Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiDeceptor 3.2.1 Administration Guide
    3.2.1
    6.0.1
    6.0.0
    5.3.2
    5.3.1
    5.3.0
    5.2.0
    5.1.0
    5.0.0
    4.3.0
    4.2.0
    4.1.1
    4.1.0
    4.0.2
    4.0.1
    4.0.0
    3.3.3
    3.3.2
    3.3.1
    3.3.0
    3.2.2
    3.2.1
    3.2.0
    3.1.1
    3.1.0
    3.0.2
    3.0.1
    3.0.0
    2.1.0
    2.0.0
    1.1.0
    1.0.1

    Deploy Decoy VMs with the Deployment Wizard

    Deploy Decoy VMs with the Deployment Wizard

    Use the Deception > Deployment Wizard page to create and deploy Decoy VMs on your network. Decoy VMs appear as real endpoints to hackers and can collect valuable information about attacks.

    To deploy Decoys on the network:
    1. Go to Deception > Deployment Wizard.
    2. Click + to add a Decoy VM.
    3. Configure the following:

      Name

      Specify the name of the deployment profile. Maximum 15 characters using A‑Z, a-z, 0-9, dash, or underscore. No duplicate profile names.

      Available Deception OSes

      Select a Deception OS. The OS you select determines the services that are available.

      Selected Services

      Displays the services available for the Deception OS you selected.

      Services for Windows include RDP, SMB, and TCPLISTENER.

      Services for SCADA include HTTP, FTP, TFTP, SNMP, MODBUS, S7COMM, BACNET, IPMI, TRICONEX, GUARDIAN-AST, and IEC104.

      Services for ubuntu include SSH, SAMBA, and TCPLISTENER.

      Automate Lures

      Select one or more tag names to automate lure generation and to generate related contents. Selecting any and all generate random content.

      Click Generate Lures to automatically generate lures and list them in the panes below.

      Click Clear to delete the lures on this page.
    4. If applicable, click Add Lure for the service and configure the following:

      Username

      Specify the username for the decoy. Maximum 19 characters using A-Z, a-z, or 0-9.

      Do not set the username of the lures to be the same as existing usernames in the decoy, such as administrator for RDP/SMB services on Windows, or root for SSH/SAMBA services on Linux.

      Password

      Specify the password for the decoy in 1-14 non-unicode characters.

      Sharename

      This option is only available for SAMBA (Ubuntu) or SMB (Windows). Specify a Sharename in 3-63 characters using A-Z, a-z, or 0-9.

      Update or Cancel

      Click Update to save the username and password. Click Cancel to discard the username and password. Click Delete to delete an existing lure.
    5. To launch the decoy VM immediately, enable Launch Immediately.
    6. To reset the decoy VM after it detects incidents, enable Reset Decoy and specify the Reset Interval value in seconds.
    7. Click Next.
    8. Specify the DNS and Hostname. The Hostname can start with an English character or a digit, and must not end with a hyphen. Maximum 15 characters using A-Z, a-z, 0-9, or hyphen (case-sensitive). Other symbols, punctuation, or white space are not allowed. The Hostname cannot conflict with decoy names.
    9. Click Add Interface.
    10. Select the Deploy Interface. Set this to the VLAN or subnet added in Set up the Deployment Network
    11. Configure the following settings in the Add Interface for Decoy pane:

      Addressing Mode

      Select Static or DHCP.

      Static allows you to configure the IP address for all the decoys.

      DHCP allows the decoys to receive IP address from the DHCP server. If you select DHCP, IP Count is automatically set to 1 and all other fields are not applicable.

      Network Mask

      This field is set automatically.

      Gateway

      Specify the gateway.

      IP Count

      Specify the number of IP addresses to be assigned, up to 16.

      If Addressing Mode is DHCP, IP Count is automatically set to 1.

      Min

      The minimum IP address in the IP range.

      Max

      The maximum IP address in the IP range.

      IP Ranges

      Specify the IP range between Min and Max.
    12. Click Done.
    13. To deploy the decoys on the network, click Deploy.
    14. To save this as a template in Deception > Deployment Wizard, click Template.
    Previous
    Next

    Deploy Decoy VMs with the Deployment Wizard

    Deploy Decoy VMs with the Deployment Wizard

    Use the Deception > Deployment Wizard page to create and deploy Decoy VMs on your network. Decoy VMs appear as real endpoints to hackers and can collect valuable information about attacks.

    To deploy Decoys on the network:
    1. Go to Deception > Deployment Wizard.
    2. Click + to add a Decoy VM.
    3. Configure the following:

      Name

      Specify the name of the deployment profile. Maximum 15 characters using A‑Z, a-z, 0-9, dash, or underscore. No duplicate profile names.

      Available Deception OSes

      Select a Deception OS. The OS you select determines the services that are available.

      Selected Services

      Displays the services available for the Deception OS you selected.

      Services for Windows include RDP, SMB, and TCPLISTENER.

      Services for SCADA include HTTP, FTP, TFTP, SNMP, MODBUS, S7COMM, BACNET, IPMI, TRICONEX, GUARDIAN-AST, and IEC104.

      Services for ubuntu include SSH, SAMBA, and TCPLISTENER.

      Automate Lures

      Select one or more tag names to automate lure generation and to generate related contents. Selecting any and all generate random content.

      Click Generate Lures to automatically generate lures and list them in the panes below.

      Click Clear to delete the lures on this page.
    4. If applicable, click Add Lure for the service and configure the following:

      Username

      Specify the username for the decoy. Maximum 19 characters using A-Z, a-z, or 0-9.

      Do not set the username of the lures to be the same as existing usernames in the decoy, such as administrator for RDP/SMB services on Windows, or root for SSH/SAMBA services on Linux.

      Password

      Specify the password for the decoy in 1-14 non-unicode characters.

      Sharename

      This option is only available for SAMBA (Ubuntu) or SMB (Windows). Specify a Sharename in 3-63 characters using A-Z, a-z, or 0-9.

      Update or Cancel

      Click Update to save the username and password. Click Cancel to discard the username and password. Click Delete to delete an existing lure.
    5. To launch the decoy VM immediately, enable Launch Immediately.
    6. To reset the decoy VM after it detects incidents, enable Reset Decoy and specify the Reset Interval value in seconds.
    7. Click Next.
    8. Specify the DNS and Hostname. The Hostname can start with an English character or a digit, and must not end with a hyphen. Maximum 15 characters using A-Z, a-z, 0-9, or hyphen (case-sensitive). Other symbols, punctuation, or white space are not allowed. The Hostname cannot conflict with decoy names.
    9. Click Add Interface.
    10. Select the Deploy Interface. Set this to the VLAN or subnet added in Set up the Deployment Network
    11. Configure the following settings in the Add Interface for Decoy pane:

      Addressing Mode

      Select Static or DHCP.

      Static allows you to configure the IP address for all the decoys.

      DHCP allows the decoys to receive IP address from the DHCP server. If you select DHCP, IP Count is automatically set to 1 and all other fields are not applicable.

      Network Mask

      This field is set automatically.

      Gateway

      Specify the gateway.

      IP Count

      Specify the number of IP addresses to be assigned, up to 16.

      If Addressing Mode is DHCP, IP Count is automatically set to 1.

      Min

      The minimum IP address in the IP range.

      Max

      The maximum IP address in the IP range.

      IP Ranges

      Specify the IP range between Min and Max.
    12. Click Done.
    13. To deploy the decoys on the network, click Deploy.
    14. To save this as a template in Deception > Deployment Wizard, click Template.
    Previous
    Next