Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

Central Management

The Central Management console lets you manage remote FortiDeceptor appliances including Decoy VMs deployment, system configuration, and incident alert monitoring.

You can configure a FortiDeceptor hardware or VM appliance to be manager or client (remote appliance). The FortiDeceptor manager or client is a configuration setting for the same FortiDeceptor appliance and software.

The FortiDeceptor manager has deception capabilities. You can use it to deploy deception (decoy and lures) in its network environment.

When a central manager manages a remote client, the remote client admin GUI tree menu is limited to Network, System, and Log. Configure trusted hosts in System > Administrators to avoid any remote client access outside the management or other trusted IP addresses.

Most admin GUI menu items update to reflect manager and remote client. When you deploy decoy or network, select local or remote client name. Use the local configuration to deploy decoys and lures from the manager appliance.

Before configuring FortiDeceptor as a client, do a factory reset and basic network configuration to avoid data incompatibility between manager and client. For more information on manager and client configuration, see the CLI Reference.

To configure Central Management on the manager:

This example configures the following topology scenario:

  • 1 Central Manager with IP address 172.16.130.12
  • 1 remote appliance (client) with IP address 172.16.130.13
  1. On the manager side, use this CLI command:

    cm -sc -mM -nManager -a1234567890

  2. On the client side, use this CLI command:

    cm –sc –mC –nAppliance1 –a1234567890 -i172.16.130.12

  3. In the FortiDeceptor manager GUI, go to Central Management > Appliances.

    In the manager, the remote client (appliance) shows its Status as On-Hold, that is, waiting for approval.

  4. Use the buttons in the Central Management Appliances pane to manage clients (remote appliances).

    Button

    Description

    Approve

    Allow the selected clients to participate in Central Management.

    Hold

    Pause the selected clients’ participation in Central Management.

    Delete

    Pause the selected clients and then permanently delete related data in the manager’s local database, including OS, network settings, decoys, and lures.

    This action does not delete or change any data in clients; and this action does not delete or change incident and campaign data generated in the past.

    Refresh

    Force re-sync all data between manager and selected clients.

    Restart

    Send signal to selected clients to reboot.

  5. Select the appliance and click Approve.

    When the client is approved, its The Status changes to Approved.

To configure Central Management on the client:
  1. In the FortiDeceptor client GUI, go to Central Management > Appliances.

  2. In the Action column, click Edit.
  3. Use the tabs to configure the client (remote appliance) from the Central Manager console.

    Firmware

    Push FortiDeceptor firmware updates and upgrades to the remote client. Synchronization can be immediate or scheduled.

    Deception OS

    Push deception VM images from the manager to the remote client. Synchronization can be immediate or scheduled.

    Interfaces

    Configure the remote client network interfaces.

    Routing

    Configure the remote client network routing table.

    DNS

    Configure the remote client DNS configuration.

    FortiGuard

    Configure the remote client FortiGuard configuration.

  4. Click the Deception OS tab to view deception OS details.

    The deception OS table is a hybrid list that shows:

    • OS initialized on client.
    • OS initialized on manager but not yet on client.

    Status

    Current status of deception OS image on client.

    Name

    Name of deception OS.

    OS Type

    Type of this deception OS.

    VM Type

    Category of this deception OS.

    Lures

    Lure services can be provided by this deception OS.

  5. For an OS initialized on manager but not yet on client, you can select to synchronize immediately or set a date and time for synchronization.

To remove a client from Central Management:
  1. On the client (remote appliance), run this CLI command:

    cm -sc -mN

    After a client leaves Central Management, its status on the manager changes to Wait.

  2. On the manager, select that client and click Delete.
To remove the manager from Central Management:
  1. On the manager, run this CLI command:

    cm -sc -mN

Central Management

The Central Management console lets you manage remote FortiDeceptor appliances including Decoy VMs deployment, system configuration, and incident alert monitoring.

You can configure a FortiDeceptor hardware or VM appliance to be manager or client (remote appliance). The FortiDeceptor manager or client is a configuration setting for the same FortiDeceptor appliance and software.

The FortiDeceptor manager has deception capabilities. You can use it to deploy deception (decoy and lures) in its network environment.

When a central manager manages a remote client, the remote client admin GUI tree menu is limited to Network, System, and Log. Configure trusted hosts in System > Administrators to avoid any remote client access outside the management or other trusted IP addresses.

Most admin GUI menu items update to reflect manager and remote client. When you deploy decoy or network, select local or remote client name. Use the local configuration to deploy decoys and lures from the manager appliance.

Before configuring FortiDeceptor as a client, do a factory reset and basic network configuration to avoid data incompatibility between manager and client. For more information on manager and client configuration, see the CLI Reference.

To configure Central Management on the manager:

This example configures the following topology scenario:

  • 1 Central Manager with IP address 172.16.130.12
  • 1 remote appliance (client) with IP address 172.16.130.13
  1. On the manager side, use this CLI command:

    cm -sc -mM -nManager -a1234567890

  2. On the client side, use this CLI command:

    cm –sc –mC –nAppliance1 –a1234567890 -i172.16.130.12

  3. In the FortiDeceptor manager GUI, go to Central Management > Appliances.

    In the manager, the remote client (appliance) shows its Status as On-Hold, that is, waiting for approval.

  4. Use the buttons in the Central Management Appliances pane to manage clients (remote appliances).

    Button

    Description

    Approve

    Allow the selected clients to participate in Central Management.

    Hold

    Pause the selected clients’ participation in Central Management.

    Delete

    Pause the selected clients and then permanently delete related data in the manager’s local database, including OS, network settings, decoys, and lures.

    This action does not delete or change any data in clients; and this action does not delete or change incident and campaign data generated in the past.

    Refresh

    Force re-sync all data between manager and selected clients.

    Restart

    Send signal to selected clients to reboot.

  5. Select the appliance and click Approve.

    When the client is approved, its The Status changes to Approved.

To configure Central Management on the client:
  1. In the FortiDeceptor client GUI, go to Central Management > Appliances.

  2. In the Action column, click Edit.
  3. Use the tabs to configure the client (remote appliance) from the Central Manager console.

    Firmware

    Push FortiDeceptor firmware updates and upgrades to the remote client. Synchronization can be immediate or scheduled.

    Deception OS

    Push deception VM images from the manager to the remote client. Synchronization can be immediate or scheduled.

    Interfaces

    Configure the remote client network interfaces.

    Routing

    Configure the remote client network routing table.

    DNS

    Configure the remote client DNS configuration.

    FortiGuard

    Configure the remote client FortiGuard configuration.

  4. Click the Deception OS tab to view deception OS details.

    The deception OS table is a hybrid list that shows:

    • OS initialized on client.
    • OS initialized on manager but not yet on client.

    Status

    Current status of deception OS image on client.

    Name

    Name of deception OS.

    OS Type

    Type of this deception OS.

    VM Type

    Category of this deception OS.

    Lures

    Lure services can be provided by this deception OS.

  5. For an OS initialized on manager but not yet on client, you can select to synchronize immediately or set a date and time for synchronization.

To remove a client from Central Management:
  1. On the client (remote appliance), run this CLI command:

    cm -sc -mN

    After a client leaves Central Management, its status on the manager changes to Wait.

  2. On the manager, select that client and click Delete.
To remove the manager from Central Management:
  1. On the manager, run this CLI command:

    cm -sc -mN