FortiDeceptor – System Settings

System Settings

Dashboard

The System Status dashboard displays widgets that provide information and enable you to configure basic system settings. All the widgets appear on a single dashboard. You can select which widgets to display and you can customize the widgets.

The following widgets are available.

System Information Basic information about the FortiDeceptor system, such as the serial number, system up time, and license status information.
System Resources Real-time usage status of the CPU and memory.
Top Critical Logs The top logs that are classified as Critical.
Deception VM License The list of VM license keys and their expiry dates.
Disk Monitor The RAID level and status, disk usage, and disk management information.
Incidents & Events Distribution Information about the number of incidents and events, and their level of severity.
Incidents & Events Count Number of events occurring each day.
Decoy Distribution by OS Number of decoys with a chart showing the OS such as Windows or Ubuntu.
Lure Distribution Number of decoys deployed with the chart showing the type of service such as SSH, Samba, SMB, SCADA, or RDP.
Incidents Distribution by Service Information about the number and types of incidents, such as SMB, HTTP, TCP, and so on.
Top 10 Attackers by Incidents The top 10 attackers by the number of incidents.
Top 10 Attackers by Events The top 10 attackers by the number of events.
Global Incidents Distribution Displays the number of Attackers by country on a global map.
Top 10 IPS attacks Displays the top 10 IPS attackers by the number of events.

Customizing the dashboard

You can customize the FortiDeceptor system dashboard. You can select which widgets to display and where they are located on the page.

  • To add a widget, click Add Widget in the Dashboard’s floating toolbar at the bottom, and then select the widgets you want to add.
  • To edit a widget, click the Edit icon in the in the widget’s title bar, change the settings, and click OK. l To move a widget, click and drag the widget’s title bar.
  • To refresh a widget’s data, click Refresh in the widget’s title bar.
  • To reset all widgets to their default settings, click Reset in the Dashboard’s floating toolbar at the bottom. l To hide a widget, click the Close icon in the widget’s title bar.

System Information

The System Information widget displays information about the FortiDeceptor unit and enables you to configure basic system settings.

This widget displays the following information and options.

Host Name The name assigned to this FortiDeceptor unit. Click Change to edit the FortiDeceptor host name.
Serial Number Serial number of this FortiDeceptor unit. The serial number is unique to the FortiDeceptor unit and does not change with firmware upgrades. The serial number is used for identification when connecting to the FortiGuard server.
System Time The current time on the FortiDeceptor internal clock or NTP server. Click Change to configure the system time.
Firmware Version Version and build number of the firmware installed on the FortiDeceptor unit.

To update the firmware, you must download the latest version from the Fortinet Customer Service & Support portal. Click Update or UPDATE AVAILABLE and select the firmware image to load from the local hard disk or network volume.

Firmware License To load a firmware license, click Upload License and select a license file.
System Configuration Date and time of the last system configuration backup. Click Backup/Restore to go to the System Recovery page.
Current User The administrator that is currently logged into the system.
Uptime Duration that the FortiDeceptor unit has been running since it booted up.
Deception OS Deception OS license activation and initialization status.

Displays an up icon if the Deception OS is activated and initialized. Displays a Caution icon if the Deception OS is initializing or having issues. Hover the mouse pointer on the status icon to view detailed information. For more information, see Log > All Events.

To go to Deception > Deception OS to see the images available on FortiDeceptor, click Update or UPDATE AVAILABLE.

After purchase, download the license file from the Fortinet Customer Service & Support portal. Then click Upload License to select the license file. The system reboots and activates the newly-installed Deception OS.

FDN Download Server Shows if the FDN download server is accessible. When the FDN download server is inaccessible, no update packages are downloaded.
Web Filtering Server Shows if the web filtering query server is accessible.
Antivirus DB Contract Brief information about this contract.
Antivirus Engine Contract Brief information about this contract.
IDS Engine/DB Contract Brief information about this contract.
Web Filtering Contract Brief information about this contract.
ARAE Engine Contract Brief information about this contract.
Custom VM Contract Brief information about this contract.

System Resources

This widget displays the following information and options.

CPU Usage Gauges the CPU percentage usage.
Memory Usage Gauges the Memory percentage usage.
Reboot/Shutdown Options to shut down or reboot the FortiDeceptor device.

