Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 6.2.1
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiDeceptor 6.2.1 Administration Guide
    6.2.1
    6.2.1
    6.2.0
    6.1.2
    6.1.1
    6.1.0
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.3.4
    5.3.3
    5.3.2
    5.3.1
    5.3.0
    5.2.2
    5.2.0
    5.1.0
    5.0.0
    4.3.0
    4.2.0
    4.1.1
    4.1.0
    4.0.2
    4.0.1
    4.0.0
    3.3.3
    3.3.2
    3.3.1
    3.3.0
    3.2.2
    3.2.1
    3.2.0
    3.1.1
    3.1.0
    3.0.2
    3.0.1
    3.0.0
    2.1.0
    2.0.0
    1.1.0
    1.0.1

    Decoy Status

    Decoy Status

    The Decoy Status page shows the status of the Decoys on your network. Use the page to start, stop or delete a decoy. You can also view the decoy's configuration details and copy the decoy template.

    We recommend operating Decoy VMs with the same status for expected behavior.

    The Decoy Status page displays the following information:

    Status

    The status of the decoy can be Initializing, Running, Stopped, or Cannot Start.

    If the Decoy VM cannot start, hover over the VM to see the reason.

    Decoy Name

    Name of the decoy.

    Initialize Time and Start Time

    The decoy's initialization time and its last start time.

    OS

    Operating system of the decoy.

    VM

    The name of the Decoy VM.

    IP

    The IP address of the Decoy VM.

    Services

    List of services enabled. Hover over an icon to see a text list.

    Network Type

    Shows if the IP address is Static or DHCP.

    DNS

    DNS of the Decoy VM.

    Gateway

    Gateway of the Decoy VM.
    To view the decoy configuration details:
    1. Go to Deception > Decoy Status and select a decoy.
    2. In the Action column, click View Details. The Config Detail page opens.

    To copy a decoy the Deployment Wizard:
    2. Go to Deception > Decoy Status and select a decoy.
    3. Click Copy to Template . The template is copied to the Deployment Wizard.
    To delete Decoy VMs:
    1. Go to Deception > Decoy Status and select one more decoys.
    2. In the Action column, click Delete .
    3. Click OK.
    To start a Decoy VM:
    1. Go to Deception > Decoy Status and select one more decoys that are stopped.
    2. In the Action column, click Start .
    To stop a Decoy VM:
    2. Go to Deception > Decoy Status and select one more decoys that are running.
    3. In the toolbar, click Stop. The decoy status changes to Stopped .
    To edit a Decoy VM:
    1. Go to Deception > Decoy Status and select a decoy with any status.
    2. In the toolbar, click Edit. The decoy can also be modified in the Deploy Decoy page.
    3. Edit and updated the decoy domain. A decoy that is:
      • Not joined to a domain can be configured to join a domain.
      • Joined to a domain can be configured to leave the domain.
      • Joined to Domain A can be reconfigured to join Domain B. This requires entering the DNS addresses for both Domain A and Domain B in Deployment Wizard > Set Network > DNS/DNS2 (the order does not matter).

    FortiDeceptor 6.2 does not support editing decoys created in version 6.1 for Cloud VMS, Cloud VME, or 100G clients.

    Starting in version 6.1, the default deception OS, Windows 10v1, also supports joining an AD domain. In previous versions, only customized images with AD domain could join the same AD domain when deploying a decoy. The procedure remains the same.

    Previous
    Next

    Decoy Status

    Decoy Status

    The Decoy Status page shows the status of the Decoys on your network. Use the page to start, stop or delete a decoy. You can also view the decoy's configuration details and copy the decoy template.

    We recommend operating Decoy VMs with the same status for expected behavior.

    The Decoy Status page displays the following information:

    Status

    The status of the decoy can be Initializing, Running, Stopped, or Cannot Start.

    If the Decoy VM cannot start, hover over the VM to see the reason.

    Decoy Name

    Name of the decoy.

    Initialize Time and Start Time

    The decoy's initialization time and its last start time.

    OS

    Operating system of the decoy.

    VM

    The name of the Decoy VM.

    IP

    The IP address of the Decoy VM.

    Services

    List of services enabled. Hover over an icon to see a text list.

    Network Type

    Shows if the IP address is Static or DHCP.

    DNS

    DNS of the Decoy VM.

    Gateway

    Gateway of the Decoy VM.
    To view the decoy configuration details:
    1. Go to Deception > Decoy Status and select a decoy.
    2. In the Action column, click View Details. The Config Detail page opens.

    To copy a decoy the Deployment Wizard:
    2. Go to Deception > Decoy Status and select a decoy.
    3. Click Copy to Template . The template is copied to the Deployment Wizard.
    To delete Decoy VMs:
    1. Go to Deception > Decoy Status and select one more decoys.
    2. In the Action column, click Delete .
    3. Click OK.
    To start a Decoy VM:
    1. Go to Deception > Decoy Status and select one more decoys that are stopped.
    2. In the Action column, click Start .
    To stop a Decoy VM:
    2. Go to Deception > Decoy Status and select one more decoys that are running.
    3. In the toolbar, click Stop. The decoy status changes to Stopped .
    To edit a Decoy VM:
    1. Go to Deception > Decoy Status and select a decoy with any status.
    2. In the toolbar, click Edit. The decoy can also be modified in the Deploy Decoy page.
    3. Edit and updated the decoy domain. A decoy that is:
      • Not joined to a domain can be configured to join a domain.
      • Joined to a domain can be configured to leave the domain.
      • Joined to Domain A can be reconfigured to join Domain B. This requires entering the DNS addresses for both Domain A and Domain B in Deployment Wizard > Set Network > DNS/DNS2 (the order does not matter).

    FortiDeceptor 6.2 does not support editing decoys created in version 6.1 for Cloud VMS, Cloud VME, or 100G clients.

    Starting in version 6.1, the default deception OS, Windows 10v1, also supports joining an AD domain. In previous versions, only customized images with AD domain could join the same AD domain when deploying a decoy. The procedure remains the same.

    Previous
    Next