Question about Fortinet FortiGate Add-On for Splun...

badr_boukari · ‎08-27-2020

Hello the Team, hope you are Okey!

I have a question about Fortinet FortiGate Add-On for Splunk which is available in splunkbase.com platform : https://splunkbase.splunk.com/app/2846/#/details.

I am deploying a distributed Splunk Enterprise infrastructure with a Heavy Forwarder, Indexer and Search Head. I don’t know exactly in which instance I should install the add-on?

Is it in the search Head? Should I add data input on Heavy Forwarder Instance? I didn’t really find a clear procedure for the installation and the configuration.

I have to implement a BOSS Of The SoC environment (so the datasets are already available on GitHub web site)

Thanks, In advance.

Waiting for your response,

Imad · ‎01-16-2023

My setup:

Search Head Cluster with Deployer

Indexer Cluster with Cluster Manager

Fortigate Add-on: Installed on Fortigate Search Head Cluster AND Fortigate Indexer Cluster. So the Add-on needs to go on both SH cluster and Indexer cluster.

Fortigate App: Installed only on the Search Head Cluster.

Hope this helps.

Question about Fortinet FortiGate Add-On for Splunk in splunkbase.com platform?

add-on

heavy forwarder

indexer

search head

Introducing the Splunk Community Dashboard Challenge!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...