System
Use the System pages to manage and configure the basic system options for FortiDeceptor. This includes administrator configuration, mail server settings, and maintenance information.
The System menu provides access to the following:
| Administrators | Configure administrator user accounts. |
| Admin Profile | Configure user profiles to define user privileges. |
| Certificates | Configure CA certificates. |
| LDAP Servers | Configure LDAP servers. |
| RADIUS Servers | Configure RADIUS servers. |
| Mail Server | Configure the mail server. |
| SNMP | Configure SNMP. |
| FortiGuard | Configure FortiGuard settings and upgradeable packages. |
| Settings | Configure the idle timeout or reset all widgets to their default state. |
| Login Disclaimer | Configure the Login Disclaimer. |
| Table Customization | Define columns and order of Incident and Event tables. |
Administrators
Use the System > Administrators page to configure administrator user accounts.
If the user whose Admin Profile does not have Read Write privilege under System > Admin Profiles, the user can only view and edit their own information.
The following options are available:
| Create New | Create a new administrator account. |
| Edit | Edit the selected entry. |
| Delete | Delete the selected entry. |
| Test Login | Test the selected user’s login settings. If an error occurs, a debug message appears. |
The following information is displayed:
| Name | The administrator account name. | |
| Type | The administrator type: l Local |
| l LDAP l RADIUS | |
| Profile | The Admin Profile the user belongs to. |
To create a new user:
- Log in using an account with Read/Write access and go to System > Administrators.
- Click Create New.
- Configure the following:
| Administrator | Name of the administrator account. The name must be 1 to 30 characters using upper-case letters, lower-case letters, numbers, or the underscore character (_). |
| Password, Confirm Password | Password of the account. The password must be 6 to 64 characters using upper-case letters, lower-case letters, numbers, or special characters.
This field is available when Type is set to Local. |
| Type | Select Local, LDAP, or RADIUS. |
| LDAP Server | When Type is LDAP, select an LDAP Server. For more information, see LDAP Servers on page 29. |
| RADIUS Server | When Type is RADIUS, select a RADIUS Server. For more information, see RADIUS Servers. |
| Admin Profile | Select the Admin Profile. |
| Trusted Host 1, Trusted Host 2, Trusted Host 3 | Enter up to three IPv4 trusted hosts. Only users from trusted hosts can access FortiDeceptor. |
| Trusted IPv6 Host 1, Trusted
IPv6 Host 2, Trusted IPv6 Host 3 |
Enter up to three IPv6 trusted hosts. Only users from trusted hosts can access FortiDeceptor. |
| Comments | Enter an optional comment. |
Setting trusted hosts for administrators limits what computers an administrator can use to log into FortiDeceptor. When you identify a trusted host, FortiDeceptor only accepts the administrator’s login from the configured IP address or subnet. Attempts to log in with the same credentials from another IP address or subnet are dropped.
- Click OK.
To edit a user account:
- Log in using an account with Read/Write access and go to System > Administrators.
- Select and account and click Edit.
Only the admin user can edit its own settings.
You must enter the old password before you can set a new password.
- Edit the account and click OK.
To delete one or more user accounts:
- Log in using an account with Read/Write access and go to System > Administrators.
- Select the user account you want to delete.
- Click Delete and confirm that you want to delete the user.
To test LDAP or RADIUS logins:
- Log in using an account with Read/Write access and go to System > Administrators.
- Select an LDAP or RADIUS user to test.
- Click Test Login.
- Enter the user password.
- Click OK.
If an error occurs, a debug message appears.
Admin Profiles
Use administrator profiles to control administrator access privileges to system features. When you create an administrator account, you assign a profile to the account.
You cannot modify or delete the following predefined administrator profiles:
l SuperAdmin has access to all functionality. l Read only has read-only access.
Only users with the Super Admin profile can create, edit, and delete administrator profiles. Users can create, edit, and delete administrator profiles if they have Read Write privilege in their profile.
The Menu Access section has the following settings:
| None | User cannot view or make changes to that page. |
| Read Only | User can view but not make any change to that page, except session-related user settings such as Table Customization, Dashboard, or Attack Map filter. |
| Read Write | User can view and make changes to that page. |
The CLI Commands section has the following settings:
| None | User cannot execute CLI commands. |
| Execute | User can execute CLI commands. |
To create an Administrator Profile:
- Go to System > Admin Profiles.
- Click Create New.
- Specify the Profile Name.
- If you wish, add a Comment.
