Fortinet black logo

FortiDeceptor Integration with FortiNAC

Home FortiNAC-F 7.2.0 FortiDeceptor Integration with FortiNAC
7.2.0
7.2.0

Validate

Validate

FDC <-> FNAC - Attack Simulation

Use two network desktops: One for accessing the Fortideceptor & FortiNAC and the second for the attack simulation.

  1. Access the FortiDeceptor Admin console. (https://IP_ADDRESS)

  2. Click Deception > Decoy & Lure Status and identify a Decoy IP you are willing to attack (example: choose a windows decoy with SMB enabled).

  3. Log in the FortiNAC Administration UI.

  4. Navigate to Users & Hosts > Hosts.

  5. Search for the “attacker endpoint” IP address and confirm it is connected to a port or SSID that is under enforcement.

  6. Log into the “attacker endpoint” machine and access the windows Decoy IP network share to generate an alert.

    The “attacker endpoint” will get isolated from the network automatically by the FortiNAC.

In the FortiDeceptor Admin console, verify that Fortideceptor raised an alert under incident analysis. Navigate to Fabric > quarantine status to confirm that FortiDeceptor sent a quarantine command to FortiNAC.

Previous
Next

Validate

FDC <-> FNAC - Attack Simulation

Use two network desktops: One for accessing the Fortideceptor & FortiNAC and the second for the attack simulation.

  1. Access the FortiDeceptor Admin console. (https://IP_ADDRESS)

  2. Click Deception > Decoy & Lure Status and identify a Decoy IP you are willing to attack (example: choose a windows decoy with SMB enabled).

  3. Log in the FortiNAC Administration UI.

  4. Navigate to Users & Hosts > Hosts.

  5. Search for the “attacker endpoint” IP address and confirm it is connected to a port or SSID that is under enforcement.

  6. Log into the “attacker endpoint” machine and access the windows Decoy IP network share to generate an alert.

    The “attacker endpoint” will get isolated from the network automatically by the FortiNAC.

In the FortiDeceptor Admin console, verify that Fortideceptor raised an alert under incident analysis. Navigate to Fabric > quarantine status to confirm that FortiDeceptor sent a quarantine command to FortiNAC.

Previous
Next