Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Deployment Guide

    Home FortiSOAR 7.6.1 Deployment Guide
    7.6.1
    7.6.5
    7.6.4
    7.6.2
    7.6.1
    7.6.0
    7.5.0
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.3.1
    7.3.0
    7.2.2
    7.2.1
    7.2.0
    7.0.2
    7.0.1
    7.0.0
    6.4.4
    6.4.3
    6.4.1
    6.4.0
    6.0.0

    Introduction

    Introduction

    Fortinet Security Orchestration Platform™ (FortiSOAR™) is a scalable, awareness-driven, and encrypted security management intelligence platform. FortiSOAR is a centralized hub for your security operations and dramatically improves the effectiveness and efficiency of your security operations teams, by providing automation and customizable mechanisms for prevention, detection, and response to cybersecurity threats.

    Note

    To support disk sizes larger than 2 TB, FortiSOAR OVAs starting with the 7.5.0 release come pre-configured with a GPT-based disk layout. Previously, FortiSOAR OVAs were shipped with an MBR-based disk layout, which limited disk management to a size of 2TB. If you already have a FortiSOAR instance and need a partition larger than 2 TB, we recommend creating a new FortiSOAR VM on release 7.5.0 or later and utilizing the Export and Import wizards to migrate your data from the old instance to the new one.
    Tooltip

    Release 7.6.1 introduces an on-demand feature, i.e., ability to encrypt all FortiSOAR's 'data at-rest'. For more information, see the Encrypting FortiSOAR's Data at Rest chapter.

    For information on deploying FortiSOAR, see the Deploying FortiSOAR chapter.
    For information on deploying FortiSOAR using offline repositories, see the Deploying FortiSOAR using offline repositories chapter.
    For information on deploying FortiSOAR on a docker platform, see the Deploying FortiSOAR on a docker platform chapter.
    For information deploying the FortiSOAR Docker on an EKS cluster, see the Deploying FortiSOAR Docker on an Amazon Elastic Kubernetes Cluster chapter.

    FortiSOAR is also available as a hosted option on FortiCloud. For information of FortiSOAR on FortiCloud, see the FortiSOAR Cloud documentation.

    Purpose

    Use the deployment guide to deploy the FortiSOAR virtual appliance using VMware, the ESX/ESXi server and AWS.

    Note

    This document provides you with all the procedures for setting up FortiSOAR in your environment, including deploying FortiSOAR, the initial configuration for FortiSOAR, and troubleshooting of FortiSOAR.

    Prerequisites

    Before you deploy FortiSOAR, ensure you have done the following:

    • Setup a system with minimal edition of either Rocky Linux version 9.3/9.4/9.5, or RHEL version 9.3/9.4/9.5, if you are installing FortiSOAR using the installation script. Release 7.6.1 has been tested with RHEL 9.5 and Rocky Linux 9.5
      OR,
      If you are using the OVA to deploy FortiSOAR, then provision to import the FortiSOAR virtual appliance into VMware or AWS.
      NOTE: When installing FortiSOAR using the installation script, it is highly recommended to install FortiSOAR on a non-hardened operating system (OS). After the installation, the OS will undergo automatic hardening by FortiSOAR. Avoid any additional hardening of the OVA or consult with FortiSOAR support, to prevent issues in the FortiSOAR running instance. Installing FortiSOAR on a pre-hardened OS can lead to installation failure and issues with starting services, file permissions, etc.
    • Decide the Hostname and IP address.
    • Know the DNS server IP address for the appliance.
    • Disable the IPv6 protocol from your VM where you are deploying FortiSOAR if you are not using the IPv6 protocol. This is necessary because, starting with RHEL 9.0 or Rocky Linux 9.0, ifcfg files are deprecated. To disable IPv6, you should check the appropriate NIC config file and make changes in /etc/NetworkManager/system-connections (see the Using NetworkManager to disable IPv6 for a specific connection document). Starting with RHEL 9.0 or Rocky Linux 9.0, network configurations are stored at /etc/NetworkManager/system-connections/ in a 'key file' format.
    • Locale is set to en_US.UTF-8. FortiSOAR release 7.5.0 and later supports PostgreSQL 16. The postgresql-16 service will fail if the locale is not set to en_US.UTF-8, so make sure that the locale of your VM where you are deploying FortiSOAR is set to en_US.UTF-8. To install and apply the en-US.UTF-8 locale on your system use the following commands:
      # yum install glibc-langpack-en -y
      # localectl set-locale en_US.UTF-8
    • Company-specific SSL certificate, if you want to change the default certificate.
    • Optionally configure an SMTP server and an NTP server. The SMTP server is used for outgoing notifications once the system is configured. The NTP server is used to synchronize the machine time after deployment.
    Caution

    Do not alter the /etc/sudoers file, as the users added by FortiSOAR in the sudoers file are necessary for FortiSOAR's functioning. Since certain commands are only accessible to these users, changing the /etc/sudoers file could interfere with FortiSOAR's functioning and cause issues such as services not starting or an inability to log into FortiSOAR's GUI.

