Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiDeceptor 5.3.1 Administration Guide
    5.3.1
    6.0.1
    6.0.0
    5.3.2
    5.3.1
    5.3.0
    5.2.0
    5.1.0
    5.0.0
    4.3.0
    4.2.0
    4.1.1
    4.1.0
    4.0.2
    4.0.1
    4.0.0
    3.3.3
    3.3.2
    3.3.1
    3.3.0
    3.2.2
    3.2.1
    3.2.0
    3.1.1
    3.1.0
    3.0.2
    3.0.1
    3.0.0
    2.1.0
    2.0.0
    1.1.0
    1.0.1

    Central Management

    Central Management

    Central Management allows you to manage remote FortiDeceptor appliances including Decoy VM deployments, system configuration, and incident alert monitoring.

    You can configure a FortiDeceptor hardware or VM appliance to be a Management Device or Remote Client. The Management Device has deception capabilities. You can use the Management Device to deploy decoys and lures to the Remote Clients on the network.

    Network communication requirements

    Communication between:

    From:
    Management device and regular client appliance Client to manager port1 IP and 8443 port
    Management device and cloud client appliance

    Management device to cloud client port1 public IP and 8443 port

    Use the buttons in the Central Management Appliances pane to manage Remote Clients.

    Button

    Description

    Approve

    Allow the selected clients to participate in Central Management.

    Hold

    Pause the selected clients’ participation in Central Management.

    Delete

    Pause the selected clients and then permanently delete related data in the Manage Device's local database, including OS, network settings, decoys, and lures.

    This action does not:

    • Delete or change any data in the Remote Client.
    • Change incident and campaign data generated in the past.

    Refresh

    Force re-sync all data between manager and selected clients.

    Restart

    Send signal to selected clients to reboot.

    Remote Client

    When a FortiDeceptor is managed as a Remote Client the navigation pane will only displays the Network, System and Log modules.

    To prevent access to a Remote Client outside the Central Management or other trusted IP addresses, go to System > Administrators. See Administrators.

    When the Remote Client is a cloud device, configure the trusted host with the Management Device's IP to ensure only the Management Device can access itself.

    On the Management Device, configure the trusted host with regular client IPs to ensure regular clients can access Management Device.

    When you deploy a decoy or network, select the local or Remote Client name. Use the local configuration to deploy decoys and lures from the Management Device.

    Configuring Central Management

    To configure Central Management:
    1. Enable Central Management on the Management Device.
    2. Enable Central Management the Remote Client.
    3. Approve the Remote Client on the Management Device.
    4. Configure the Remote Client with the Management Device.

    The tasks below are based on the following topology:

    To enable Central Management on the Management Device:

    cm -sc -mM -nManager -a<password>

    Example:

    cm -sc -mM -nManager -a1234567890

    To enable Central Management on the Remote Client:
    Note

    Before configuring FortiDeceptor as a Remote Client, perform a factory reset and basic network configuration to avoid data incompatibility between the Management Device and Remote Client. For more information on manager and client configuration, see the CLI Reference.

    cm –sc –mC –nAppliance1 –a<password> -i<manager_ip_address>

    Example:

    cm –sc –mC –nAppliance1 –a1234567890 -i172.16.130.12

    To approve a Remote Client with the Management Device:
    1. On the Management Device, go to Central Management > Appliances. The Approval Status for the Remote Client will display On-Hold.

    2. Select the appliance and click Approve. The Approval Status changes to Approved.

    To configure the Remote Client with the Management Device:
    1. On the Management Device, go to Central Management > Appliances.
    2. In the Action column, click the Config icon . The Appliance - <name> page displays the following tabs.

      Firmware

      Push FortiDeceptor firmware updates and upgrades to the Remote Client. Synchronization can be immediate or scheduled.

      Deception OS

      Push deception VM images from the Management Device to the Remote Client. Synchronization can be immediate or scheduled.

      Status

      Current status of deception OS image.

      Name

      Name of deception OS.

      OS Type

      Type of this deception OS.

      VM Type

      Category of this deception OS.

      Lures

      Lure services can be provided by this deception OS.

      Interfaces

      Configure the Remote Client network interfaces.

      Routing

      Configure the Remote Client network routing table.

      DNS

      Configure the Remote Client DNS configuration.

      FortiGuard

      Configure the Remote Client FortiGuard configuration.

    3. To synchronize the firmware, click the Firmware tab and select one of the following options and then click Apply:

      Synchronize firmware image from manager nowClick to synchronize the firmware immediately.
      Synchronize firmware image from manager atClick to schedule the synchronization.

