Browser Support and Hardware Requirements

Browser Support and Hardware Requirements

Supported Operating Systems and Browsers

Hardware Requirements for Supervisor and Worker Nodes

Hardware Requirements for Collector Nodes

Hardware Requirements for Report Server Nodes

Supported Operating Systems and Browsers

These are the browsers and operating systems that are supported for use with the FortiSIEM web client.

OS Supported Browsers Supported
 Windows Firefox, Chrome, Internet Explorer 11.x, Microsoft Edge
Mac OS X Firefox, Chrome, Safari
Linux Firefox, Chrome

 

Hardware Requirements for Supervisor and Worker Nodes

The FortiSIEM Virtual Appliance can be installed using either storage configured within the ESX server or NFS storage. See the topic Configuring NFS Server for more information on working with NFS storage.

Event Data Storage Requirements

The storage requirement shown in the Event Data Storage column is only for the eventdb data, but the /data partition also includes CMDB backups and queries. You should set the /data partition to a larger amount of storage to accommodate for this.

Encryption for Communication Between FortiSIEM Virtual Appliances

All communication between Collectors that are installed on-premises and FortiSIEM Supervisors and Workers is secured by TLS 1.2 encryption. Communications are managed by OpenSSL/Apache  HTTP Server/mod_ssl on the Supervisor/Worker side, and libcurl, using the NSS library for SSL, on the Collector side.The FortiSIEM Supervisor/Workers use RSA certificate with 2048 bits as default.

 

You can control the exact ciphers used for communications between virtual appliances by editing the SSLCipherSuite section in the file /etc/httpd/conf.d/ssl.conf on FortiSIEM Supervisors and Workers. You can test the ciphersuite for your Super or worker using the following nmap command:

nmap –script ssl-cert,ssl-enum-ciphers -p 443 <super_or_worker_fqdn>

Calculating Events per Second (EPS) and Exceeding the License Limit

AccelOps calculates the EPS for your system using a counter that records the total number of received events in a three minute time interval. Every second, a thread wakes up and checks the counter value. If the counter is less than 110% of the license limit (using the calculation 1.1 x EPS License x 180) , then AccelOps will continue to collect events. If you exceed 110% of your licensed EPS, events are dropped for the remainder of the three minute window, and an email notification is triggered. At the end of the three minute window the counter resets and resumes receiving events.

Overall EPS Quantity Host SW Processor Memory OS/App and CMDB Storage Event Data Storage

(1 year)

1,500 1 ESXi (4.0 or later preferred) 4 Core 3 GHz, 64 bit 16 GB

24 GB

(4.5.1+)

200GB (80GB OS/App, 60GB CMDB, 60G

B SVN)

3 TB
4,500 1 ESXi (4.0 or later preferred) 4 Core 3 GHz, 64 bit 16 GB

24 GB

(4.5.1+)

200GB (80GB OS/App, 60GB CMDB, 60G

B SVN)

8 TB
7,500 1 Super

1 Worker

ESXi (4.0 or later preferred) Super: 8 Core 3 GHz, 64 bit

Worker: 4 Core 3

GHz, 64 bit

Super: 24 GB Worker:

16 GB

Super: 200GB (80GB OS/App, 60GB CMDB, 60GB SVN)

Worker: 200GB (80GB OS/App)

12 TB
10,000 1 Super

1 Worker

ESXi (4.0 or later preferred) Super: 8 Core 3 GHz, 64 bit

Worker: 4 Core 3

GHz, 64 bit

Super: 24 GB Worker:

16 GB

Super: 200GB (80GB OS/App, 60GB CMDB, 60GB SVN)

Worker: 200GB (80GB OS/App)

17 TB
20,000 1 Super

3 Workers

ESXi (4.0 or later preferred) Super: 8 Core 3 GHz, 64 bit

Worker: 4 Core 3

GHz, 64 bit

Super: 24 GB Worker:

16 GB

Super: 200GB (80GB OS/App, 60GB CMDB, 60GB SVN)

Worker: 200GB (80GB OS/App)

34 TB
30,000 1 Super

5 Workers

ESXi (4.0 or later preferred) Super: 8 Core 3 GHz, 64 bit

Worker: 4 Core 3

GHz, 64 bit

Super: 24 GB Worker:

16 GB

Super: 200GB (80GB OS/App, 60GB CMDB, 60GB SVN)

Worker: 200GB (80GB OS/App)

50 TB
Higher than

30,000

Consult

FortiSIEM

         
Hardware Requirements for Collector Nodes
Component Quantity Host SW Processor Memory OS/App Storage
Collector 1 ESX 2 Core 2 GHz, 64 bit 4 GB 40 GB
Collector 1 Native Linux

Suggested Platform: Dell PowerEdge R210 Rack Server

2 Core, 64 bit 4GB 40 GB
Hardware Requirements for Report Server Nodes
Component Quantity Host

SW

Processor Memory OS/App Storage Reports Data Storage (1 year)
Report

Server

1 ESX 8 Core 3

GHz, 64 bit

16 GB 200GB (80GB OS/App, 60GB

CMDB, 60GB SVN)

See recommendations under Hardware Requirements for

Supervisor and Worker nodes

 

 

 

Information Prerequisites for All FortiSIEM Installations

You should have this information ready before you begin installing the FortiSIEM virtual appliance on ESX:

  1. The static IP address and subnet mask for your FortiSIEM virtual appliance.
  2. The IP address of NFS mount point and NFS share name if using NFS storage. See the topics Configuring NFS Storage for VMware ESX Server and Setting Up NFS Storage in AWS for more information.
  3. The FortiSIEM host name within your local DNS server.
  4. The VMWare ESX datastore location where the virtual appliance image will be stored if using ESX storage.

 

This entry was posted in Administration Guides, FortiSIEM on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.