Fortinet black logo

Administration Guide

Applying the license in an offline or air-gapped network

Copy Link
Copy Doc ID 5e5f427d-b811-11eb-92d0-00505692583a:149435
Download PDF

Applying the license in an offline or air-gapped network

This topic shows how to apply for a FortiDeceptor license in an offline or air-gapped network.

To download the FortiDeceptor license file from the Fortinet support site:
  1. Log into Customer Service and Support.
  2. Go to Asset > Information > License & Key.
  3. In the Available Key(s) section, click Get The License File and save it to the local disk.

To upload the license file to FortiDeceptor:
  1. Log into FortiDeceptor.
  2. Configure the management IP address on port1.
  3. In the Dashboard System Information widget, click Upload License beside Firmware License.

  4. Locate the license and click Submit.

FortiDeceptor extracts the serial number, IP addresses, decoy keys, expiry date; and then performs the following verifications.

  • Verify the expiration time of the license.
  • Verify that the embedded management IP address is the same as the current management IP address.
  • Verify the expiration time of the decoys keys if the keys are subscription type.

If all the verifications pass, the unit is ready to import deception images.

Note
  • FortiDeceptor decoy WCF lookup (any URLs visiting from decoys) are notcategorized.
    • You can use FortiManager to resolve this. Because FortiDeceptor supports override FDS server, you can enter the FortiManaager IP address there.
  • Subscription-based decoys, that is, SSL VPN Windows customization, is in the *.lic file from the support site, which you can run offline.
  • FortiDeceptor Custom Decoy Subscription Service includes:
    • FC-10-FDCVM-292-02-DD (for VM).
    • FC-10-FDC1K-292-02-DD (for HW).

Applying the license in an offline or air-gapped network

This topic shows how to apply for a FortiDeceptor license in an offline or air-gapped network.

To download the FortiDeceptor license file from the Fortinet support site:
  1. Log into Customer Service and Support.
  2. Go to Asset > Information > License & Key.
  3. In the Available Key(s) section, click Get The License File and save it to the local disk.

To upload the license file to FortiDeceptor:
  1. Log into FortiDeceptor.
  2. Configure the management IP address on port1.
  3. In the Dashboard System Information widget, click Upload License beside Firmware License.

  4. Locate the license and click Submit.

FortiDeceptor extracts the serial number, IP addresses, decoy keys, expiry date; and then performs the following verifications.

  • Verify the expiration time of the license.
  • Verify that the embedded management IP address is the same as the current management IP address.
  • Verify the expiration time of the decoys keys if the keys are subscription type.

If all the verifications pass, the unit is ready to import deception images.

Note
  • FortiDeceptor decoy WCF lookup (any URLs visiting from decoys) are notcategorized.
    • You can use FortiManager to resolve this. Because FortiDeceptor supports override FDS server, you can enter the FortiManaager IP address there.
  • Subscription-based decoys, that is, SSL VPN Windows customization, is in the *.lic file from the support site, which you can run offline.
  • FortiDeceptor Custom Decoy Subscription Service includes:
    • FC-10-FDCVM-292-02-DD (for VM).
    • FC-10-FDC1K-292-02-DD (for HW).