Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

Central Management

Central Management allows you to manage remote FortiDeceptor appliances including Decoy VM deployments, system configuration, and incident alert monitoring.

You can configure a FortiDeceptor hardware or VM appliance to be a Management Device or Remote Client. The Management Device has deception capabilities. You can use the Management Device to deploy decoys and lures to the Remote Clients on the network.

Network communication requirements:

Communication between:

From:

Management device and regular client appliance Client to manager port1 IP and 8443 port
Management device and cloud client appliance

Management device to cloud client port1 public IP and 8443 port

Use the buttons in the Central Management Appliances pane to manage Remote Clients.

Button

Description

Approve

Allow the selected clients to participate in Central Management.

Hold

Pause the selected clients’ participation in Central Management.

Delete

Pause the selected clients and then permanently delete related data in the Manage Device's local database, including OS, network settings, decoys, and lures.

This action does not:

  • Delete or change any data in the Remote Client.
  • Change incident and campaign data generated in the past.

Refresh

Force re-sync all data between manager and selected clients.

Restart

Send signal to selected clients to reboot.

Remote Client

When a FortiDeceptor is managed as a Remote Client the navigation pane will only displays the Network, System and Log modules.

To prevent access to a Remote Client outside the Central Management or other trusted IP addresses, go to System > Administrators. See Administrators.

When the Remote Client is a cloud device, configure the trusted host with the Management Device's IP to ensure only the Management Device can access itself.

On the Management Device, configure the trusted host with regular client IPs to ensure regular clients can access Management Device.

When you deploy a decoy or network, select the local or Remote Client name. Use the local configuration to deploy decoys and lures from the Management Device.

Configuring Central Management

To configure Central Management :
  1. Enable Central Management on the Management Device.
  2. Enable Central Management the Remote Client.
  3. Approve the Remote Client on the Management Device.
  4. Configure the Remote Client with the Management Device.

The tasks below are based on the following topology:

To enable Central Management on the Management Device:

cm -sc -mM -nManager -a<password>

Example:

cm -sc -mM -nManager -a1234567890

To enable Central Management on the Remote Client:
Note

Before configuring FortiDeceptor as a Remote Client, perform a factory reset and basic network configuration to avoid data incompatibility between the Management Device and Remote Client. For more information on manager and client configuration, see the CLI Reference.

cm –sc –mC –nAppliance1 –a<password> -i<manager_ip_address>

Example:

cm –sc –mC –nAppliance1 –a1234567890 -i172.16.130.12

To approve a Remote Client with the Management Device:
  1. On the Management Device, go to Central Management > Appliances. The Approval Status for the Remote Client will display On-Hold.

  2. Select the appliance and click Approve. The Approval Status changes to Approved.

To configure the Remote Client with the Management Device:
  1. On the Management Device, go to Central Management > Appliances.
  2. In the Action column, click the Config icon . The Appliance - <name> page displays the following tabs.

    Firmware

    Push FortiDeceptor firmware updates and upgrades to the Remote Client. Synchronization can be immediate or scheduled.

    Deception OS

    Push deception VM images from the Management Device to the Remote Client. Synchronization can be immediate or scheduled.

    Status

    Current status of deception OS image.

    Name

    Name of deception OS.

    OS Type

    Type of this deception OS.

    VM Type

    Category of this deception OS.

    Lures

    Lure services can be provided by this deception OS.

    Interfaces

    Configure the Remote Client network interfaces.

    Routing

    Configure the Remote Client network routing table.

    DNS

    Configure the Remote Client DNS configuration.

    FortiGuard

    Configure the Remote Client FortiGuard configuration.

  3. To synchronize the firmware, click the Firmware tab and select one of the following options and then click Apply:

    Synchronize firmware image from manager now Click to synchronize the firmware immediately.
    Synchronize firmware image from manager at Click to schedule the synchronization.

To remove a client from Central Management:
  1. On the Remote Client, run the following CLI command:

    cm -sc -mN

    After a client leaves Central Management, its status on the manager changes to Wait.

  2. On the Management Device, select that client and click Delete.
To remove the Management Device from Central Management:
  1. On the Management Device, run the following CLI command:

    cm -sc -mN

Central Management

Central Management allows you to manage remote FortiDeceptor appliances including Decoy VM deployments, system configuration, and incident alert monitoring.

