Fortinet black logo

AWS Deployment Guide

Home FortiDeceptor Public Cloud 4.2.0 AWS Deployment Guide
4.2.0
5.3.0
5.2.0
5.0.0
4.2.0
4.1.0

FortiDeceptor Cloud topology

FortiDeceptor Cloud topology

The cloud appliance is deployed over the public infrastructure but uses a different method for decoy deployment. This new method requires less HW requirements for the cloud appliance itself.

The cloud decoy deployment method is as folows:

  • The cloud appliance will be deployed over the cloud infrastructure.
  • An on-premise FortiDeceptor Manager will manage the cloud appliance over a propriety network tunnel.
  • The propriety network tunnel allows managing the cloud appliance and decoy deployment provisioning over layer2 tunnel communication over layer3.
  • The cloud appliance network interfaces will hold IP addresses in the cloud segment. Each IP address represents a network decoy.
  • The network decoy will run on the on-premise FortiDeceptor Manager and use the same IP address as the cloud appliance network interfaces.
  • The cloud IP address will tunnel over Layer2 to the IP address on the on-premise FortiDeceptor Manager.
  • The idea is to run a light appliance in the cloud while running the actual network decoys inside the on-premise FortiDeceptor Manager in a sandbox mode. The cloud network is isolated from the rest of the decoys, the on-premise networks.

While the cloud appliance uses different hardware requirements, the on-premise FortiDeceptor Manager HW requirements that should serve the cloud appliance decoys is the same concept as today.

Previous
Next

FortiDeceptor Cloud topology

The cloud appliance is deployed over the public infrastructure but uses a different method for decoy deployment. This new method requires less HW requirements for the cloud appliance itself.

The cloud decoy deployment method is as folows:

  • The cloud appliance will be deployed over the cloud infrastructure.
  • An on-premise FortiDeceptor Manager will manage the cloud appliance over a propriety network tunnel.
  • The propriety network tunnel allows managing the cloud appliance and decoy deployment provisioning over layer2 tunnel communication over layer3.
  • The cloud appliance network interfaces will hold IP addresses in the cloud segment. Each IP address represents a network decoy.
  • The network decoy will run on the on-premise FortiDeceptor Manager and use the same IP address as the cloud appliance network interfaces.
  • The cloud IP address will tunnel over Layer2 to the IP address on the on-premise FortiDeceptor Manager.
  • The idea is to run a light appliance in the cloud while running the actual network decoys inside the on-premise FortiDeceptor Manager in a sandbox mode. The cloud network is isolated from the rest of the decoys, the on-premise networks.

While the cloud appliance uses different hardware requirements, the on-premise FortiDeceptor Manager HW requirements that should serve the cloud appliance decoys is the same concept as today.

Previous
Next