Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
bhinangt
New Contributor III

How to use credentials menu through collector?

When we add credentials in FortiSIEM admin settings, it only asks to map IP.


Same IP can belong to multiple clients also, But in mapping there is no option to select collector. So how to map credentials to correct device linked to correct collector.

 

Also do i need to allow supervisor to firewall port 22 if i want to add SSH credentials? This is not possible by allowing collector to firewall connection over port 22?

1 Solution
Richie_C

Yes, you should to run the discovery from the correct organization.

 

You only mentioned SSH above. Did you also configure SNMP credentials. Did the test credentials option work? Did the discovery succeed for SNMP?

Take a backup before making any changes

View solution in original post

8 REPLIES 8
Richie_C
Staff
Staff

I don't have a collector in my lab but you should have a dropdown menu on the credentials page. It will be in the same place as the red square below. 

 

discovered by.PNG

If you select collector here, you only need to allow connections on tcp/22 from the collector. 

Take a backup before making any changes
bhinangt
New Contributor III

This is snapshot from Global view with collector setup. No such option

 

Screenshot 2024-05-09 at 7.39.29 PM.png

Richie_C

Can you provide some more information about your setup please?

 

Is it service provider or enterprise setup?

How many collector have you registered?

If in service provide mode, are the collectors dedicated to an org or are they multi org collectors?

Thanks

Take a backup before making any changes
bhinangt
New Contributor III

Service Provider,
20 Collectors

No sharing of collectors, its dedicated.

 

Mean while instead of global view, i switched to individual organization view and added credentials. It went through collector, test was successful but then also no SNMP performance logs being reported.

Also not sure of the approach to add credentials is correct.

Richie_C

Yes, you should to run the discovery from the correct organization.

 

You only mentioned SSH above. Did you also configure SNMP credentials. Did the test credentials option work? Did the discovery succeed for SNMP?

Take a backup before making any changes
bhinangt
New Contributor III

Thank you @Richie_C it worked!

wagersantonio
New Contributor II

To map credentials to the correct device and collector in FortiSIEM, follow these steps: First, add the credentials in the FortiSIEM admin settings and map them to the device's IP address. Since the same IP can belong to multiple clients, you need to ensure the correct collector is managing the device. Unfortunately, FortiSIEM doesn't directly allow selecting a collector during mapping. Instead, organize devices so each collector handles a specific range of IPs or clients. Regarding SSH credentials, you only need to allow the collector to connect to the firewall over port 22, not the supervisor. This way, the collector can use SSH to communicate with the devices it manages. For more details visit vipdesertsafari

Hinaseo
Visitor

Great question! The issue with mapping credentials to the correct device linked to the appropriate collector can be tricky. Adding the ability to specify the collector would certainly streamline things. As for SSH credentials, allowing supervisor access to firewall port 22 seems to be a default requirement, but it’s worth exploring if collector-level access can achieve the same result.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors