Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiDeceptor 4.2.0 Administration Guide
    4.2.0
    6.0.1
    6.0.0
    5.3.2
    5.3.1
    5.3.0
    5.2.0
    5.1.0
    5.0.0
    4.3.0
    4.2.0
    4.1.1
    4.1.0
    4.0.2
    4.0.1
    4.0.0
    3.3.3
    3.3.2
    3.3.1
    3.3.0
    3.2.2
    3.2.1
    3.2.0
    3.1.1
    3.1.0
    3.0.2
    3.0.1
    3.0.0
    2.1.0
    2.0.0
    1.1.0
    1.0.1

    FortiGuard

    FortiGuard

    The FortiGuard Distribution Network (FDN) provides FortiGuard services for your FortiDeceptor system. The FDN is a worldwide network of FortiGuard Distribution Servers (FDS), which update the FortiGuard services on your FortiDeceptor system on a regular basis so that your FortiDeceptor system is protected against the latest threats.

    The FortiGuard services available on the FortiDeceptor system include:

    Service

    Description
    Antivirus Malware scanning against files that get captured by the decoys.
    IDS engines
    • Scanning the traffic between the threat actor and the decoys to detect network attacks
    • Contain the industrial signature pack for the ICS network .
    Web filtering engine Databases and look-ups against access from the decoy to the internet.
    Anti-Recon and Anti-Exploit Service The Anti-Reconnaissance and Anti-Exploit Service (ARAE) service is available on FortiDeceptor and is responsible for tracking hackers' activities on decoys with real-time alerts. Similar to how FortiSandbox traces malware behavior activities, ARAE will record malicious activities such as files extracted, intrusions activities, planted malware, and web sites visited. ARAEs goal is to Deceive, Expose and Eliminate threats.
    To configure FortiGuard updates:
    1. Go to System > FortiGuard.
    2. The following options and information are available:

      Module Name

      The FortiGuard module name, including: AntiVirus Scanner, AntiVirus Extended Signature, AntiVirus Active Signature, AntiVirus Extreme Signature, IDS Engine, IDS Signature, Anti-Reconnaissance & Anti-Exploit Engine.
      All modules automatically install update packages when they are available on the FDN.

      Current Version

      The current version of the module.

      Release Time

      The time that module was released.

      Last Update Time

      The time that module was last updated.

      Last Check Status

      The status of the last update attempt.

      Upload Package File

      Select Browse to locate a package file on the management computer, then select Submit to upload the package file to the FortiDeceptor.

      When the unit has no access to the Fortinet FDN servers, the user can go to the Customer Service and Support site to download package files manually.

      FortiGuard Server Settings

      Use override FDN server to download module updates

      Select to enable an override FDN server, or FortiManager, to download module update, then enter the server IP address or FQDN in the text box. When an overridden FDN server is used, FortiGuard Server Location will be disabled.

      Click Connect FDN Now button to schedule an immediate update check. The default port on FDN server is 443 and can be changed to 53 or 8888.

      Use Proxy

      Select to use a proxy. Configure the Proxy Type (HTTP Connect, SOCKS v4, or SOCKS v5), Server Name/IP, Port, Proxy Username, and Proxy Password.

      FortiGuard Web Filter Settings

      Use override server address for web filtering query

      Select to enable an override server address for web filtering query, then enter the server IP address (IP address or IP address:port) or FQDN in the text box.

      By default, the closest web filtering server according to the unit's time zone is used.

      The default port on FDN server is 443.

      Use Proxy

      Select to use a proxy. Configure the Proxy Type (HTTP Connect, SOCKS v4, or SOCKS v5), Server Name/IP, Port, Proxy Username, and Proxy Password.

      VM Image Download Proxy Settings

      Use Proxy

      Select to use a proxy. Configure the Proxy Type (HTTP Connect, SOCKS v4, or SOCKS v5), Server Name/IP, Port, Proxy Username, and Proxy Password.

    3. Click Connect FDN Now to connect the override FDN server/proxy.
      • Click Test Connection to test your connection.
      • Click Apply to apply your changes.
    Previous
    Next

    FortiGuard

    FortiGuard

    The FortiGuard Distribution Network (FDN) provides FortiGuard services for your FortiDeceptor system. The FDN is a worldwide network of FortiGuard Distribution Servers (FDS), which update the FortiGuard services on your FortiDeceptor system on a regular basis so that your FortiDeceptor system is protected against the latest threats.

    The FortiGuard services available on the FortiDeceptor system include:

    Service

    Description
    Antivirus Malware scanning against files that get captured by the decoys.
    IDS engines
    • Scanning the traffic between the threat actor and the decoys to detect network attacks
    • Contain the industrial signature pack for the ICS network .
    Web filtering engine Databases and look-ups against access from the decoy to the internet.
    Anti-Recon and Anti-Exploit Service The Anti-Reconnaissance and Anti-Exploit Service (ARAE) service is available on FortiDeceptor and is responsible for tracking hackers' activities on decoys with real-time alerts. Similar to how FortiSandbox traces malware behavior activities, ARAE will record malicious activities such as files extracted, intrusions activities, planted malware, and web sites visited. ARAEs goal is to Deceive, Expose and Eliminate threats.
    To configure FortiGuard updates:
    1. Go to System > FortiGuard.
    2. The following options and information are available:

      Module Name

      The FortiGuard module name, including: AntiVirus Scanner, AntiVirus Extended Signature, AntiVirus Active Signature, AntiVirus Extreme Signature, IDS Engine, IDS Signature, Anti-Reconnaissance & Anti-Exploit Engine.
      All modules automatically install update packages when they are available on the FDN.

      Current Version

      The current version of the module.

      Release Time

      The time that module was released.

      Last Update Time

      The time that module was last updated.

      Last Check Status

      The status of the last update attempt.

      Upload Package File

      Select Browse to locate a package file on the management computer, then select Submit to upload the package file to the FortiDeceptor.

      When the unit has no access to the Fortinet FDN servers, the user can go to the Customer Service and Support site to download package files manually.

      FortiGuard Server Settings

      Use override FDN server to download module updates

      Select to enable an override FDN server, or FortiManager, to download module update, then enter the server IP address or FQDN in the text box. When an overridden FDN server is used, FortiGuard Server Location will be disabled.

      Click Connect FDN Now button to schedule an immediate update check. The default port on FDN server is 443 and can be changed to 53 or 8888.

      Use Proxy

      Select to use a proxy. Configure the Proxy Type (HTTP Connect, SOCKS v4, or SOCKS v5), Server Name/IP, Port, Proxy Username, and Proxy Password.

      FortiGuard Web Filter Settings

      Use override server address for web filtering query

      Select to enable an override server address for web filtering query, then enter the server IP address (IP address or IP address:port) or FQDN in the text box.

      By default, the closest web filtering server according to the unit's time zone is used.

      The default port on FDN server is 443.

      Use Proxy

      Select to use a proxy. Configure the Proxy Type (HTTP Connect, SOCKS v4, or SOCKS v5), Server Name/IP, Port, Proxy Username, and Proxy Password.

      VM Image Download Proxy Settings

      Use Proxy

      Select to use a proxy. Configure the Proxy Type (HTTP Connect, SOCKS v4, or SOCKS v5), Server Name/IP, Port, Proxy Username, and Proxy Password.

    3. Click Connect FDN Now to connect the override FDN server/proxy.
      • Click Test Connection to test your connection.
      • Click Apply to apply your changes.
    Previous
    Next