- Specify the privileges for Menu Access:
- Dashboard l Dashboard
- Deception
- Customization l Deception OS l Deployment Network l Deployment Wizard l Decoy & Lure Status l Decoy Map
- Whitelist
- Incident l Analysis l Campaign l Attack Map
- Fabric
- FortiGate Integration l Quarantine Status l IOC Export
- Network
- Interfaces
- System DNS l System Routing
- System
- Administrators l Admin Profiles l Certificates l LDAP Servers l RADIUS Servers l Mail Server
- SNMP
- FortiGuard l Settings l Login Disclaimer l System Settings l Table Customization
- Log
- All Events l Log Servers
- Specify the privileges for CLI Commands:
- Configuration l Set l Unset
- System l Reboot l Shutdown l Reset Configuration l Factory Reset l Firmware Upgrade l Reset Widgets l IP Tables l test-network l usg-license
- Upload VM Firmware License l Resize VM Hard Disk l Set Confirm ID for Windows VM l List VM License l Show VM Status l VM reset l DC Image Status l Set Maintainer l Set Timeout for Remote Auth l Data Purge l Log Purge l DMZ Mode
- fdn-pkg l Utilities
- TCP Dump
- Trace Route
- Click Save.
Certificates
Use this page to import, view, and delete certificates. Certificates are used for secure connection to an LDAP server, system HTTPS, and SSH services. FortiDeceptor has one default certificate firmware.
FortiDeceptor does not support generating certificates. FortiDeceptor supports importing certificates for SSH and HTTPS access using .crt, PKCS12, or .pem format.
The following options are available:
| Import | Import a certificate. | |
| Service | Configure specific certificates for HTTP and SSH servers. | |
| View | View the selected CA certificate details. | |
| Delete | Delete the selected certificate. | |
The following information is displayed:
| Name | Name of the certificate. |
| Subject | Subject of the certificate. |
| Status | The certificate status, active or expired. |
| Service | HTTPS or SSH service that is using this certificate. |
To import a certificate:
- Go to System > Certificates.
- Click Import.
- Enter the Certificate Name.
- If you want to import a password protected PKCS12 certificate, select PKCS12 Format.
- Click Choose File and locate the certificate and key files on your management computer.
- Click OK to import the certificate.
To view a certificate:
- Go to System > Certificates.
- Select a certificate and click View.
The following information is available:
| Certificate Name | Name of the certificate. |
| Status | Certificate status. |
| Serial number | Certificate serial number. |
| Issuer | Issuer of the certificate. |
| Subject | Subject of the certificate. |
| Effective date | Date and time that the certificate became effective. |
| Expiration date | Date and time that the certificate expires. |
To delete a CA certificate:
- Go to System > Certificates.
- Select the certificate you want to delete.
- Click Delete and confirm you want to delete the certificate.
LDAP Servers
FortiDeceptor supports remote authentication of administrators using LDAP servers. To use this feature, configure the server entries in FortiDeceptor for each authentication server in your network.
If you have configured LDAP support and require users to authenticate using an LDAP server, FortiDeceptor contacts the LDAP server for authentication. To authenticate with FortiDeceptor, the user enters a user name and password. FortiDeceptor sends this user name and password to the LDAP server. If the LDAP server can authenticate the user, FortiDeceptor authenticates the user. If the LDAP server cannot authenticate the user, FortiDeceptor refuses the connection.
The following options are available:
| Create New | Add an LDAP server. |
| Edit | Edit the selected LDAP server. |
| Delete | Delete the selected LDAP server. |
The following information is displayed:
| Name | LDAP server name. |
| Address | LDAP server address. |
| Common Name | LDAP common name. |
| Distinguished Name | LDAP distinguished name. |
| Bind Type | LDAP bind type. |
| Connection Type | LDAP connection type. |
To create a new LDAP server:
- Go to System > LDAP Servers.
- Click Create New.
- Configure the following settings:
| Name | A unique name to identify the LDAP server. |
| Server Name/IP | IP address or FQDN of the LDAP server. |
| Port | The port for LDAP traffic. The default port is 389. |
| Common Name | Common name identifier of the LDAP server.
Most LDAP servers use cn. Some servers use other common name identifiers such as uid. |
| Distinguished Name | Distinguished name used to look up entries on LDAP servers. The distinguished name reflects the hierarchy of LDAP database object classes above the common name identifier. |
| Bind Type | The type of binding for LDAP authentication: l Simple l Anonymous l Regular |
| Username | When the Bind Type is set to Regular, enter the user name. |
| Password | When the Bind Type is set to Regular, enter the password. |
| Enable Secure Connection | Use a secure LDAP server connection for authentication. |
| Protocol | When Enable Secure Connection is selected, select LDAPS or STARTTLS. |
| CA Certificate | When Enable Secure Connection is selected, select a CA Certificate. |
- Click OK.