    Browser Compatibility

    FortiSOAR 7.6.1 User Interface has been tested on the following browsers:

    • Google Chrome version 131.0.6778.86
    • Mozilla Firefox version 133.0
    • Microsoft Edge version 131.0.2903.70
    • Safari version 18.1 (20619.2.8.11.10)
    Previous
    Next

    Introduction

    Introduction

    Fortinet Security Orchestration Platform™ (FortiSOAR™) is a scalable, awareness-driven, and encrypted security management intelligence platform. FortiSOAR is a centralized hub for your security operations and dramatically improves the effectiveness and efficiency of your security operations teams, by providing automation and customizable mechanisms for prevention, detection, and response to cybersecurity threats.

    Note

    To support disk sizes larger than 2 TB, FortiSOAR OVAs starting with the 7.5.0 release come pre-configured with a GPT-based disk layout. Previously, FortiSOAR OVAs were shipped with an MBR-based disk layout, which limited disk management to a size of 2TB. If you already have a FortiSOAR instance and need a partition larger than 2 TB, we recommend creating a new FortiSOAR VM on release 7.5.0 or later and utilizing the Export and Import wizards to migrate your data from the old instance to the new one.
    Tooltip

    Release 7.6.1 introduces an on-demand feature, i.e., ability to encrypt all FortiSOAR's 'data at-rest'. For more information, see the Encrypting FortiSOAR's Data at Rest chapter.

    For information on deploying FortiSOAR, see the Deploying FortiSOAR chapter.
    For information on deploying FortiSOAR using offline repositories, see the Deploying FortiSOAR using offline repositories chapter.
    For information on deploying FortiSOAR on a docker platform, see the Deploying FortiSOAR on a docker platform chapter.
    For information deploying the FortiSOAR Docker on an EKS cluster, see the Deploying FortiSOAR Docker on an Amazon Elastic Kubernetes Cluster chapter.

    FortiSOAR is also available as a hosted option on FortiCloud. For information of FortiSOAR on FortiCloud, see the FortiSOAR Cloud documentation.

    Purpose

    Use the deployment guide to deploy the FortiSOAR virtual appliance using VMware, the ESX/ESXi server and AWS.

    Note

    This document provides you with all the procedures for setting up FortiSOAR in your environment, including deploying FortiSOAR, the initial configuration for FortiSOAR, and troubleshooting of FortiSOAR.

    Prerequisites

    Before you deploy FortiSOAR, ensure you have done the following:

    • Setup a system with minimal edition of either Rocky Linux version 9.3/9.4/9.5, or RHEL version 9.3/9.4/9.5, if you are installing FortiSOAR using the installation script. Release 7.6.1 has been tested with RHEL 9.5 and Rocky Linux 9.5
      OR,
      If you are using the OVA to deploy FortiSOAR, then provision to import the FortiSOAR virtual appliance into VMware or AWS.
      NOTE: When installing FortiSOAR using the installation script, it is highly recommended to install FortiSOAR on a non-hardened operating system (OS). After the installation, the OS will undergo automatic hardening by FortiSOAR. Avoid any additional hardening of the OVA or consult with FortiSOAR support, to prevent issues in the FortiSOAR running instance. Installing FortiSOAR on a pre-hardened OS can lead to installation failure and issues with starting services, file permissions, etc.
    • Decide the Hostname and IP address.
    • Know the DNS server IP address for the appliance.
    • Disable the IPv6 protocol from your VM where you are deploying FortiSOAR if you are not using the IPv6 protocol. This is necessary because, starting with RHEL 9.0 or Rocky Linux 9.0, ifcfg files are deprecated. To disable IPv6, you should check the appropriate NIC config file and make changes in /etc/NetworkManager/system-connections (see the Using NetworkManager to disable IPv6 for a specific connection document). Starting with RHEL 9.0 or Rocky Linux 9.0, network configurations are stored at /etc/NetworkManager/system-connections/ in a 'key file' format.
    • Locale is set to en_US.UTF-8. FortiSOAR release 7.5.0 and later supports PostgreSQL 16. The postgresql-16 service will fail if the locale is not set to en_US.UTF-8, so make sure that the locale of your VM where you are deploying FortiSOAR is set to en_US.UTF-8. To install and apply the en-US.UTF-8 locale on your system use the following commands:
      # yum install glibc-langpack-en -y
      # localectl set-locale en_US.UTF-8
    • Company-specific SSL certificate, if you want to change the default certificate.
    • Optionally configure an SMTP server and an NTP server. The SMTP server is used for outgoing notifications once the system is configured. The NTP server is used to synchronize the machine time after deployment.
    Caution

    Do not alter the /etc/sudoers file, as the users added by FortiSOAR in the sudoers file are necessary for FortiSOAR's functioning. Since certain commands are only accessible to these users, changing the /etc/sudoers file could interfere with FortiSOAR's functioning and cause issues such as services not starting or an inability to log into FortiSOAR's GUI.

    Browser Compatibility

    FortiSOAR 7.6.1 User Interface has been tested on the following browsers:

    • Google Chrome version 131.0.6778.86
    • Mozilla Firefox version 133.0
    • Microsoft Edge version 131.0.2903.70
    • Safari version 18.1 (20619.2.8.11.10)
    Previous
    Next