Fortinet white logo
Fortinet white logo

Administration Guide

Configuring FortiDeceptor

Configuring FortiDeceptor

FortiDeceptor can be added to the Security Fabric so it appears in the topology views and the dashboard widgets.

To add FortiDeceptor to the Security Fabric in the GUI:
  1. Enable the Security Fabric (see Configuring the root FortiGate and downstream FortiGates for more details) with the following settings:
    1. Configure the interface to allow other Security Fabric devices to join.
    2. Enable Allow downstream device REST API access so the FortiDeceptor can communicate with the FortiGate, and select an Administrator profile. The minimum permission required for the selected Administrator profile is Read/Write for User & Device (set authgrp read-write).
  2. In FortiDeceptor, integrate the device:
    1. Go to Fabric > Integration Devices.
    2. Click Quarantine Integration With New Device.
    3. Click the toggle to enable the device.
    4. For Upstream IP Address, enter the root FortiGate's management IP address.

    5. Click Apply.
  3. Authorize the FortiDeceptor in FortiOS:
    1. Go to Security Fabric > Fabric Connectors.
    2. In the topology tree, click the highlighted FortiDeceptor serial number and select Authorize.

      The authorized device appears in the topology tree. Hover over the device name to view the tooltip.

      The Security Fabric widget on the dashboard also updates when the FortiDeceptor is authorized.

  4. Go to Security Fabric > Physical Topology or Security Fabric > Logical Topology to view more information.

    Physical topology view:

    Logical topology view:

To add FortiDeceptor to the Security Fabric in the CLI:
  1. Configure the interface to allow other Security Fabric devices to join:
    config system interface
        edit "wan1"
            ...
            set allowaccess ping https ssh snmp http fabric
            ...
        next
    end
  2. Enable the Security Fabric:
    config system csf
        set status enable
        set group-name "csf-d"
        set downstream-access enable
        set downstream-accprofile "super_admin"
    end
  3. In FortiDeceptor, integrate the device:
    1. Go to Fabric > Integration Devices.
    2. Click Quarantine Integration With New Device.
    3. Click the toggle to enable the device.
    4. For Upstream IP Address, enter the root FortiGate's management IP address.
    5. Click Apply.
  4. Authorize the FortiDeceptor in FortiOS:
    config system csf
        set status enable
        set group-name "csf-d"
        config trusted-list
            edit "FDC-VMTM21000000"
                set serial "FDC-VMTM21000000"
            next
        end
    end

Configuring FortiDeceptor

Configuring FortiDeceptor

FortiDeceptor can be added to the Security Fabric so it appears in the topology views and the dashboard widgets.

To add FortiDeceptor to the Security Fabric in the GUI:
  1. Enable the Security Fabric (see Configuring the root FortiGate and downstream FortiGates for more details) with the following settings:
    1. Configure the interface to allow other Security Fabric devices to join.
    2. Enable Allow downstream device REST API access so the FortiDeceptor can communicate with the FortiGate, and select an Administrator profile. The minimum permission required for the selected Administrator profile is Read/Write for User & Device (set authgrp read-write).
  2. In FortiDeceptor, integrate the device:
    1. Go to Fabric > Integration Devices.
    2. Click Quarantine Integration With New Device.
    3. Click the toggle to enable the device.
    4. For Upstream IP Address, enter the root FortiGate's management IP address.

    5. Click Apply.
  3. Authorize the FortiDeceptor in FortiOS:
    1. Go to Security Fabric > Fabric Connectors.
    2. In the topology tree, click the highlighted FortiDeceptor serial number and select Authorize.

      The authorized device appears in the topology tree. Hover over the device name to view the tooltip.

      The Security Fabric widget on the dashboard also updates when the FortiDeceptor is authorized.

  4. Go to Security Fabric > Physical Topology or Security Fabric > Logical Topology to view more information.

    Physical topology view:

    Logical topology view:

To add FortiDeceptor to the Security Fabric in the CLI:
  1. Configure the interface to allow other Security Fabric devices to join:
    config system interface
        edit "wan1"
            ...
            set allowaccess ping https ssh snmp http fabric
            ...
        next
    end
  2. Enable the Security Fabric:
    config system csf
        set status enable
        set group-name "csf-d"
        set downstream-access enable
        set downstream-accprofile "super_admin"
    end
  3. In FortiDeceptor, integrate the device:
    1. Go to Fabric > Integration Devices.
    2. Click Quarantine Integration With New Device.
    3. Click the toggle to enable the device.
    4. For Upstream IP Address, enter the root FortiGate's management IP address.
    5. Click Apply.
  4. Authorize the FortiDeceptor in FortiOS:
    config system csf
        set status enable
        set group-name "csf-d"
        config trusted-list
            edit "FDC-VMTM21000000"
                set serial "FDC-VMTM21000000"
            next
        end
    end