Decoy Distribution by OS

This widget displays the following information in a pie chart.

Ubuntu Number and percentage of Ubuntu Decoy VMs.
Windows Number and percentage of Windows Decoy VMs.
SCADA Number and percentage of SCADA Decoy VMs.

Hover over the pie chart to see the percentage. Click the pie chart to split out a Decoy from the pie chart.

Lure Distribution

This widget displays the number of lures deployed with the following information in a pie chart.

SSH Number and percentage of decoy images using SSH service.
SAMBA Number and percentage of decoy images using SAMBA service.
SMB Number and percentage of decoy images using SMB service.
RDP Number and percentage of decoy images using RDP service.
HTTP Number and percentage of decoy images using HTTP service.
FTP Number and percentage of decoy images using FTP service.
TFTP Number and percentage of decoy images using TFTP service.
SNMP Number and percentage of decoy images using SNMP service.
MODBUS Number and percentage of decoy images using MODBUS service.
S7COMM Number and percentage of decoy images using S7COMM service.
BACNET Number and percentage of decoy images using BACNET service.
IPMI Number and percentage of decoy images using IPMI service.
TRICONEX Number and percentage of decoy images using TRICONEX service.
Guardian-AST Number and percentage of decoy images using Guardian-AST service.
IEC104 Number and percentage of decoy images using IEC104 service.

Hover over the pie chart to see the percentage. Click the pie chart to split out a service from the pie chart.

Top Critical Logs

This widget displays recent critical logs including the time and a brief description of the event.

Click the edit icon to change the refresh interval and top count.

Disk Monitor

This widget is only available in hardware-based models. This widget displays the RAID level and status, disk usage, and disk management information.

This widget displays the following information.

Summary Disk summary information including RAID level and status.
RAID Level The RAID level.
Disk Status The disk status.
Disk Usage The current level of disk usage.
Disk Number The disk number.
Disk Size The disk size.

Basic System Settings

Change the GUI idle timeout

By default, the GUI disconnects administrative sessions if there is no activity for five minutes.

To change the idle timeout length:

  1. Go to System > Settings.
  2. Change the Idle timeout minutes (1 to 480 minutes).
  3. Click OK.

The setting takes affect after you log out and log back in.

Microsoft Windows VM license activation

When Fortinet ships FortiDeceptor, the default Windows guest VM image is activated. The Windows VM license is in an unactivated state and need re-activation.

Log out of the unit

To log out of the unit:

  1. In the FortiDeceptor banner at the top-right, click the user name and select Logout.

If you only close the browser or browse to another web site, you remain logged in until the idle timeout period elapses.

Update FortiDeceptor firmware

A best practice is to stay current on patch releases for your current major release. Only update to a new major release or version when you are looking for specific functionality in the new major release or version. For more information, see the FortiDeceptorRelease Notes or contact Technical Support.

Before any firmware update, complete the following:

  • Download the FortiDeceptor firmware image and Release Notes document from the Fortinet Customer Service & Support Review the Release Notes, including the special notices, upgrade information, product integration and support, and resolved and known issues.
  • Back up your configuration file. It is highly recommended that you create a system backup file and save it to your management computer. You can also schedule the system to back up system configurations to a remote server.
  • Plan a maintenance window for the firmware update. If possible, consider setting up a test environment to check that the update does not negatively impact your network.

To update the FortiDeceptor firmware:

  1. Go to Dashboard > System Information > Firmware Version.
  2. In the System Information widget beside Firmware Version, click Update or UPDATE AVAILABLE.
  3. Click Choose File and locate the firmware image on your management computer; then click Submit to start the upgrade.

Alternatively, in the AVAILABLE FIRMWARE pane Install column, click the download icon beside the firmware release you want. The system upgrades and restarts automatically.

When the update is complete, test your FortiDeceptor device to ensure that the update was successful.

Reboot or shut down the unit

To avoid potential configuration or hardware problems, always use the GUI or CLI to reboot or shut down FortiDeceptor.

To reboot the FortiDeceptor unit:

  1. Go to Dashboard > System Resources.
  2. Click Reboot.
  3. Enter a reason for the reboot in the Reason
  4. Click OK.

