Fortinet black logo

Administration Guide

Home FortiDeceptor 2.1.0 Administration Guide

DMZ Mode

2.1.0
5.3.0
5.2.0
5.1.0
5.0.0
4.3.0
4.2.0
4.1.1
4.1.0
4.0.2
4.0.1
4.0.0
3.3.3
3.3.2
3.3.1
3.3.0
3.2.2
3.2.1
3.2.0
3.1.1
3.1.0
3.0.2
3.0.1
3.0.0
2.1.0
2.0.0
1.1.0
1.0.1
Copy Link
Copy Doc ID 52ca6fc9-c9b4-11e9-8977-00505692583a:523635
Download PDF

DMZ Mode

Deploy a FortiDeceptor hardware unit or VM in the Demilitarized Zone (DMZ) network. Attacks on the DMZ network can be monitored when FortiDeceptor is installed in the DMZ network.

To enable DMZ mode:

Go to the command line and specify the following command:

dmz-mode enable

Enabling or disabling the DMZ mode will remove all previous configurations including Decoy VMs, lures, and tokens. Deception OS will not be removed.

Limitations of the DMZ Mode

The DMZ Mode in FortiDeceptor functions like the regular mode, with the following exceptions:

  • When DMZ mode is enabled, the label DMZ-MODE is shown on the top banner.
  • In the Deployment Network view, Deception Monitor IP/Mask is hidden when in DMZ Mode. See Set up the Deployment Network for more information about Deception IP/Mask.
  • Under Deception Status view, the Attack Test selection is disabled.
  • When DMZ mode is enabled, Decoy VMs are limited to 1 Deploy Interface. See Deploy Decoy VMs with the Deployment Wizard for more information about IP address range.

Previous
Next

DMZ Mode

Deploy a FortiDeceptor hardware unit or VM in the Demilitarized Zone (DMZ) network. Attacks on the DMZ network can be monitored when FortiDeceptor is installed in the DMZ network.

To enable DMZ mode:

Go to the command line and specify the following command:

dmz-mode enable

Enabling or disabling the DMZ mode will remove all previous configurations including Decoy VMs, lures, and tokens. Deception OS will not be removed.

Limitations of the DMZ Mode

The DMZ Mode in FortiDeceptor functions like the regular mode, with the following exceptions:

  • When DMZ mode is enabled, the label DMZ-MODE is shown on the top banner.
  • In the Deployment Network view, Deception Monitor IP/Mask is hidden when in DMZ Mode. See Set up the Deployment Network for more information about Deception IP/Mask.
  • Under Deception Status view, the Attack Test selection is disabled.
  • When DMZ mode is enabled, Decoy VMs are limited to 1 Deploy Interface. See Deploy Decoy VMs with the Deployment Wizard for more information about IP address range.

Previous
Next