Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

FortiGuard

The FortiGuard Distribution Network (FDN) provides FortiGuard services for your FortiDeceptor system. The FDN is a worldwide network of FortiGuard Distribution Servers (FDS), which update the FortiGuard services on your FortiDeceptor system on a regular basis so that your FortiDeceptor system is protected against the latest threats.

The FortiGuard services available on the FortiDeceptor system include:

Service

Description

Antivirus Malware scanning against files that get captured by the decoys.
IDS engines
  • Scanning the traffic between the threat actor and the decoys to detect network attacks
  • Contain the industrial signature pack for the ICS network .
Web filtering engine Databases and look-ups against access from the decoy to the internet.
Anti-Recon and Anti-Exploit Service The Anti-Reconnaissance and Anti-Exploit Service (ARAE) service is available on FortiDeceptor and is responsible for tracking hackers' activities on decoys with real-time alerts. Similar to how FortiSandbox traces malware behavior activities, ARAE will record malicious activities such as files extracted, intrusions activities, planted malware, and web sites visited. ARAEs goal is to Deceive, Expose and Eliminate threats.
To configure FortiGuard updates:
  1. Go to System > FortiGuard.
  2. The following options and information are available:

    Module Name

    The FortiGuard module name, including: AntiVirus Scanner, AntiVirus Extended Signature, AntiVirus Active Signature, AntiVirus Extreme Signature, IDS Engine, IDS Signature, Anti-Reconnaissance & Anti-Exploit Engine.
    All modules automatically install update packages when they are available on the FDN.

    Current Version

    The current version of the module.

    Release Time

    The time that module was released.

    Last Update Time

    The time that module was last updated.

    Last Check Status

    The status of the last update attempt.

    Upload Package File

    Select Browse to locate a package file on the management computer, then select Submit to upload the package file to the FortiDeceptor.

    When the unit has no access to the Fortinet FDN servers, the user can go to the Customer Service and Support site to download package files manually.

    FortiGuard Server Settings

     

    Use override FDN server to download module updates

    Select to enable an override FDN server, or FortiManager, to download module update, then enter the server IP address or FQDN in the text box. When an overridden FDN server is used, FortiGuard Server Location will be disabled.

    Click Connect FDN Now button to schedule an immediate update check. The default port on FDN server is 443 and can be changed to 53 or 8888.

     

    Use Proxy

    Select to use a proxy. Configure the Proxy Type (HTTP Connect, SOCKS v4, or SOCKS v5), Server Name/IP, Port, Proxy Username, and Proxy Password.

    FortiGuard Web Filter Settings

     

    Use override server address for web filtering query

    Select to enable an override server address for web filtering query, then enter the server IP address (IP address or IP address:port) or FQDN in the text box.

    By default, the closest web filtering server according to the unit's time zone is used.

    The default port on FDN server is 443.

     

    Use Proxy

    Select to use a proxy. Configure the Proxy Type (HTTP Connect, SOCKS v4, or SOCKS v5), Server Name/IP, Port, Proxy Username, and Proxy Password.

    VM Image Download Proxy Settings

     

    Use Proxy

    Select to use a proxy. Configure the Proxy Type (HTTP Connect, SOCKS v4, or SOCKS v5), Server Name/IP, Port, Proxy Username, and Proxy Password.

  3. Click Connect FDN Now to connect the override FDN server/proxy.
    • Click Test Connection to test your connection.
    • Click Apply to apply your changes.

FortiGuard

The FortiGuard Distribution Network (FDN) provides FortiGuard services for your FortiDeceptor system. The FDN is a worldwide network of FortiGuard Distribution Servers (FDS), which update the FortiGuard services on your FortiDeceptor system on a regular basis so that your FortiDeceptor system is protected against the latest threats.

The FortiGuard services available on the FortiDeceptor system include:

Service

Description

Antivirus Malware scanning against files that get captured by the decoys.
IDS engines
  • Scanning the traffic between the threat actor and the decoys to detect network attacks
  • Contain the industrial signature pack for the ICS network .
Web filtering engine Databases and look-ups against access from the decoy to the internet.
Anti-Recon and Anti-Exploit Service The Anti-Reconnaissance and Anti-Exploit Service (ARAE) service is available on FortiDeceptor and is responsible for tracking hackers' activities on decoys with real-time alerts. Similar to how FortiSandbox traces malware behavior activities, ARAE will record malicious activities such as files extracted, intrusions activities, planted malware, and web sites visited. ARAEs goal is to Deceive, Expose and Eliminate threats.
To configure FortiGuard updates:
  1. Go to System > FortiGuard.
  2. The following options and information are available:

    Module Name

    The FortiGuard module name, including: AntiVirus Scanner, AntiVirus Extended Signature, AntiVirus Active Signature, AntiVirus Extreme Signature, IDS Engine, IDS Signature, Anti-Reconnaissance & Anti-Exploit Engine.
    All modules automatically install update packages when they are available on the FDN.

    Current Version

    The current version of the module.

    Release Time

    The time that module was released.

    Last Update Time

    The time that module was last updated.

    Last Check Status

    The status of the last update attempt.

    Upload Package File

    Select Browse to locate a package file on the management computer, then select Submit to upload the package file to the FortiDeceptor.

    When the unit has no access to the Fortinet FDN servers, the user can go to the Customer Service and Support site to download package files manually.

    FortiGuard Server Settings

     

    Use override FDN server to download module updates

    Select to enable an override FDN server, or FortiManager, to download module update, then enter the server IP address or FQDN in the text box. When an overridden FDN server is used, FortiGuard Server Location will be disabled.

    Click Connect FDN Now button to schedule an immediate update check. The default port on FDN server is 443 and can be changed to 53 or 8888.

     

    Use Proxy

    Select to use a proxy. Configure the Proxy Type (HTTP Connect, SOCKS v4, or SOCKS v5), Server Name/IP, Port, Proxy Username, and Proxy Password.

    FortiGuard Web Filter Settings

     

    Use override server address for web filtering query

    Select to enable an override server address for web filtering query, then enter the server IP address (IP address or IP address:port) or FQDN in the text box.

    By default, the closest web filtering server according to the unit's time zone is used.

    The default port on FDN server is 443.

     

    Use Proxy

    Select to use a proxy. Configure the Proxy Type (HTTP Connect, SOCKS v4, or SOCKS v5), Server Name/IP, Port, Proxy Username, and Proxy Password.

    VM Image Download Proxy Settings

     

    Use Proxy

    Select to use a proxy. Configure the Proxy Type (HTTP Connect, SOCKS v4, or SOCKS v5), Server Name/IP, Port, Proxy Username, and Proxy Password.

  3. Click Connect FDN Now to connect the override FDN server/proxy.
    • Click Test Connection to test your connection.
    • Click Apply to apply your changes.