Technical Tip: FortiSOAR SME Connection Failure

FortiSOAR Knowledge Base

FortiSOAR: Security Orchestration and Response software provides innovative case management, automation, and orchestration. It pulls together all of an organization's tools, helps unify operations, and reduce alert fatigue, context switching, and the mean time to respond to incidents.

Article Id 420541

Description

This article describes the steps to resolve a connection failure between FortiSOAR and FortiSOAR SME.

Scope

FortiSOAR.

Solution

The issue occurs when the SME server certificate Common Name (CN) or Subject Alternative Name (SAN) does not match the Address in the FortiSOAR configuration.

In the Configuration Status column, Not Configured means that FortiSOAR cannot establish a successful SSL handshake with the SME using the provided certificate and credentials.

sme1(1).png

To resolve the FortiSOAR SME connection failure, follow these steps:

Ensure the FortiSOAR node and SME server are on the same subnet and there is no firewall blocking the connection.
Check the FQDN with ping to ensure it can be pinged.
Regenerate the SME's RabbitMQ SSL certificate using the correct FQDN. The CN or SAN in the SME's server certificate must match the FQDN configured in FortiSOAR.
Replace the certificates and restart the SME service:

systemctl restart rabbitmq-server

By following these steps, the SME should register successfully with FortiSOAR.

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Technical Tip: FortiSOAR SME Connection Failure

You are leaving our website