FortiGuard
The FortiGuard Distribution Network (FDN) provides FortiGuard services for your FortiDeceptor system. The FDN is a worldwide network of FortiGuard Distribution Servers (FDS), which update the FortiGuard services on your FortiDeceptor system on a regular basis so that your FortiDeceptor system protects against the latest threats.
The FortiGuard services available on the FortiDeceptor system include:
Service |
Description |
---|---|
Antivirus | Malware scanning against files that get captured by the decoys. |
IDS engines |
|
Web filtering engine | Databases and look-ups against access from the decoy to the internet. |
Anti-Recon and Anti-Exploit Service | The Anti-Reconnaissance and Anti-Exploit Service (ARAE) service is available on FortiDeceptor and is responsible for tracking hackers' activities on decoys with real-time alerts. Similar to how FortiSandbox traces malware behavior activities, ARAE will record malicious activities such as files extracted, intrusions activities, planted malware, and web sites visited. ARAEs goal is to Deceive, Expose and Eliminate threats. |
AI Malware Engine |
AI Pallas malware detection engine used for backend file inspection. |
To configure FortiGuard updates:
- Go to System > FortiGuard.
- The following options and information are available:
Module Name
The FortiGuard module name, including: AntiVirus Scanner, AntiVirus Extended Signature, AntiVirus Active Signature, AntiVirus Extreme Signature, IDS Engine, IDS Signature, Anti-Reconnaissance & Anti-Exploit Engine.
All modules automatically install update packages when they are available on the FDN.Current Version
The current version of the module.
Release Time
The time that module was released.
Last Update Time
The time that module was last updated.
Last Check Status
The status of the last update attempt.
Upload Package File
Select Browse to locate a package file on the management computer, then select Submit to upload the package file to the FortiDeceptor.
When the unit has no access to the Fortinet FDN servers, the user can go to the Customer Service and Support site to download package files manually.
FortiGuard Server Settings
Use override FDN server to download module updates
Select to enable an override FDN server, or FortiManager, to download module update, then enter the server IP address or FQDN in the text box. When an overridden FDN server is used, FortiGuard Server Location will be disabled.
Click Connect FDN Now button to schedule an immediate update check. The default port on FDN server is 443 and can be changed to 53 or 8888.
Use Proxy
Select to use a proxy. Configure the Proxy Type (HTTP Connect, SOCKS v4, or SOCKS v5), Server Name/IP, Port, Proxy Username, and Proxy Password.
FortiGuard Web Filter Settings
Use override server address for web filtering query
Select to enable an override server address for web filtering query, then enter the server IP address (IP address or IP address:port) or FQDN in the text box.
By default, the closest web filtering server according to the unit's time zone is used.
The default port on FDN server is 443.
Use Proxy
Select to use a proxy. Configure the Proxy Type (HTTP Connect, SOCKS v4, or SOCKS v5), Server Name/IP, Port, Proxy Username, and Proxy Password.
VM Image Download Proxy Settings
Use Proxy
Select to use a proxy. Configure the Proxy Type (HTTP Connect, SOCKS v4, or SOCKS v5), Server Name/IP, Port, Proxy Username, and Proxy Password.
- Click Connect FDN Now to connect the override FDN server/proxy.
- Click Test Connection to test your connection.
- Click Apply to apply your changes.