You can configure a FortiDeceptor hardware or VM appliance to be a Management Device or Remote Client. The Management Device has deception capabilities. You can use the Management Device to deploy decoys and lures to the Remote Clients on the network.

Network communication requirements:

Communication between:

From:

Management device and regular client appliance Client to manager port1 IP and 8443 port
Management device and cloud client appliance

Management device to cloud client port1 public IP and 8443 port

Use the buttons in the Central Management Appliances pane to manage Remote Clients.

Button

Description

Approve

Allow the selected clients to participate in Central Management.

Hold

Pause the selected clients’ participation in Central Management.

Delete

Pause the selected clients and then permanently delete related data in the Manage Device's local database, including OS, network settings, decoys, and lures.

This action does not:

  • Delete or change any data in the Remote Client.
  • Change incident and campaign data generated in the past.

Refresh

Force re-sync all data between manager and selected clients.

Restart

Send signal to selected clients to reboot.

Remote Client

When a FortiDeceptor is managed as a Remote Client the navigation pane will only displays the Network, System and Log modules.

To prevent access to a Remote Client outside the Central Management or other trusted IP addresses, go to System > Administrators. See Administrators.

When the Remote Client is a cloud device, configure the trusted host with the Management Device's IP to ensure only the Management Device can access itself.

On the Management Device, configure the trusted host with regular client IPs to ensure regular clients can access Management Device.

When you deploy a decoy or network, select the local or Remote Client name. Use the local configuration to deploy decoys and lures from the Management Device.

Configuring Central Management

To configure Central Management :
  1. Enable Central Management on the Management Device.
  2. Enable Central Management the Remote Client.
  3. Approve the Remote Client on the Management Device.
  4. Configure the Remote Client with the Management Device.

The tasks below are based on the following topology:

To enable Central Management on the Management Device:

cm -sc -mM -nManager -a<password>

Example:

cm -sc -mM -nManager -a1234567890

To enable Central Management on the Remote Client:
Note

Before configuring FortiDeceptor as a Remote Client, perform a factory reset and basic network configuration to avoid data incompatibility between the Management Device and Remote Client. For more information on manager and client configuration, see the CLI Reference.

cm –sc –mC –nAppliance1 –a<password> -i<manager_ip_address>

Example:

cm –sc –mC –nAppliance1 –a1234567890 -i172.16.130.12

To approve a Remote Client with the Management Device:
  1. On the Management Device, go to Central Management > Appliances. The Approval Status for the Remote Client will display On-Hold.

  2. Select the appliance and click Approve. The Approval Status changes to Approved.

To configure the Remote Client with the Management Device:
  1. On the Management Device, go to Central Management > Appliances.
  2. In the Action column, click the Config icon . The Appliance - <name> page displays the following tabs.

    Firmware

    Push FortiDeceptor firmware updates and upgrades to the Remote Client. Synchronization can be immediate or scheduled.

    Deception OS

    Push deception VM images from the Management Device to the Remote Client. Synchronization can be immediate or scheduled.

    Status

    Current status of deception OS image.

    Name

    Name of deception OS.

    OS Type

    Type of this deception OS.

    VM Type

    Category of this deception OS.

    Lures

    Lure services can be provided by this deception OS.

    Interfaces

    Configure the Remote Client network interfaces.

    Routing

    Configure the Remote Client network routing table.

    DNS

    Configure the Remote Client DNS configuration.

    FortiGuard

    Configure the Remote Client FortiGuard configuration.

  3. To synchronize the firmware, click the Firmware tab and select one of the following options and then click Apply:

    Synchronize firmware image from manager now Click to synchronize the firmware immediately.
    Synchronize firmware image from manager at Click to schedule the synchronization.

To remove a client from Central Management:
  1. On the Remote Client, run the following CLI command:

    cm -sc -mN

    After a client leaves Central Management, its status on the manager changes to Wait.

  2. On the Management Device, select that client and click Delete.
To remove the Management Device from Central Management:
  1. On the Management Device, run the following CLI command:

    cm -sc -mN