Fortinet black logo

Deploy Decoy VMs with the Deployment Wizard

Copy Link
Copy Doc ID 7231d54a-211f-11ea-9384-00505692583a:699147
Download PDF

Deploy Decoy VMs with the Deployment Wizard

Use the Deployment Wizard to create and deploy Decoy VMs on your network. Decoy VMs appear as real endpoints to hackers and can collect valuable information about attacks.

To deploy Decoys on the network:
  1. Go to Deception > Deployment Wizard.
  2. Click + to add a Decoy VM.
  3. Configure the following:

    Name

    Specify the name of the deployment profile. Maximum 15 characters using A-Z, a-z, 0-9, dash, or underscore. No duplicate profile names.

    Available Deception OSes

    Select a Deception OS.

    Selected Services

    Displays the selected services. You cannot edit this field.

  4. For an Ubuntu VM, turn on SSH or SAMBA.

    For Windows, turn on RDP or SMB.

    For SCADA, turn on HTTP, FTP, TFTP, SNMP, MODBUS, S7COMM, BACNET, IPMI, TRICONEX, GUARDIAN-AST, or IEC104.

  5. Click Add Lure for the service and configure the following:

    Username

    Specify the username for the decoy. Maximum 19 characters using A-Z, a-z, or 0-9.

    Do not set the username of the lures to be the same as existing usernames in the decoy, such as administrator for RDP/SMB services on Windows, or root for SSH/SAMBA services on Linux.

    Password

    Specify the password for the decoy in 1-14 non-unicode characters.

    Sharename

    This option is only available for SAMBA (Ubuntu) or SMB (Windows). Specify a Sharename in 3-63 characters using A-Z, a-z, or 0-9.

    Update or Cancel

    Click Update to save the username and password. Click Cancel to discard the username and password. Click Delete to delete an existing lure.

  6. To launch the decoy VM immediately, enable Launch Immediately.
  7. To reset the decoy VM after it detects incidents, enable Reset Decoy and specify the Reset Interval value in seconds.
  8. Click Next.
  9. The Hostname can start with an English character or a digit, and must not end with a hyphen. Maximum 15 characters using A-Z, a-z, 0-9, or hyphen (case-sensitive). Other symbols, punctuation, or white space are not allowed. The Hostname cannot conflict with decoy names.
  10. Click Add Interface.
  11. In the Add Interface for Decoy pane, select the Deploy Interface. Set this to the VLAN or subnet added in Set up the Deployment Network
  12. Configure the following settings in the Add Interface for Decoy pane:

    Addressing Mode

    Select Static or DHCP.

    Static allows you to configure the IP address for all the decoys.

    DHCP allows the decoys to receive IP address from the DHCP server. If you select DHCP, IP Count is automatically set to 1 and all other fields are not applicable.

    Network Mask

    This field is set automatically.

    Gateway

    Specify the gateway.

    IP Count

    Specify the number of IP addresses to be assigned, up to 16.

    If Addressing Mode is DHCP, IP Count is automatically set to 1.

    Min

    The minimum IP address in the IP range.

    Max

    The maximum IP address in the IP range.

    IP Ranges

    Specify the IP range between Min and Max.
  13. Click Done.
  14. To deploy the decoys on the network, click Deploy.
  15. To save this as a template in Deception > Deployment Wizard, click Template.

Deploy Decoy VMs with the Deployment Wizard

Use the Deployment Wizard to create and deploy Decoy VMs on your network. Decoy VMs appear as real endpoints to hackers and can collect valuable information about attacks.

To deploy Decoys on the network:
  1. Go to Deception > Deployment Wizard.
  2. Click + to add a Decoy VM.
  3. Configure the following:

    Name

    Specify the name of the deployment profile. Maximum 15 characters using A-Z, a-z, 0-9, dash, or underscore. No duplicate profile names.

    Available Deception OSes

    Select a Deception OS.

    Selected Services

    Displays the selected services. You cannot edit this field.

  4. For an Ubuntu VM, turn on SSH or SAMBA.

    For Windows, turn on RDP or SMB.

    For SCADA, turn on HTTP, FTP, TFTP, SNMP, MODBUS, S7COMM, BACNET, IPMI, TRICONEX, GUARDIAN-AST, or IEC104.

  5. Click Add Lure for the service and configure the following:

    Username

    Specify the username for the decoy. Maximum 19 characters using A-Z, a-z, or 0-9.

    Do not set the username of the lures to be the same as existing usernames in the decoy, such as administrator for RDP/SMB services on Windows, or root for SSH/SAMBA services on Linux.

    Password

    Specify the password for the decoy in 1-14 non-unicode characters.

    Sharename

    This option is only available for SAMBA (Ubuntu) or SMB (Windows). Specify a Sharename in 3-63 characters using A-Z, a-z, or 0-9.

    Update or Cancel

    Click Update to save the username and password. Click Cancel to discard the username and password. Click Delete to delete an existing lure.

  6. To launch the decoy VM immediately, enable Launch Immediately.
  7. To reset the decoy VM after it detects incidents, enable Reset Decoy and specify the Reset Interval value in seconds.
  8. Click Next.
  9. The Hostname can start with an English character or a digit, and must not end with a hyphen. Maximum 15 characters using A-Z, a-z, 0-9, or hyphen (case-sensitive). Other symbols, punctuation, or white space are not allowed. The Hostname cannot conflict with decoy names.
  10. Click Add Interface.
  11. In the Add Interface for Decoy pane, select the Deploy Interface. Set this to the VLAN or subnet added in Set up the Deployment Network
  12. Configure the following settings in the Add Interface for Decoy pane:

    Addressing Mode

    Select Static or DHCP.

    Static allows you to configure the IP address for all the decoys.

    DHCP allows the decoys to receive IP address from the DHCP server. If you select DHCP, IP Count is automatically set to 1 and all other fields are not applicable.

    Network Mask

    This field is set automatically.

    Gateway

    Specify the gateway.

    IP Count

    Specify the number of IP addresses to be assigned, up to 16.

    If Addressing Mode is DHCP, IP Count is automatically set to 1.

    Min

    The minimum IP address in the IP range.

    Max

    The maximum IP address in the IP range.

    IP Ranges

    Specify the IP range between Min and Max.
  13. Click Done.
  14. To deploy the decoys on the network, click Deploy.
  15. To save this as a template in Deception > Deployment Wizard, click Template.