After reboot, the FortiDeceptor VM initialization might about 30 minutes. The Decoy VM icon in the System Information widget shows a warning sign until the process completes.

When FortiDeceptor boots or reboots, the following critical event log message is normal:

The VM system is not running and might need more time to startup. Please check system logs formore details. If needed, please reboot system.

After upgrading FortiDeceptor to a new firmware version, the system might clean up data and a Database is not ready message displays. The clean up time depends on the size of historical data.

To shut down the FortiDeceptor unit:

  1. Go to Dashboard > System Resources.
  2. Click Shutdown.
  3. Enter a reason for the shutdown in the Reason
  4. Click OK.

Back up or restore the system configuration

We recommend that yous regular maintenance includes system backups. Always backup before upgrading firmware or making major system configuration changes. Save configuration backups to a management computer in case you need to restore the system after a network event.

To back up the FortiDeceptor configuration to your local management computer:

  1. Go to Dashboard > System Information > System Configuration.
  2. Click Backup/Restore.
  3. Click Click here to save your backup file.

To restore the FortiDeceptor configuration:

  1. Go to Dashboard >System Information > System Configuration.
  2. Click Backup/Restore.
  3. Click Choose File and locate the backup file on your management computer.
  4. Click Restore to load the backup file.
  5. Click OK.

When the system configuration restore process completes, the login page appears.

When you do a system restore, all configurations are replaced with the backup data. The system reboots automatically to complete the restore. Only the backup configuration file from the previous or the same release is supported.

Network

The Network page provides interface, DNS, and routing management options.

Interfaces

To view and manage interfaces, go to Network > Interfaces.

This page displays the following information and options:

Interface The interface name and description.

Failover IP is listed under this field with the descriptor: (clusterexternal port).

port1

(administration port)

Port1 is hard-coded as the administration interface. You can enable or disable HTTP, SSH, and Telnet access rights on port1. HTTPS is enabled by default. You can use port1 for Device mode although a different, dedicated port is recommended.
port2 Decoy VM deployment.
port3 Decoy VM deployment.
port4 Decoy VM deployment.
port5/port6 Decoy VM deployment.
port7/port8 Decoy VM deployment.
IPv4 The IPv4 IP address and subnet mask of the interface.
IPv6 The IPv6 IP address and subnet mask of the interface.
Interface Status The state of the interface:

l     Interface up l Interface down

l     Interface is being used by sniffer

Link Status The link status: l Link up l Link down
Access Rights The access rights associated with the interface. HTTPS is enabled by default on port1. You can enable HTTP, SSH, and Telnet access on port1.
Edit Select the interface and click Edit in the toolbar to edit the interface.

To edit an interface:

  1. Select the IPv4 or IPv6 address of an interface name and click Edit in the toolbar.
  2. Edit the IP Address / Netmask.
  3. If you want, you can change the Interface Status.
  4. Click OK.

To edit administrative access:

  1. Select port1 (administration port) and click Edit in the toolbar.
  2. Edit the Access Rights.

HTTPS is enabled by default. You can also enable HTTP, SSH, and Telnet support.

  1. If necessary, edit the IP Address / Netmask.
  2. Click OK.

DNS Configuration

You can configure the primary and secondary DNS server addresses in Network > System DNS.

System Routing

Use the Network > System Routing page to manage static routes of your FortiDeceptor device.

The following options are available:

Create New Create a new static route.
Edit Edit the selected static route.
Delete Delete the selected static route.

The following information is displayed:

IP/Mask   IP address and subnet mask.
Gateway   Gateway IP address.
Device   The interface associated with the static route.

To create a new static route:

  1. Click Create New.
  2. Enter the Destination IP address, Mask, and Gateway.
  3. Select a Device (or interface).
  4. Click OK.

To edit a static route:

  1. Select a Static Route
  2. Click Edit.
  3. Edit the destination IP address and mask, gateway, and device (or interface) as required.
  4. Click OK to apply the edits to the static route.

To delete a static route or routes:

  1. Select one or more Static Routes.
  2. Click Delete.
  3. Confirm the deletion.

 

This entry was posted in Administration Guides, FortiDeceptor on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.