Fortinet black logo

VMware ESXi Deployment Guide

Home FortiDeceptor Private Cloud 5.0.0 VMware ESXi Deployment Guide
5.0.0
5.3.0
5.2.0
5.0.0
4.2.0
4.1.0
3.2.0
3.2.0
3.1.0

Configuring FortiDeceptor VM networking

Configuring FortiDeceptor VM networking

To simplify configuration, we recommend using a dedicated vSwitch for the decoy and monitored segments.

The following diagram shows the vSwitch ports relationship.

On ESXi, configure the vSwitch_ FDC_Decoys vSwitch to connect both VLANs to FortiDeceptor VM. Then configure three network port-groups:

  1. FDC_Trunk – Port-group for the actual trunk interface between FortiDeceptor VM and vSwitch.
  2. VLAN11 – Port-group to connect VLAN11 to vSwitch.
  3. VLAN21 – Port-group to connect VLAN21 to vSwitch.
To configure the vSwitch:
  1. On the ESXi client, go to Networking > Virtual Switches and add a standard virtual switch.

    Just configure the vSwtich Name, remove the uplink (unless you need it), and use default values for the other options.

  2. Go to Networking > Port groups and add the port groups.

    Port groups for VLAN11 and VLAN21 are similar. For each port group, specify a Name, configure the VLAN ID, and select the Virtual switch.

  3. For the FDC Trunk port, configure a special port-group.

    On ESXi, you do not need to configure 802.1Q. You only need to set the port group to be a promiscuous interface and specify 4095 for the VLAN ID so the vSwitch can send and receive traffic from the VLANs configured on FortiDeceptor VM.

    Select the Virtual switch and set all Security options to Accept.

  4. To verify the configuration, check the vSwitch topology and ensure all devices are connected to this switch.

  5. Test connectivity from FortiDeceptor VM to the web servers, and from each web server to the decoys connected to the same VLAN.
    • From FortiDeceptor VM.

    • From web server 1.

Previous
Next

Configuring FortiDeceptor VM networking

To simplify configuration, we recommend using a dedicated vSwitch for the decoy and monitored segments.

The following diagram shows the vSwitch ports relationship.

On ESXi, configure the vSwitch_ FDC_Decoys vSwitch to connect both VLANs to FortiDeceptor VM. Then configure three network port-groups:

  1. FDC_Trunk – Port-group for the actual trunk interface between FortiDeceptor VM and vSwitch.
  2. VLAN11 – Port-group to connect VLAN11 to vSwitch.
  3. VLAN21 – Port-group to connect VLAN21 to vSwitch.
To configure the vSwitch:
  1. On the ESXi client, go to Networking > Virtual Switches and add a standard virtual switch.

    Just configure the vSwtich Name, remove the uplink (unless you need it), and use default values for the other options.

  2. Go to Networking > Port groups and add the port groups.

    Port groups for VLAN11 and VLAN21 are similar. For each port group, specify a Name, configure the VLAN ID, and select the Virtual switch.

  3. For the FDC Trunk port, configure a special port-group.

    On ESXi, you do not need to configure 802.1Q. You only need to set the port group to be a promiscuous interface and specify 4095 for the VLAN ID so the vSwitch can send and receive traffic from the VLANs configured on FortiDeceptor VM.

    Select the Virtual switch and set all Security options to Accept.

  4. To verify the configuration, check the vSwitch topology and ensure all devices are connected to this switch.

  5. Test connectivity from FortiDeceptor VM to the web servers, and from each web server to the decoys connected to the same VLAN.
    • From FortiDeceptor VM.

    • From web server 1.

Previous
Next