Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiDeceptor 4.3.0 Administration Guide
    4.3.0
    6.2.1
    6.2.0
    6.1.1
    6.1.0
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.3.4
    5.3.3
    5.3.2
    5.3.1
    5.3.0
    5.2.2
    5.2.0
    5.1.0
    5.0.0
    4.3.0
    4.2.0
    4.1.1
    4.1.0
    4.0.2
    4.0.1
    4.0.0
    3.3.3
    3.3.2
    3.3.1
    3.3.0
    3.2.2
    3.2.1
    3.2.0
    3.1.1
    3.1.0
    3.0.2
    3.0.1
    3.0.0
    2.1.0
    2.0.0
    1.1.0
    1.0.1

    Integrate Method settings

    Integrate Method settings

    FGT-REST-API

    Compatible FortiGate version: 6.0.4 or later

    IP

    IP address of the integrated device.
    Port

    Port number of the integrated device API service. Default is 8443.
    Username

    Username of the integrated device.
    Password

    Password of the integrated device.
    VDOM

    For FortiGate devices, the default access VDOM.
    Expiry

    Default blocking time in second. Default is 3600 seconds.
    FGT-WEBHOOK

    Compatible FortiGate version: 6.4.0 or later

    Block Action Expiry

    Default blocking time in seconds. Default is 3600 seconds.
    URL

    Enter the request API URI.

    Authorization

    Enter the API key.
    Unblock Action Expiry

    Default blocking time in seconds. Default is 3600 seconds.
    URL

    Enter the request API URI.

    Authorization

    Enter the API key.
    PAN-XMLAPI

    Compatible PAN-device version: 10.0.0 or later

    Device IP IP address of the integrated device.
    Port Port number of the integrated device API service. Default is 8443.
    Username Username of the integrated device.
    Password Password of the integrated device.
    Vsys The virtual system which is configured on PAN
    Policy Index Select Top or Bottom.
    Expiry Default blocking time in seconds. Default is 3600 seconds.
    GEN-WEBHOOK

    Compatible FortiNAC version: 8.8 or later (Firmware: 8.8.2.1714)

    Block Action: Expiry

    Default blocking time in seconds. Default is 3600 seconds.
    Http Method

    Select GET, POST, PUT, or PATCH
    URL

    Enter the request API URI.
    Authorization

    Enter the API key.
    HTTP Header

    Select Empty, Hacker-IP, Hacker-MAC, or Expiry-Time.
    HTTP Data

    Select Empty, Hacker-IP, Hacker-MAC, or Expiry-Time.
    Unblock Action: Http Method

    Select GET, POST, PUT, or PATCH
    URL

    Enter the request API URI.
    Authorization

    Enter the API key.
    HTTP Header

    Select Empty, Hacker-IP, Hacker-MAC, or Expiry-Time.
    HTTP Data

    Select Empty, Hacker-IP, Hacker-MAC, or Expiry-Time.
    FNAC-WEBHOOK

    Compatible FortiNAC version: 8.8.2.1714 or later.

    IP:

    IP address of the integrated device.
    Port:

    Port number of the integrated device API service. Default is 8443.
    Authorization Token:

    The FortiNAC-WEBHOOK authorization token generated by FNAC.
    Expiry:

    Default blocking time in seconds. Default is 3600 seconds.
    WMI-Disable
    Domain

    The device domain.
    Username

    Username of the integrated device.
    Password

    Password of the integrated device.
    FortiEDR-Isolation

    Compatible FortiEDR version: 5.0.2.305 or later.

    IP

    IP address of the integrated device.
    Port

    Port number of the integrated device API service. Default is 8443.
    Organization\Username

    The FortiEDR organization and username.

    Password

    Password of the integrated device.
    Expiry

    Default blocking time in seconds. Default is 3600 seconds.
    Cisco-ISE

    Compatible Cisco ISE version: 2.7 or later.

