Fortinet black logo

Deploy Deception VMs with the Deploy Wizard

Copy Link
Copy Doc ID aaf760f3-025b-11e9-b86b-00505692583a:699147
Download PDF

Deploy Deception VMs with the Deploy Wizard

The Deploy Wizard allows you to create and deploy Deception VMs on your network. These Deception VMs appear as real endpoints to the hacker and can collect valuable information about attacks.

To deploy Decoys on the network:
  1. Go to Deception > Deploy Wizard.
  2. Click + to add a Deception VM.
  3. Configure the following:

    Profile Name

    Specify the name of the deployment profile in 1-15 characters. A-Z, a-z, 0-9, dash or underscore allowed. Cannot be duplicate of the existing profile name.

    Available VMs

    Select one of the available VM Images. Windows or Ubuntu VM Images are available.

    Selected Services

    The selected services are shown. This field is not editable.

  4. Set SSH or SAMBA to ON for an Ubuntu VM. Set RDP or SMB to ON for Windows.
  5. Click Add Decoy for the respective service and configure the following:

    Username

    Specify the username for the decoy in 1-19 characters. A-Z, a-z, or 0-9, allowed.

    Password

    Specify the password for the decoy in 1-14 non-unicode characters.

    Sharename

    Specify a Sharename in 3-63 characters. A-Z, a-z, or 0-9, allowed. This option is for a SAMBA (Ubuntu) or SMB (Windows).

    Update or Cancel

    Click Update to save the username and password. Click Cancel to discard the username and password. Click Delete to delete an existing decoy.

  6. Repeat step 5 to add more decoys.
  7. Switch Launch Immediately to ON to launch the Deception VMs.
  8. Click Next.
  9. Specify the Hostname in 1-15 characters.The hostname can start with English characters/digits, and must not end with a hyphen. It may contain only the ASCII letters a through z (in a case-insensitive manner), the digits 0 through 9, and the hyphen ('-'). No other symbols, punctuation characters, or white space are permitted. Hostname cannot conflict with existing Decoy names.
  10. Click Add Interface.
  11. In the Add Interface for Deception VM screen, select the Deploy Interface. This is the VLAN or Subnet added in the following topic: Set up the Monitored Network
  12. Configure the following settings in the Add Interface for Deception VM screen:
    Addressing Mode Select Static or DHCP. Selecting Static will allow you to configure the IP address for all the decoys. Selecting DHCP will enable the decoys to receive IP address from the DHCP server.
    Network Mask The network mask is shown automatically.
    Gateway Specify the gateway.
    IP Count Specify the number of IP address to be assigned. The maximum per Deception VM is 16 IPs. IP count will automatically switch to 1 if the addressing mode is DHCP.
    Min The minimum IP address in the IP range.
    Max The maximum IP address in the IP range.
    IP Ranges Specify the IP range between Min and Max.
  13. Click Done.
  14. Click Template to save as a template. The template is visible with the Profile Name in Deception > Deploy Wizard.
  15. Click Deploy to deploy the decoys on the network.

Deploy Deception VMs with the Deploy Wizard

The Deploy Wizard allows you to create and deploy Deception VMs on your network. These Deception VMs appear as real endpoints to the hacker and can collect valuable information about attacks.

To deploy Decoys on the network:
  1. Go to Deception > Deploy Wizard.
  2. Click + to add a Deception VM.
  3. Configure the following:

    Profile Name

    Specify the name of the deployment profile in 1-15 characters. A-Z, a-z, 0-9, dash or underscore allowed. Cannot be duplicate of the existing profile name.

    Available VMs

    Select one of the available VM Images. Windows or Ubuntu VM Images are available.

    Selected Services

    The selected services are shown. This field is not editable.

  4. Set SSH or SAMBA to ON for an Ubuntu VM. Set RDP or SMB to ON for Windows.
  5. Click Add Decoy for the respective service and configure the following:

    Username

    Specify the username for the decoy in 1-19 characters. A-Z, a-z, or 0-9, allowed.

    Password

    Specify the password for the decoy in 1-14 non-unicode characters.

    Sharename

    Specify a Sharename in 3-63 characters. A-Z, a-z, or 0-9, allowed. This option is for a SAMBA (Ubuntu) or SMB (Windows).

    Update or Cancel

    Click Update to save the username and password. Click Cancel to discard the username and password. Click Delete to delete an existing decoy.

  6. Repeat step 5 to add more decoys.
  7. Switch Launch Immediately to ON to launch the Deception VMs.
  8. Click Next.
  9. Specify the Hostname in 1-15 characters.The hostname can start with English characters/digits, and must not end with a hyphen. It may contain only the ASCII letters a through z (in a case-insensitive manner), the digits 0 through 9, and the hyphen ('-'). No other symbols, punctuation characters, or white space are permitted. Hostname cannot conflict with existing Decoy names.
  10. Click Add Interface.
  11. In the Add Interface for Deception VM screen, select the Deploy Interface. This is the VLAN or Subnet added in the following topic: Set up the Monitored Network
  12. Configure the following settings in the Add Interface for Deception VM screen:
    Addressing Mode Select Static or DHCP. Selecting Static will allow you to configure the IP address for all the decoys. Selecting DHCP will enable the decoys to receive IP address from the DHCP server.
    Network Mask The network mask is shown automatically.
    Gateway Specify the gateway.
    IP Count Specify the number of IP address to be assigned. The maximum per Deception VM is 16 IPs. IP count will automatically switch to 1 if the addressing mode is DHCP.
    Min The minimum IP address in the IP range.
    Max The maximum IP address in the IP range.
    IP Ranges Specify the IP range between Min and Max.
  13. Click Done.
  14. Click Template to save as a template. The template is visible with the Profile Name in Deception > Deploy Wizard.
  15. Click Deploy to deploy the decoys on the network.