RADIUS Servers
FortiDeceptor supports remote authentication of administrators using RADIUS servers. To use this feature, configure the server entries in FortiDeceptor for each authentication server in your network.
If you have configured RADIUS support and require users to authenticate using a RADIUS server, FortiDeceptor contacts the RADIUS server for authentication. To authenticate with FortiDeceptor, the user enters a user name and password. FortiDeceptor sends this user name and password to the RADIUS server. If the RADIUS server can authenticate the user, FortiDeceptor authenticates the user. If the RADIUS server cannot authenticate the user, FortiDeceptor refuses the connection.
The following options are available:
| Create New | Add a RADIUS server. | |
| Edit | Edit the selected RADIUS server. | |
| Delete | Delete the selected RADIUS server. |
The following information is displayed:
| Name | RADIUS server name. |
| Primary Address | Primary server IP address. |
| Secondary Address | Secondary server IP address. |
| Port | Port used for RADIUS traffic. The default port is 1812. |
| Auth Type | The authentication type the RADIUS server requires.
Select Any, PAP, CHAP, or MSv2. Any means FortiDeceptor tries all authentication types. |
To add a RADIUS server:
- Go to System > RADIUS Servers.
- Click Create New.
- Configure the following settings:
| Name | A unique name to identify the RADIUS server. |
| Primary Server Name/IP | IP address or FQDN of the primary RADIUS server. |
| Secondary Server Name/IP | IP address or FQDN of the secondary RADIUS server. |
| Port | Port for RADIUS traffic.
The default port is 1812. |
| Auth Type | Authentication type the RADIUS server requires.
Select Any, PAP, CHAP, or MSv2. Any means FortiDeceptor tries all authentication types. |
| Primary Secret | Primary RADIUS server secret. |
| Secondary Secret | Secondary RADIUS server secret. |
| NAS IP | NAS IP address. |
- Click OK.
Mail Server
Use the System > Mail Server page to adjust mail server settings.
You can configure the following options:
| Send Incidents Alerts | When enabled, FortiDeceptor sends an email alert to the ReceiverEmail List when it detects an incident. | |
| SMTP Server Address | SMTP server address. | |
| Port | SMTP server port number. | |
| E-Mail Account | The mail server email account. This is the “from” address. | |
| Login Account | The mail server login account. | |
| Password, Confirm Password | Enter and confirm the password. | |
| Receiver Email List | Enter one or more receiver email addresses. | |
| Send Test Email | Send a test email to the global email list.
If an error occurs, the error message appears at the top of the page and is recorded in the System Logs. |
|
SNMP
SNMP is a method to monitor your FortiDeceptor system on your local computer. You need an SNMP agent on your computer to read the SNMP information. Using SNMP, your FortiDeceptor system monitors for system events including CPU usage, memory usage, log disk space, interface changes, and malware detection. Go to System > SNMP to configure your FortiDeceptor system’s SNMP settings.
SNMP has two parts: the SNMP agent or the device that is sending traps, and the SNMP manager that monitors those traps. The SNMP communities on the monitored FortiDeceptor are hard coded and configured in the SNMP menu.
The FortiDeceptor SNMP implementation is read-only — SNMP v1, v2c, v3 compliant SNMP manager applications, such as those on your local computer, have read-only access to FortiDeceptor system information and can receive FortiDeceptor system traps.
You can also download FortiDeceptor and Fortinet core MIB files.
Configure the SNMP agent
The SNMP agent sends SNMP traps that originate on FortiDeceptor to an external monitoring SNMP manager defined in one of the FortiDeceptor SNMP communities. Typically, an SNMP manager is an application on a local computer that can read the SNMP traps and then generate reports or graphs.
The SNMP manager can monitor FortiDeceptor to determine if it is operating properly or if critical events are occurring. The description, location, and contact information for this FortiDeceptor system is part of the information an SNMP manager collects. This information is useful if the SNMP manager is monitoring many devices, and it enables a faster response when FortiDeceptor requires attention.
To configure SNMP agents:
- Go to System > SNMP.
- Configure the following settings:
| SNMP Agent | When enabled, the FortiDeceptor SNMP agent sends FortiDeceptor SNMP traps. | ||
| Description | Description of this FortiDeceptor to identify this unit. | ||
| Location | Location of this FortiDeceptor if it requires attention. | ||
| Contact | Contact information of the person in charge of this FortiDeceptor. | ||
| SNMP v1/v2c | Create, edit, or delete SNMP v1 and v2c communities. You can enable or disable communities in the edit page. Columns include: Community Name, Queries, Traps, Enable. | ||
| SNMP v3 | Create, edit, or delete SNMP v3 entries. You can enable or disable queries in the edit page. Columns include: Username, Security Level, Notification Host, and Queries. | ||
To create an SNMP v1/v2c community:
- Go to System > SNMP.
