Fortinet black logo

Deployment Guide

Home FortiSOAR 7.5.0 Deployment Guide
7.5.0
7.5.0
7.4.3
7.4.2
7.4.1
7.4.0
7.3.1
7.3.0
7.2.2
7.2.1
7.2.0
7.0.2
7.0.1
7.0.0
6.4.4
6.4.3
6.4.1
6.4.0
6.0.0

Introduction

Introduction

Fortinet Security Orchestration Platform™ (FortiSOAR™) is a scalable, awareness-driven, and encrypted security management intelligence platform. FortiSOAR is a centralized hub for your security operations and dramatically improves the effectiveness and efficiency of your security operations teams, by providing automation and customizable mechanisms for prevention, detection, and response to cybersecurity threats.

In release 7.5.0, the operating system (OS) used for FortiSOAR is upgraded from Rocky Linux/RHEL 8.8/8.7 to Rocky Linux/RHEL 9.3 to ensure that FortiSOAR is running on a stable and secure OS. Rocky Linux/RHEL 9.3 delivers a number of enhancements over Rocky Linux/RHEL 8.8/8.7, including increased security, an improved kernel, and updated packages. More information can be found in the Release Notes for Rocky Linux 9.3 and Upgrading from RHEL 8 to RHEL 9 articles.

Note

To support disk sizes larger than 2 TB, FortiSOAR OVAs starting with the 7.5.0 release come pre-configured with a GPT-based disk layout. Previously, FortiSOAR OVAs were shipped with an MBR-based disk layout, which limited disk management to a size of 2TB. If you already have a FortiSOAR instance and need a partition larger than 2 TB, we recommend creating a new FortiSOAR VM on release 7.5.0 or later and utilizing the Export and Import wizards to migrate your data from the old instance to the new one.

For information on deploying FortiSOAR, see the Deploying FortiSOAR chapter.
For information on deploying FortiSOAR using offline repositories, see the Deploying FortiSOAR using offline repositories chapter.
For information on deploying FortiSOAR on a docker platform, see the Deploying FortiSOAR on a docker platform chapter.
For information deploying the FortiSOAR Docker on an EKS cluster, see the Deploying FortiSOAR Docker on an Amazon Elastic Kubernetes Cluster chapter.

FortiSOAR is also available as a hosted option on FortiCloud. Additionally, it is also available as a Management Extension Application (MEA) on FortiAnalyzer and FortiManager.
For information of FortiSOAR on FortiCloud, see the FortiSOAR Cloud documentation.
For information of FortiSOAR MEA on FortiAnalyzer, see the FortiAnalyzer documentation; and for information of FortiSOAR MEA on FortiManager, see the FortiManager documentation.

Purpose

Use the deployment guide to deploy the FortiSOAR virtual appliance using VMware, the ESX/ESXi server and AWS.

Note

This document provides you with all the procedures for setting up FortiSOAR in your environment, including deploying FortiSOAR, the initial configuration for FortiSOAR, and troubleshooting of FortiSOAR.

Prerequisites

Before you deploy FortiSOAR, ensure you have done the following:

  • Setup a system with either Rocky Linux version 9.3, or RHEL version 9.3, if you are installing FortiSOAR using the installation script.
    OR,
    If you are using the OVA to deploy FortiSOAR, then provision to import the FortiSOAR virtual appliance into VMware or AWS.
    NOTE: When installing FortiSOAR using the installation script, it is highly recommended to install FortiSOAR on a non-hardened operating system (OS). After the installation, the OS will undergo automatic hardening by FortiSOAR. Avoid any additional hardening of the OVA or consult with FortiSOAR support, to prevent issues in the FortiSOAR running instance. Installing FortiSOAR on a pre-hardened OS can lead to installation failure and issues with starting services, file permissions, etc.
  • Hostname and IP address if you want to change or assign them.
  • DNS server should be configured for the appliance if it is not picked up automatically from the network.
  • Disable the IPv6 protocol from your VM where you are deploying FortiSOAR if you are not using the IPv6 protocol. This is necessary because, starting with RHEL 9.0 or Rocky Linux 9.0, ifconfig files are deprecated. To disable IPv6, you should check the appropriate NIC config file and make changes in /etc/NetworkManager/system-connections (see the Using NetworkManager to disable IPv6 for a specific connection document). Starting with RHEL 9.0 or Rocky Linux 9.0, network configurations are stored at /etc/NetworkManager/system-connections/ in a 'key file' format.
  • Locale is set to en_US.UTF-8. FortiSOAR release 7.5.0 and later supports PostgreSQL 16. The postgresql-16 service will fail if the locale is not set to en_US.UTF-8, so make sure that the locale of your VM where you are deploying FortiSOAR is set to en_US.UTF-8. To install and apply the en-US.UTF-8 locale on your system use the following commands:
    # yum install glibc-langpack-en -y
    # localectl set-locale en_US.UTF-8
  • Company-specific SSL certificate, if you want to change the default certificate.
  • Optionally configure an SMTP server and an NTP server. The SMTP server is used for outgoing notifications once the system is configured. The NTP server is used to synchronize the machine time after deployment.
Caution

Do not alter the /etc/sudoers file, as the users added by FortiSOAR in the sudoers file are necessary for FortiSOAR's functioning. Since certain commands are only accessible to these users, changing the /etc/sudoers file could interfere with FortiSOAR's functioning and cause issues such as services not starting or an inability to log into FortiSOAR's GUI.

