Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiDeceptor 6.0.1 Administration Guide
    6.0.1
    6.0.1
    6.0.0
    5.3.2
    5.3.1
    5.3.0
    5.2.0
    5.1.0
    5.0.0
    4.3.0
    4.2.0
    4.1.1
    4.1.0
    4.0.2
    4.0.1
    4.0.0
    3.3.3
    3.3.2
    3.3.1
    3.3.0
    3.2.2
    3.2.1
    3.2.0
    3.1.1
    3.1.0
    3.0.2
    3.0.1
    3.0.0
    2.1.0
    2.0.0
    1.1.0
    1.0.1

    Safe List

    Safe List

    Use the Deception > Safe List page to add an IP address that is considered legitimate so that it does not generate an Event or Incident when accessing decoys. For example, the IP address of a monitoring system that is polling the network.

    The Safe list page displays the following information:

    Name

    The safe list name.

    IP/Mask

    Specify the IP address or subnet from where the connection originates.

    Source Ports

    Specify the source ports from where the connection originates.

    Destination Ports

    Specify the destination ports on the network where the connection terminates.

    Appliance

    This column indicates the source of the safelist, either local (manager) or remote (remote appliance). It is only visible when the manager operates in Central Management mode.

    Decoy

    Specify the name of the decoy for which you want to apply the safelist rule.

    Status

    Indicates the status of the safelist rule ( Enabled or Disabled).

    Block All

    Enforces Network Access Control based on the specified IP address or subnet in the IP/Mask field, along with the designated Appliance and Decoy. When enabled, all traffic originating from the specified IP address or subnet that matches the designated Appliance and Decoy will be blocked.
    To add a new Safe List IP address:
    1. Go to Deception > Safe List.
    2. Click Add New Safe List IP
    3. Coinfigure the safe list settings and click OK.

      Enable

      Select Enable to activate the safe list.

      Name

      Enter a description of the list. For example, Safe_Network.

      IP/Mask

      Enter the IP address or subnet from where the connection originates.

      Block All

      Enforces Network Access Control based on the specified IP address or subnet in the IP/Mask field, along with the designated Appliance and Decoy. When enabled, all traffic originating from the specified IP address or subnet that matches the designated Appliance and Decoy will be blocked.

      Note

      When Block ALL is active, traffic that meets all criteria specified in the safe list rule does not trigger an Event or Incident when accessing decoys. Instead, it produces a matched safe list rule log. However, if the Destination Ports or Services fields do not match, an Incident is logged with the keyword Safe list and a corresponding syslog with keyword Operation=Safe_List. In both cases, the traffic is blocked.

      Source Ports

      Enter the source ports from where the connection originates.

      Destination Ports

      Enter the destination ports on the network where the connection terminates.

      Services

      Select the name of the services used to connect to the network.

      Appliance

      Select an appliance from the list.

      Decoy

      Select the decoy name for you want to apply the safe list rule.

    Previous
    Next

    Safe List

    Safe List

    Use the Deception > Safe List page to add an IP address that is considered legitimate so that it does not generate an Event or Incident when accessing decoys. For example, the IP address of a monitoring system that is polling the network.

    The Safe list page displays the following information:

    Name

    The safe list name.

    IP/Mask

    Specify the IP address or subnet from where the connection originates.

    Source Ports

    Specify the source ports from where the connection originates.

    Destination Ports

    Specify the destination ports on the network where the connection terminates.

    Appliance

    This column indicates the source of the safelist, either local (manager) or remote (remote appliance). It is only visible when the manager operates in Central Management mode.

    Decoy

    Specify the name of the decoy for which you want to apply the safelist rule.

    Status

    Indicates the status of the safelist rule ( Enabled or Disabled).

    Block All

    Enforces Network Access Control based on the specified IP address or subnet in the IP/Mask field, along with the designated Appliance and Decoy. When enabled, all traffic originating from the specified IP address or subnet that matches the designated Appliance and Decoy will be blocked.
    To add a new Safe List IP address:
    1. Go to Deception > Safe List.
    2. Click Add New Safe List IP
    3. Coinfigure the safe list settings and click OK.

      Enable

      Select Enable to activate the safe list.

      Name

      Enter a description of the list. For example, Safe_Network.

      IP/Mask

      Enter the IP address or subnet from where the connection originates.

      Block All

      Enforces Network Access Control based on the specified IP address or subnet in the IP/Mask field, along with the designated Appliance and Decoy. When enabled, all traffic originating from the specified IP address or subnet that matches the designated Appliance and Decoy will be blocked.

      Note

      When Block ALL is active, traffic that meets all criteria specified in the safe list rule does not trigger an Event or Incident when accessing decoys. Instead, it produces a matched safe list rule log. However, if the Destination Ports or Services fields do not match, an Incident is logged with the keyword Safe list and a corresponding syslog with keyword Operation=Safe_List. In both cases, the traffic is blocked.

      Source Ports

      Enter the source ports from where the connection originates.

      Destination Ports

      Enter the destination ports on the network where the connection terminates.

      Services

      Select the name of the services used to connect to the network.

      Appliance

      Select an appliance from the list.

      Decoy

      Select the decoy name for you want to apply the safe list rule.

    Previous
    Next