Fortinet black logo

Administration Guide

Home FortiDeceptor 4.3.0 Administration Guide

Mitigation using windows Remote Command

4.3.0
5.3.0
5.2.0
5.1.0
5.0.0
4.3.0
4.2.0
4.1.1
4.1.0
4.0.2
4.0.1
4.0.0
3.3.3
3.3.2
3.3.1
3.3.0
3.2.2
3.2.1
3.2.0
3.1.1
3.1.0
3.0.2
3.0.1
3.0.0
2.1.0
2.0.0
1.1.0
1.0.1
Copy Link
Copy Doc ID 94250e1c-2251-11ed-9eba-fa163e15d75b:256609
Download PDF

Mitigation using windows Remote Command

1. Configure the endpoint

1.1 Verify the endpoint domains and permissions.

FortiDeceptor will use the administrator account of the AD domain to access Windows endpoints. Please ensure the Windows endpoints are connected to the AD domain and the administrator account of AD domain can access the endpoints.

Note

The administrator can also be a domain local admin with permission to disable the endpoint network interfaces.

1.2 Open the Windows SMB port

By default, Windows blocks the SMB port 445. To open the port run the following command in PowerShell:

Set-NetFirewallRule -Name FPS-SMB-In-TCP -Enabled True

1.3 Enable SMB

Note

If the Firewall is enabled by the A/D GPO, you will need to add the FortiDeceptor management IP to the exclusion list.
  1. Type wf. msc in the Windows search box.
  2. Click Inbound Rules in the navigation pane.
  3. Scroll down to File and Printer Sharing (Echo Request - ICMPv4-In).
  4. Enable the options in both Private and Domain profile

2. Configure FortiDeceptor

  1. In FortiDeceptor, go to Fabric > Quarantine Integration and click + Quarantine Integration with new device.
  2. Configure the integration settings ensuring the user has sufficient privileges to manage NICs.

  3. (Optional) Click Credentials Test and then click Start to test the connection.

Previous
Next

Mitigation using windows Remote Command

1. Configure the endpoint

1.1 Verify the endpoint domains and permissions.

FortiDeceptor will use the administrator account of the AD domain to access Windows endpoints. Please ensure the Windows endpoints are connected to the AD domain and the administrator account of AD domain can access the endpoints.

Note

The administrator can also be a domain local admin with permission to disable the endpoint network interfaces.

1.2 Open the Windows SMB port

By default, Windows blocks the SMB port 445. To open the port run the following command in PowerShell:

Set-NetFirewallRule -Name FPS-SMB-In-TCP -Enabled True

1.3 Enable SMB

Note

If the Firewall is enabled by the A/D GPO, you will need to add the FortiDeceptor management IP to the exclusion list.
  1. Type wf. msc in the Windows search box.
  2. Click Inbound Rules in the navigation pane.
  3. Scroll down to File and Printer Sharing (Echo Request - ICMPv4-In).
  4. Enable the options in both Private and Domain profile

2. Configure FortiDeceptor

  1. In FortiDeceptor, go to Fabric > Quarantine Integration and click + Quarantine Integration with new device.
  2. Configure the integration settings ensuring the user has sufficient privileges to manage NICs.

  3. (Optional) Click Credentials Test and then click Start to test the connection.

Previous
Next