Browser Compatibility

FortiSOAR 7.5.0 User Interface has been tested on the following browsers:

  • Google Chrome version 122.0.6261.113
  • Mozilla Firefox version 123.0
  • Microsoft Edge version 122.0.2365.80
  • Safari version 17.3 (19617.2.4.11.8)
Previous
Next

Introduction

Fortinet Security Orchestration Platform™ (FortiSOAR™) is a scalable, awareness-driven, and encrypted security management intelligence platform. FortiSOAR is a centralized hub for your security operations and dramatically improves the effectiveness and efficiency of your security operations teams, by providing automation and customizable mechanisms for prevention, detection, and response to cybersecurity threats.

In release 7.5.0, the operating system (OS) used for FortiSOAR is upgraded from Rocky Linux/RHEL 8.8/8.7 to Rocky Linux/RHEL 9.3 to ensure that FortiSOAR is running on a stable and secure OS. Rocky Linux/RHEL 9.3 delivers a number of enhancements over Rocky Linux/RHEL 8.8/8.7, including increased security, an improved kernel, and updated packages. More information can be found in the Release Notes for Rocky Linux 9.3 and Upgrading from RHEL 8 to RHEL 9 articles.

Note

To support disk sizes larger than 2 TB, FortiSOAR OVAs starting with the 7.5.0 release come pre-configured with a GPT-based disk layout. Previously, FortiSOAR OVAs were shipped with an MBR-based disk layout, which limited disk management to a size of 2TB. If you already have a FortiSOAR instance and need a partition larger than 2 TB, we recommend creating a new FortiSOAR VM on release 7.5.0 or later and utilizing the Export and Import wizards to migrate your data from the old instance to the new one.

For information on deploying FortiSOAR, see the Deploying FortiSOAR chapter.
For information on deploying FortiSOAR using offline repositories, see the Deploying FortiSOAR using offline repositories chapter.
For information on deploying FortiSOAR on a docker platform, see the Deploying FortiSOAR on a docker platform chapter.
For information deploying the FortiSOAR Docker on an EKS cluster, see the Deploying FortiSOAR Docker on an Amazon Elastic Kubernetes Cluster chapter.

FortiSOAR is also available as a hosted option on FortiCloud. Additionally, it is also available as a Management Extension Application (MEA) on FortiAnalyzer and FortiManager.
For information of FortiSOAR on FortiCloud, see the FortiSOAR Cloud documentation.
For information of FortiSOAR MEA on FortiAnalyzer, see the FortiAnalyzer documentation; and for information of FortiSOAR MEA on FortiManager, see the FortiManager documentation.

Purpose

Use the deployment guide to deploy the FortiSOAR virtual appliance using VMware, the ESX/ESXi server and AWS.

Note

This document provides you with all the procedures for setting up FortiSOAR in your environment, including deploying FortiSOAR, the initial configuration for FortiSOAR, and troubleshooting of FortiSOAR.

Prerequisites

Before you deploy FortiSOAR, ensure you have done the following:

  • Setup a system with either Rocky Linux version 9.3, or RHEL version 9.3, if you are installing FortiSOAR using the installation script.
    OR,
    If you are using the OVA to deploy FortiSOAR, then provision to import the FortiSOAR virtual appliance into VMware or AWS.
    NOTE: When installing FortiSOAR using the installation script, it is highly recommended to install FortiSOAR on a non-hardened operating system (OS). After the installation, the OS will undergo automatic hardening by FortiSOAR. Avoid any additional hardening of the OVA or consult with FortiSOAR support, to prevent issues in the FortiSOAR running instance. Installing FortiSOAR on a pre-hardened OS can lead to installation failure and issues with starting services, file permissions, etc.
  • Hostname and IP address if you want to change or assign them.
  • DNS server should be configured for the appliance if it is not picked up automatically from the network.
  • Disable the IPv6 protocol from your VM where you are deploying FortiSOAR if you are not using the IPv6 protocol. This is necessary because, starting with RHEL 9.0 or Rocky Linux 9.0, ifconfig files are deprecated. To disable IPv6, you should check the appropriate NIC config file and make changes in /etc/NetworkManager/system-connections (see the Using NetworkManager to disable IPv6 for a specific connection document). Starting with RHEL 9.0 or Rocky Linux 9.0, network configurations are stored at /etc/NetworkManager/system-connections/ in a 'key file' format.
  • Locale is set to en_US.UTF-8. FortiSOAR release 7.5.0 and later supports PostgreSQL 16. The postgresql-16 service will fail if the locale is not set to en_US.UTF-8, so make sure that the locale of your VM where you are deploying FortiSOAR is set to en_US.UTF-8. To install and apply the en-US.UTF-8 locale on your system use the following commands:
    # yum install glibc-langpack-en -y
    # localectl set-locale en_US.UTF-8
  • Company-specific SSL certificate, if you want to change the default certificate.
  • Optionally configure an SMTP server and an NTP server. The SMTP server is used for outgoing notifications once the system is configured. The NTP server is used to synchronize the machine time after deployment.
Caution

Do not alter the /etc/sudoers file, as the users added by FortiSOAR in the sudoers file are necessary for FortiSOAR's functioning. Since certain commands are only accessible to these users, changing the /etc/sudoers file could interfere with FortiSOAR's functioning and cause issues such as services not starting or an inability to log into FortiSOAR's GUI.

Browser Compatibility

FortiSOAR 7.5.0 User Interface has been tested on the following browsers:

  • Google Chrome version 122.0.6261.113
  • Mozilla Firefox version 123.0
  • Microsoft Edge version 122.0.2365.80
  • Safari version 17.3 (19617.2.4.11.8)
Previous
Next