Fortinet black logo

New Features

Add FortiDeceptor as a Security Fabric device

Copy Link
Copy Doc ID 4f6cd3c1-22cb-11eb-96b9-00505692583a:414977
Download PDF

Add FortiDeceptor as a Security Fabric device

FortiDeceptor can be added to the Security Fabric so it appears in the topology views and the dashboard widgets.

To add FortiDeceptor to the Security Fabric in the GUI:
  1. Enable the Security Fabric (see Configuring the root FortiGate and downstream FortiGates in the FortiOS Administration Guide) with the following settings:
    1. Configure the interface to allow other Security Fabric devices to join.
    2. Enable Allow downstream device REST API access so the FortiDeceptor can communicate with the FortiGate, and select an Administrator profile. The minimum permission required for the selected Administrator profile is Read/Write for User & Device (set authgrp read-write).
  2. In FortiDeceptor, integrate the device:
    1. Go to Fabric > Integration Devices.
    2. Click Quarantine Integration With New Device.
    3. Click the toggle to enable the device.
    4. For Upstream IP Address, enter the root FortiGate's management IP address.

    5. Click Apply.
  3. Authorize the FortiDeceptor in FortiOS:
    1. Go to Security Fabric > Fabric Connectors.
    2. In the topology tree, click the highlighted FortiDeceptor serial number and select Authorize.

      The authorized device appears in the topology tree. Hover over the device name to view the tooltip.

      The Security Fabric widget on the dashboard also updates when the FortiDeceptor is authorized.

  4. Go to Security Fabric > Physical Topology or Security Fabric > Logical Topology to view more information.

    Physical topology view:

    Logical topology view:

To add a Fabric Device widget for FortiDeceptor:
  1. Go to Dashboard > Status and click Add Widget.
  2. In the Security Fabric section, click the + beside Fabric Device.
  3. For Device, select the FortiDeceptor.
  4. Select a Widget name and Visualization type from the dropdowns. System Info and Key-Value Pair are used in this example.
  5. Click Add Widget and click Close. The Fabric Device widget is displayed in the dashboard.

To add FortiDeceptor to the Security Fabric in the CLI:
  1. Configure the interface to allow other Security Fabric devices to join:
    config system interface
        edit "wan1"
            ...
            set allowaccess ping https ssh snmp http fabric
            ...
        next
    end
  2. Enable the Security Fabric:
    config system csf
        set status enable
        set group-name "csf-d"
        set downstream-access enable
        set downstream-accprofile "super_admin"
    end
  3. In FortiDeceptor, integrate the device:
    1. Go to Fabric > Integration Devices.
    2. Click Quarantine Integration With New Device.
    3. Click the toggle to enable the device.
    4. For Upstream IP Address, enter the root FortiGate's management IP address.
    5. Click Apply.
  4. Authorize the FortiDeceptor in FortiOS:
    config system csf
        set status enable
        set group-name "csf-d"
        config trusted-list
            edit "FDC-VMTM21000000"
                set serial "FDC-VMTM21000000"
            next
        end
    end

Add FortiDeceptor as a Security Fabric device

FortiDeceptor can be added to the Security Fabric so it appears in the topology views and the dashboard widgets.

To add FortiDeceptor to the Security Fabric in the GUI:
  1. Enable the Security Fabric (see Configuring the root FortiGate and downstream FortiGates in the FortiOS Administration Guide) with the following settings:
    1. Configure the interface to allow other Security Fabric devices to join.
    2. Enable Allow downstream device REST API access so the FortiDeceptor can communicate with the FortiGate, and select an Administrator profile. The minimum permission required for the selected Administrator profile is Read/Write for User & Device (set authgrp read-write).
  2. In FortiDeceptor, integrate the device:
    1. Go to Fabric > Integration Devices.
    2. Click Quarantine Integration With New Device.
    3. Click the toggle to enable the device.
    4. For Upstream IP Address, enter the root FortiGate's management IP address.

    5. Click Apply.
  3. Authorize the FortiDeceptor in FortiOS:
    1. Go to Security Fabric > Fabric Connectors.
    2. In the topology tree, click the highlighted FortiDeceptor serial number and select Authorize.

      The authorized device appears in the topology tree. Hover over the device name to view the tooltip.

      The Security Fabric widget on the dashboard also updates when the FortiDeceptor is authorized.

  4. Go to Security Fabric > Physical Topology or Security Fabric > Logical Topology to view more information.

    Physical topology view:

    Logical topology view:

To add a Fabric Device widget for FortiDeceptor:
  1. Go to Dashboard > Status and click Add Widget.
  2. In the Security Fabric section, click the + beside Fabric Device.
  3. For Device, select the FortiDeceptor.
  4. Select a Widget name and Visualization type from the dropdowns. System Info and Key-Value Pair are used in this example.
  5. Click Add Widget and click Close. The Fabric Device widget is displayed in the dashboard.

To add FortiDeceptor to the Security Fabric in the CLI:
  1. Configure the interface to allow other Security Fabric devices to join:
    config system interface
        edit "wan1"
            ...
            set allowaccess ping https ssh snmp http fabric
            ...
        next
    end
  2. Enable the Security Fabric:
    config system csf
        set status enable
        set group-name "csf-d"
        set downstream-access enable
        set downstream-accprofile "super_admin"
    end
  3. In FortiDeceptor, integrate the device:
    1. Go to Fabric > Integration Devices.
    2. Click Quarantine Integration With New Device.
    3. Click the toggle to enable the device.
    4. For Upstream IP Address, enter the root FortiGate's management IP address.
    5. Click Apply.
  4. Authorize the FortiDeceptor in FortiOS:
    config system csf
        set status enable
        set group-name "csf-d"
        config trusted-list
            edit "FDC-VMTM21000000"
                set serial "FDC-VMTM21000000"
            next
        end
    end