When we add credentials in FortiSIEM admin settings, it only asks to map IP.
Same IP can belong to multiple clients also, But in mapping there is no option to select collector. So how to map credentials to correct device linked to correct collector.
Also do i need to allow supervisor to firewall port 22 if i want to add SSH credentials? This is not possible by allowing collector to firewall connection over port 22?
Solved! Go to Solution.
Yes, you should to run the discovery from the correct organization.
You only mentioned SSH above. Did you also configure SNMP credentials. Did the test credentials option work? Did the discovery succeed for SNMP?
I don't have a collector in my lab but you should have a dropdown menu on the credentials page. It will be in the same place as the red square below.
If you select collector here, you only need to allow connections on tcp/22 from the collector.
This is snapshot from Global view with collector setup. No such option
Can you provide some more information about your setup please?
Is it service provider or enterprise setup?
How many collector have you registered?
If in service provide mode, are the collectors dedicated to an org or are they multi org collectors?
Thanks
Service Provider,
20 Collectors
No sharing of collectors, its dedicated.
Mean while instead of global view, i switched to individual organization view and added credentials. It went through collector, test was successful but then also no SNMP performance logs being reported.
Also not sure of the approach to add credentials is correct.
Yes, you should to run the discovery from the correct organization.
You only mentioned SSH above. Did you also configure SNMP credentials. Did the test credentials option work? Did the discovery succeed for SNMP?
Thank you @Richie_C it worked!
To map credentials to the correct device and collector in FortiSIEM, follow these steps: First, add the credentials in the FortiSIEM admin settings and map them to the device's IP address. Since the same IP can belong to multiple clients, you need to ensure the correct collector is managing the device. Unfortunately, FortiSIEM doesn't directly allow selecting a collector during mapping. Instead, organize devices so each collector handles a specific range of IPs or clients. Regarding SSH credentials, you only need to allow the collector to connect to the firewall over port 22, not the supervisor. This way, the collector can use SSH to communicate with the devices it manages. For more details visit vipdesertsafari.
Great question! The issue with mapping credentials to the correct device linked to the appropriate collector can be tricky. Adding the ability to specify the collector would certainly streamline things. As for SSH credentials, allowing supervisor access to firewall port 22 seems to be a default requirement, but it’s worth exploring if collector-level access can achieve the same result.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1736 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.