- In the SNMP v1/v2c section, click Create New.
- Configure the following settings:
| Enable | Enable the SNMP community. |
| Community Name | The name that identifies the SNMP community. |
| Hosts | The list of hosts that can use the settings in this SNMP community to monitor FortiDeceptor. |
| IP/Netmask | IP address and netmask of the SNMP hosts. Click Add to add additional hosts. |
| Queries v1, Queries v2c | Port number and if it is enabled.
Enable queries for each SNMP version that FortiDeceptor uses. |
| Traps v1, Traps v2c | Local port number, remote port number, and if it is enabled.
Enable traps for each SNMP version that FortiDeceptor uses. |
| SNMP Events | Events that cause FortiDeceptor to send SNMP traps to the community:
l CPU usage is high l Memory is low l Log disk space is low l Incident is detected |
- Click OK.
To create an SNMP v3 user:
- Go to System > SNMP.
- In the SNMP v3 section, click Create New.
- Configure the following settings:
| Username | Name of the SNMPv3 user. |
| Security Level | Security level of the user: l None
l Authentication only l Encryption and authentication |
| Authentication | Authentication is required when Security Level is either Authentication only or Encryption and authentication. |
| Method | Authentication method: l MD5 (Message Digest 5 algorithm) l SHA1 (Secure Hash algorithm) |
| Password | Authentication password of at least eight characters. |
| Encryption | Encryption is required if Security Level is Encryption and authentication. |
| Method | Encryption method: l DES l AES |
| Key | Encryption key of at least eight characters. |
| Notification Hosts (Traps) | |
| IP/Netmask | IP address and netmask. Click Add to add more hosts. |
| Query | |
| Port | Port number and if it is enabled. |
| SNMP V3 Events | SNMP events associated with that user:
l CPU usage is high l Memory is low l Log disk space is low l Incident is detected |
- Click OK.
To download MIB files:
- At the bottom of the SNMP page, select the MIB file you want to download to your management computer.
FortiGuard
- Go to System > FortiGuard.
- The following options and information are available:
| Module Name The FortiGuard module name, including: AntiVirus Scanner, AntiVirus Extended Signature, AntiVirus Active Signature, AntiVirus Extreme Signature, IDS Engine, IDS Signature, Anti-Reconnaissance & Anti-Exploit Engine.
All modules automatically install update packages when they are available on the FDN. |
| Current Version The current version of the module. |
| Release Time The time that module was released. |
| Last Update Time The time that module was last updated. |
| Last Check Status The status of the last update attempt. |
| Upload Package File Select Browse to locate a package file on the management computer, then select Submit to upload the package file to the FortiDeceptor.
When the unit has no access to the Fortinet FDN servers, the user can go to the Customer Service and Support site to download package files manually. |
| FortiGuard Server Select FDN servers for package update and Web Filtering query. By default, the
Location selection is Nearest, which means the closest FDN server according to the unit’s time zone is used. When US Region is selected, only servers inside Unite States are used. |
| FortiGuard Server Settings |
| Use override FDN Select to enable an override FDN server, or FortiManager, to download module server to update, then enter the server IP address or FQDN in the text box. When an download module overridden FDN server is used, FortiGuard Server Location will be disabled. updates Click Connect FDN Now button to schedule an immediate update check. |
| Connect FDN Click the Connect FDN Now button to connect the override FDN server/Proxy. Now |
| FortiGuard Web Filter Settings |
| Use override Select to enable an override server address for web filtering query, then enter the server address server IP address (IP address or IP address:port) or FQDN in the text box. for web filtering By default, the closest web filtering server according to the unit’s time zone is query used.
If port is not provided, target UDP port 53 will be used. |
- Click Apply to apply your changes.
Settings
Go to System > Settings to configure the idle timeout for the administrator account.
To configure idle timeout:
- Go to System > Settings.
- Enter a value between 1 and 480 minutes.
- Click OK.
To reset all widgets:
You can reset all the widgets in the Dashboard by clicking the Reset button.
Login Disclaimer
Go to System > Login Disclaimer to customize the warning message, and to enable or disable the login disclaimer.
If enabled, the disclaimer appears when a user tries to log into the unit.
Table Customization
To customize the columns available for Incidents or Events:
- Go to System > Table Customization.
- In the Incident Columns pane, drag and drop the columns from the Available Column Headers to the Customized Column Headers and Orders.
- In the Event Columns pane, drag and drop the columns from the Available Column Headers to the Customized Column Headers and Orders.
- In the Table Settings pane, specify the Page Size and select the View Type.
- Click Save.