    To remove a client from Central Management:
    1. On the Remote Client, run the following CLI command:

      cm -sc -mN

      After a client leaves Central Management, its status on the manager changes to Offline.

    2. On the Management Device, select that client and click Delete.
    To remove the Management Device from Central Management:
    1. On the Management Device, run the following CLI command:

      cm -sc -mN

    Adding a cloud appliance

    Previous
    Next

    Central Management

    Central Management

    Central Management allows you to manage remote FortiDeceptor appliances including Decoy VM deployments, system configuration, and incident alert monitoring.

    You can configure a FortiDeceptor hardware or VM appliance to be a Management Device or Remote Client. The Management Device has deception capabilities. You can use the Management Device to deploy decoys and lures to the Remote Clients on the network.

    Network communication requirements

    Communication between:

    From:
    Management device and regular client appliance Client to manager port1 IP and 8443 port
    Management device and cloud client appliance

    Management device to cloud client port1 public IP and 8443 port

    Use the buttons in the Central Management Appliances pane to manage Remote Clients.

    Button

    Description

    Approve

    Allow the selected clients to participate in Central Management.

    Hold

    Pause the selected clients’ participation in Central Management.

    Delete

    Pause the selected clients and then permanently delete related data in the Manage Device's local database, including OS, network settings, decoys, and lures.

    This action does not:

    • Delete or change any data in the Remote Client.
    • Change incident and campaign data generated in the past.

    Refresh

    Force re-sync all data between manager and selected clients.

    Restart

    Send signal to selected clients to reboot.

    Remote Client

    When a FortiDeceptor is managed as a Remote Client the navigation pane will only displays the Network, System and Log modules.

    To prevent access to a Remote Client outside the Central Management or other trusted IP addresses, go to System > Administrators. See Administrators.

    When the Remote Client is a cloud device, configure the trusted host with the Management Device's IP to ensure only the Management Device can access itself.

    On the Management Device, configure the trusted host with regular client IPs to ensure regular clients can access Management Device.

    When you deploy a decoy or network, select the local or Remote Client name. Use the local configuration to deploy decoys and lures from the Management Device.

    Configuring Central Management

    To configure Central Management:
    1. Enable Central Management on the Management Device.
    2. Enable Central Management the Remote Client.
    3. Approve the Remote Client on the Management Device.
    4. Configure the Remote Client with the Management Device.

    The tasks below are based on the following topology:

    To enable Central Management on the Management Device:

    cm -sc -mM -nManager -a<password>

    Example:

    cm -sc -mM -nManager -a1234567890

    To enable Central Management on the Remote Client:
    Note

    Before configuring FortiDeceptor as a Remote Client, perform a factory reset and basic network configuration to avoid data incompatibility between the Management Device and Remote Client. For more information on manager and client configuration, see the CLI Reference.

    cm –sc –mC –nAppliance1 –a<password> -i<manager_ip_address>

    Example:

    cm –sc –mC –nAppliance1 –a1234567890 -i172.16.130.12

    To approve a Remote Client with the Management Device:
    1. On the Management Device, go to Central Management > Appliances. The Approval Status for the Remote Client will display On-Hold.

    2. Select the appliance and click Approve. The Approval Status changes to Approved.

    To configure the Remote Client with the Management Device:
    1. On the Management Device, go to Central Management > Appliances.
    2. In the Action column, click the Config icon . The Appliance - <name> page displays the following tabs.

      Firmware

      Push FortiDeceptor firmware updates and upgrades to the Remote Client. Synchronization can be immediate or scheduled.

      Deception OS

      Push deception VM images from the Management Device to the Remote Client. Synchronization can be immediate or scheduled.

      Status

      Current status of deception OS image.

      Name

      Name of deception OS.

      OS Type

      Type of this deception OS.

      VM Type

      Category of this deception OS.

      Lures

      Lure services can be provided by this deception OS.

      Interfaces

      Configure the Remote Client network interfaces.

      Routing

      Configure the Remote Client network routing table.

      DNS

      Configure the Remote Client DNS configuration.

      FortiGuard

      Configure the Remote Client FortiGuard configuration.

    3. To synchronize the firmware, click the Firmware tab and select one of the following options and then click Apply:

      Synchronize firmware image from manager nowClick to synchronize the firmware immediately.
      Synchronize firmware image from manager atClick to schedule the synchronization.

    To remove a client from Central Management:
    1. On the Remote Client, run the following CLI command:

      cm -sc -mN

      After a client leaves Central Management, its status on the manager changes to Offline.

    2. On the Management Device, select that client and click Delete.
    To remove the Management Device from Central Management:
    1. On the Management Device, run the following CLI command:

      cm -sc -mN

    Adding a cloud appliance

    Previous
    Next