    Server URL/IP

    The Cisco server URL and IP address.
    Port

    Port number of the integrated device API service. Default is 8443.
    Username

    Username of the integrated device.
    Password

    Password of the integrated device.
    Verify SSL

    Enable to verify SSL.
    Expiry

    Default blocking time in seconds. Default is 3600 seconds.
    Microsoft-ATP
    Server URL

    Service base URI to connect and perform the automated operations. For example, https://api.securitycenter.microsoft.com.
    Client ID

    Client ID of the Azure application that is used to access Windows Defender ATP
    Client Secret

    Secret string that the application (used to access Windows Defender ATP) uses to prove its identity
    Tenant ID

    Tenant ID of the Azure application
    Verify SSL

    Enable to verify SSL.
    Expiry

    Default blocking time in seconds. Default is 3600 seconds.
    CrowdStrike-Isolation
    Server URL

    CrowdStrike server URL.
    Client ID

    Client ID of the Crowdstrike application which is used to access CrowdStrike isolation service.
    Client Secret

    Secret string of the Crowdstrike application which is used to access CrowdStrike isolation service.
    Verify SSL

    Enable to verify SSL.
    Expiry

    Default blocking time in seconds. Default is 3600 seconds.
    FSM-Watch-List
    IP

    IP address of the integrated device.
    Port

    Port number of the integrated device API service. Default is 8443.
    Username:

    Username of the integrated device.
    Password:

    Password of the integrated device.
    Organization

    Type the organization name for the integration device.

    Verify SSL

    Enable to verify SSL.
    Watch-List Name

    Type Watch-List Name as defined in FortiSIEM.

    Lure Users-Manual Mode

    Type the other lures you want to watch.
    Polling Time Interval

    Default polling time in seconds. Default is 3600 seconds.
    CheckPoint-FW-Isolation
    IP

    IP address of the integrated device.
    Port

    Port number of the integrated device API service. Default is 443.
    IP Block Policy (Network Group Name)

    Enter the Network Group Name which was defined in Checkpoint Firewall.
    Expiry

    Blocking time in seconds. Default is 3600 seconds.
    Username

    Username of the integrated device.
    Password

    Password of the integrated device.
    Verify SSL

    Enable to verify SSL.
    Install Policy After Publish

    Enable to install the policy after the quarantine policy publishes.
    Previous
    Next

    Integrate Method settings

    Integrate Method settings

    FGT-REST-API

    Compatible FortiGate version: 6.0.4 or later

    IP

    IP address of the integrated device.
    Port

    Port number of the integrated device API service. Default is 8443.
    Username

    Username of the integrated device.
    Password

    Password of the integrated device.
    VDOM

    For FortiGate devices, the default access VDOM.
    Expiry

    Default blocking time in second. Default is 3600 seconds.
    FGT-WEBHOOK

    Compatible FortiGate version: 6.4.0 or later

    Block Action Expiry

    Default blocking time in seconds. Default is 3600 seconds.
    URL

    Enter the request API URI.

    Authorization

    Enter the API key.
    Unblock Action Expiry

    Default blocking time in seconds. Default is 3600 seconds.
    URL

    Enter the request API URI.

    Authorization

    Enter the API key.
    PAN-XMLAPI

    Compatible PAN-device version: 10.0.0 or later

    Device IP IP address of the integrated device.
    Port Port number of the integrated device API service. Default is 8443.
    Username Username of the integrated device.
    Password Password of the integrated device.
    Vsys The virtual system which is configured on PAN
    Policy Index Select Top or Bottom.
    Expiry Default blocking time in seconds. Default is 3600 seconds.
    GEN-WEBHOOK

    Compatible FortiNAC version: 8.8 or later (Firmware: 8.8.2.1714)

