failed to register this agent computer with " fortiSIEM super "

makeel · ‎02-01-2024

Dears

I want to install the agent V 5 to server operating with windows server 2008 R2 and the our Fortisiem Version is 7

we are facing the issue as you see blow and communication with the super server is allowed

FSM_FTNT · ‎02-02-2024

few things to check:

1) is there connectivity to the Super on TCP/443
2) Credential - are you using an agent admin account to register or a normal admin account?
3) make sure the user, password and the org is correct

https://docs.fortinet.com/document/fortisiem/7.0.3/windows-agent-5-x-x-installation-guide/547950/for...

bhinangt · ‎04-14-2024

@FSM_FTNT why do we need to allow supervisor port 443 for outgoing from windows agent?
Even when collector is acting as proxy?

Need a way out, as this defeats the purpose of collector setup.

I know supervisor does below agent management jobs:

- Status update to supervisor

- Registration to supervisor

However when we make collector as proxy, everything should be handled by collector itself.

FSM_FTNT · ‎04-14-2024

That is correct, if using a proxy on the Collector it should not need access to the Super directly, the Collector can proxy the comms from Agent to Super.

bhinangt · ‎04-15-2024

What can be done for this?
I have added proxy file in collector and even I can install agent using collector FQDN.

But then when i check registry values Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Fortinet\FortiSIEM the element supers have supervisor FQDN which I have not mentioned anywhere while installing agent.

@FSM_FTNT

sioannou · ‎04-14-2024

Hi @bhinangt ,

Make sure during the installation the Supervisor IP/DNS is set as the collector IP or DNS name of the collector (if there is one).

If you have the collector set correctly as a proxy then all the communication needs to flow via the collector.

Setting in that section the actual Supervisor IP the health functions and the registration process will always utilise the Supervisor.

To verify that you have the correct configuration on the machine you install the agent open the Windows Registry Editor (regedit) and check the Hive Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Fortinet\FortiSIEM the element SuperName should have as a value the collector IP or DNS.

If not then you have not provided the correct information during the installation process.

S

bhinangt · ‎04-15-2024

Checked registry "SuperName" is collector FQDN and "Supers" is supervisor FQDN.

While installing agent I have mentioned collector FQDN and agent works without any error.

However question remains same, If I block supervisor access to agent getting error that supervisor is not reachable.

sioannou · ‎04-15-2024

Hi,

You need to unistall the agent and install it again with the correct information.

Also please note if you have Admin->Settings->System->Cluster Config for the supervisor then I think it ovewrites the configuration of the agent. This needs to be tested in the lab.

S.

bhinangt · ‎04-15-2024

Tried this on completely new system using collector FQDN.

Agent installed successfully because I have configured proxy in collector.

Now if i go to registry I still see supervisor FQDN in "supers" > Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Fortinet\FortiSIEM

Not sure how will this affect agent, Below I have mentioned 1 supervisor and 2 worker FQDN.

Admin->Settings->System->Cluster Config

bhinangt · ‎04-15-2024

How true is this blog with collector in place? Does this means that even if collector acts as proxy, windows agent will always need access to supervisor?