Deployment Network
Use the Deployment Network page to set up a monitoring interface into a VLAN or a subnet.
The Deployment Network page displays the following information:
Action |
Click Edit to edit the VLAN or subnet entry. The Edit button is visible only after the entry is saved. Click Delete to remove a VLAN or Subnet. |
Status |
Status of the IP address, such as if it is initialized. |
Name |
Name of the VLAN or subnet. |
Interface |
The port that connects to the VLAN or subnet. |
VLAN ID |
The VLAN's unique integer ID. |
Deploy Monitor IP/Mask |
The monitor IP provides the dynamic content for the online token, collects the token installation information, and acts as the probing client for active asset discovery when auto-deployment is triggered. |
Tag |
The tag for the VLAN or subnet. |
Gateway |
The gateway IP address of the deployment network. |
ARP Protection |
Indicates ARP Protection is enabled (Yes) or disabled (No). |
Setting up the deployment network
To add a VLAN or subnet to FortiDeceptor:
- Go to Deception > Deployment Network.
- Enable Auto VLAN Detection to automatically detect the VLANs on your network.
Auto VLAN detection allows FortiDeceptor to detect the available VLANs on the deployment network interface and display them in the GUI. You can select and add the VLANs for the deployment of Decoys later.
- Select the Detection Interface and click OK. You can select multiple ports.
- Click Add New VLAN/Subnet to manually add a VLAN or a subnet. Configure the following settings:
Name
Name of the VLAN or subnet.
Interface
The port that connects to the VLAN or subnet.
Tagged Interface
Select to enable vlan tag. Default is untagged.
VLAN ID
The VLAN's unique integer ID.
Deploy Monitor
The IP address to monitor.
The deploy monitor IP/Mask must be an IP address and not a subnet.
You must use the following guidelines to set the network IP/mask:
- Interface name and VLAN ID must be unique among all network IP/masks.
- If VLAN ID is 0, the network IP/mask must be unique among all the network IP/masks without VLAN and all system interfaces.
- If VLAN is not 0, the network IP/mask must be unique among all subnets in the same VLAN.
Gateway
The gateway IP address of the deployment network.
ARP Protection
Select to enable ARP poisoning detection. ARP Protection is disabled by default. Upgrading FortiDeceptor will disable this setting.
Tag
You can specify a tag for the VLAN or subnet.
Ref
The number of objects referring to this object.
Each VLAN/Subnet with a network mask of /24 and higher is counted as one seat of the VLAN license.
Each VLAN/Subnet with a network mask less than /24 is counted as two seats of the VLAN license.
- Click Save.