?? FortiSOAR Installation & Deployment: A Complete Guide for On-Prem & Cloud ??

?? FortiSOAR is an advanced Security Orchestration, Automation, and Response (SOAR) platform designed to accelerate incident response, integrate with security tools, and automate playbooks to improve SOC efficiency.

To get the most out of FortiSOAR, a proper installation and deployment strategy is critical. This guide provides a step-by-step approach to deploying FortiSOAR on-premises and in the cloud, along with troubleshooting solutions for common issues.

?? On-Premises Deployment – Step-by-Step Guide

? Step 1: System Requirements & Pre-Installation Checks

Before installing FortiSOAR, ensure that your server meets the minimum and recommended hardware requirements.

?? Minimum Requirements (Small Deployments)

?? CPU: 4 Cores

?? RAM: 16 GB

?? Storage: 250 GB SSD

?? OS: CentOS 7 / RHEL 8

?? Recommended for Large Deployments

?? CPU: 8+ Cores

?? RAM: 32 GB+

?? Storage: 500 GB SSD (RAID Recommended)

?? Network: Gigabit or better

?? Pre-Installation Checklist

? Ensure network connectivity to internal security tools and the internet.

? Disable SELinux and configure necessary firewall rules.

? Verify PostgreSQL compatibility.

? Ensure SSH access is enabled for remote administration.

? Step 2: Installing FortiSOAR on an On-Premises Server

?? Download the FortiSOAR Installer from the Fortinet Support Portal. ?? Transfer the installation package to the server:

scp fortisoar-installer.sh user@server-ip:/home/user/

?? Run the installer:

chmod +x fortisoar-installer.sh sudo ./fortisoar-installer.sh

?? Follow the installation prompts to configure database settings. ?? Start FortiSOAR services:

systemctl start fortisoar systemctl enable fortisoar

?? Troubleshooting Common Issues

?? Issue: Installation fails due to missing dependencies

?? Fix: Install required packages before running the installer:

sudo yum install -y epel-release && sudo yum update -y

?? Issue: Cannot access the FortiSOAR Web UI after installation

?? Fix: Ensure port 443 is open on the firewall:

sudo firewall-cmd --permanent --add-port=443/tcp sudo firewall-cmd --reload

?? Cloud Deployment – AWS & Azure

? Step 1: Choosing the Right Cloud Model

FortiSOAR supports multiple cloud deployment models:

?? AWS AMI – Pre-configured image on AWS Marketplace.

?? Azure VM – Virtual Machine deployment via Azure Marketplace.

?? Docker/Kubernetes – For containerized environments.

? Step 2: Deploying FortiSOAR on AWS

?? Launch an EC2 instance with the FortiSOAR AMI from AWS Marketplace.

?? Choose an instance type (C5.4xlarge recommended).

?? Configure security group rules:

• Allow TCP 443 (Web UI).
• Allow TCP 22 (SSH for remote access).
• ?? Assign an Elastic IP for external connectivity.
• ?? Access the Web UI via https://<public-ip>

?? Troubleshooting AWS Deployment

?? Issue: Cannot access the FortiSOAR UI

?? Fix: Update AWS Security Groups to allow inbound traffic on port 443.

?? Issue: Poor performance or timeouts

?? Fix: Upgrade the EC2 instance to C5.8xlarge or M5.4xlarge.

? Step 3: Deploying FortiSOAR on Azure

?? Open Azure Marketplace and search for FortiSOAR.

?? Choose a Virtual Machine (VM) with:

• 8 vCPUs
• 32 GB RAM
• 500 GB SSD ?? Configure Network Security Groups (NSG):
• Allow TCP 443 for UI access.
• Allow TCP 22 for SSH.

?? Troubleshooting Azure Deployment

?? Issue: FortiSOAR fails to start

?? Fix: Ensure the VM size and storage meet the minimum requirements.

?? Issue: Network connectivity problems

?? Fix: Verify NSG rules and ensure Azure Load Balancer settings are correct.

?? Post-Installation Configuration

? 1. Setting Up FortiSOAR Connectors

?? Go to Admin > Connectors > Add New Connector.

?? Configure API credentials for security tools (FortiSIEM, FortiGate, EDR, etc.).

?? Test data flow & event ingestion.

? 2. Creating Automation Playbooks

?? Open the Playbook Builder and select New Playbook.

?? Drag & drop actions for threat enrichment, email analysis, and malware triage.

?? Save & enable real-time automation workflows.

? 3. Enabling Role-Based Access Control (RBAC)

?? Assign SOC roles (Admin, Analyst, Responder).

?? Implement least privilege access to secure operations.

?? Common FortiSOAR Troubleshooting Methods

??? Checking System Logs

tail -f /var/log/fortisoar/fortisoar.log

??? Restarting FortiSOAR Services

systemctl restart fortisoar

??? Checking Network Connectivity

netstat -tulnp | grep 443 ping <FortiSOAR-IP>

?? Final Thoughts & Best Practices

?? Follow Fortinet’s recommended deployment guidelines.

?? Automate SOC workflows with pre-built playbooks.

?? Continuously monitor system health via dashboards.

?? Integrate FortiSOAR with FortiSIEM, EDR, and threat intelligence platforms.

#FortiSOAR #SOAR #Automation #ThreatResponse #CyberSecurity #SOC #Fortinet #IncidentResponse ??