    Block Action: Expiry

    Default blocking time in seconds. Default is 3600 seconds.
    Http Method

    Select GET, POST, PUT, or PATCH
    URL

    Enter the request API URI.
    Authorization

    Enter the API key.
    HTTP Header

    Select Empty, Hacker-IP, Hacker-MAC, or Expiry-Time.
    HTTP Data

    Select Empty, Hacker-IP, Hacker-MAC, or Expiry-Time.
    Unblock Action: Http Method

    Select GET, POST, PUT, or PATCH
    URL

    Enter the request API URI.
    Authorization

    Enter the API key.
    HTTP Header

    Select Empty, Hacker-IP, Hacker-MAC, or Expiry-Time.
    HTTP Data

    Select Empty, Hacker-IP, Hacker-MAC, or Expiry-Time.
    FNAC-WEBHOOK

    Compatible FortiNAC version: 8.8.2.1714 or later.

    IP:

    IP address of the integrated device.
    Port:

    Port number of the integrated device API service. Default is 8443.
    Authorization Token:

    The FortiNAC-WEBHOOK authorization token generated by FNAC.
    Expiry:

    Default blocking time in seconds. Default is 3600 seconds.
    WMI-Disable
    Domain

    The device domain.
    Username

    Username of the integrated device.
    Password

    Password of the integrated device.
    FortiEDR-Isolation

    Compatible FortiEDR version: 5.0.2.305 or later.

    IP

    IP address of the integrated device.
    Port

    Port number of the integrated device API service. Default is 8443.
    Organization\Username

    The FortiEDR organization and username.

    Password

    Password of the integrated device.
    Expiry

    Default blocking time in seconds. Default is 3600 seconds.
    Cisco-ISE

    Compatible Cisco ISE version: 2.7 or later.

    Server URL/IP

    The Cisco server URL and IP address.
    Port

    Port number of the integrated device API service. Default is 8443.
    Username

    Username of the integrated device.
    Password

    Password of the integrated device.
    Verify SSL

    Enable to verify SSL.
    Expiry

    Default blocking time in seconds. Default is 3600 seconds.
    Microsoft-ATP
    Server URL

    Service base URI to connect and perform the automated operations. For example, https://api.securitycenter.microsoft.com.
    Client ID

    Client ID of the Azure application that is used to access Windows Defender ATP
    Client Secret

    Secret string that the application (used to access Windows Defender ATP) uses to prove its identity
    Tenant ID

    Tenant ID of the Azure application
    Verify SSL

    Enable to verify SSL.
    Expiry

    Default blocking time in seconds. Default is 3600 seconds.
    CrowdStrike-Isolation
    Server URL

    CrowdStrike server URL.
    Client ID

    Client ID of the Crowdstrike application which is used to access CrowdStrike isolation service.
    Client Secret

    Secret string of the Crowdstrike application which is used to access CrowdStrike isolation service.
    Verify SSL

    Enable to verify SSL.
    Expiry

    Default blocking time in seconds. Default is 3600 seconds.
    FSM-Watch-List
    IP

    IP address of the integrated device.
    Port

    Port number of the integrated device API service. Default is 8443.
    Username:

    Username of the integrated device.
    Password:

    Password of the integrated device.
    Organization

    Type the organization name for the integration device.

    Verify SSL

    Enable to verify SSL.
    Watch-List Name

    Type Watch-List Name as defined in FortiSIEM.

    Lure Users-Manual Mode

    Type the other lures you want to watch.
    Polling Time Interval

    Default polling time in seconds. Default is 3600 seconds.
    CheckPoint-FW-Isolation
    IP

    IP address of the integrated device.
    Port

    Port number of the integrated device API service. Default is 443.
    IP Block Policy (Network Group Name)

    Enter the Network Group Name which was defined in Checkpoint Firewall.
    Expiry

    Blocking time in seconds. Default is 3600 seconds.
    Username

    Username of the integrated device.
    Password

    Password of the integrated device.
    Verify SSL

    Enable to verify SSL.
    Install Policy After Publish

    Enable to install the policy after the quarantine policy publishes.
    Previous
    Next