use any media', and use Guest OS settings as shown in the picture. Press 'Next'.

    3.jpg

 

  1. Go with the default settings on the next option (as shown below), and press 'Next'.

    4.jpg

     

  2. Add disks as described in the Set-up guide for the type of server setup (Supervisor, Worker, Collector).

    5.jpg

 

  1. Delete Disk 'scsi0' (this spot will be used later when importing the .qcow2 file). Press 'Next'.

    6.jpg

 

  1. Add CPUs as described in the install guide (and supported by the HW) press 'Next'.

    7.jpg

 

  1. Add memory as stated on the FortiSIEM Install guide, be aware that Proxmox uses MiB (mebibyte), so use a GB to MiB calculator to find the correct number. Press 'Next'.

    8.jpg

     

  2. Set up the network with the correct bridge (In this example it is vmbrSRV). Press 'Next'.

    9.jpg

     

  3. Confirm the settings by pressing 'Finish'.

    10.jpg

     

  4. Now there should be a server (in this example 102 Supervisor) partly ready and defined on the Proxmox.

    11.jpg

     

     

  5. Now, it is necessary to find which Storage to import the .qcow2 file to (let's use Datadisk here).

    12.jpg

     

  6. It is now necessary to open a shell on the Proxmox server.

    13.jpg

     

  7. Now, let's import the .qcow2 file to the Storage desired to be used. Go to the location where the file has been uploaded. Use this command 'qm importdisk 102 FortiSIEM-VA-7.1.5.0181.qcow2 Datadisk'. The variables here is '102' this is the VM ID of this example. Next is the Filename 'FortiSIEMxxxxxx' and then it is the Storage 'Datadisk'.

    14.jpg

     

Press 'Enter' and it will show something like this:

15.jpg

 

Wait for it to finish and show something like this:

16.jpg

 

  1. Go back to the Proxmox GUI. It shows that the VM now has a new Disk called 'Unused Disk xxxxxx'.

    17.jpg

     

  2. It is now necessary to assign this to scsi0 on the VM. Select the 'Unused disk xxx' and press 'Add'.

    18.jpg

 

 

It should show a new disk in scsi0 on the VM.

19.jpg

 

It will also be necessary to go to 'Options' and make sure that 'scsi0' is the first in the boot order. Make sure 'scsi0' is marked as 'Enabled'.

20.jpg

 

21.jpg

 

  1. It is ready to start up the VM. Highlight the VM (Here '102 Supervisor', and also '>_ Console').

    22.jpg

     

  2. It will show the option to 'Start now' in the middle of the console window. 

    23.jpg

     

  3. It will show this: 

    24.jpg

 

  1. Follow the instructions in the FortiSIEM KVM install guide.
174
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.