DATA SHEET

FortiDeceptor
Available in:

Appliance Virtual
Machine

Deceive | Expose | Eliminate

FortiDeceptor is designed Feature Benefits

to deceive, expose, and n Simple and Easy to Use with
eliminate external and a wizard-based setup of IT/
internal threats early in OT/ IoT decoys and lures fine-
tuned to your environment and
the attack kill chain and centrally manage a distributed
proactively block these deception deployment across
threats before any significant your IT and OT environments
damage occurs. n Rapid investigation with
intelligent incident correlation
Fortinet Security Fabric provides unified, end-to-end protection with Fortinet Next
into a campaign timeline of
Generation Firewalls to tackle advanced persistent threats. Adding FortiDeceptor
all activities including access,
as part of a Breach Protection strategy helps evolve your defenses from reactive
tools used, lateral movement,
to proactive with intrusion-based detection layered with contextual intelligence. It
and more, layered with
automates the blocking of attackers targeting IT devices and OT system controls.
contextual threat intelligence
FortiDeceptor automatically lays out a layer of decoys and lures, helping you
from FortiGuard Labs
conceal your sensitive and critical assets behind a fabricated Deception Surface to
n Eliminate Early Stage Attacks
confuse and redirect attackers while revealing their presence on your network.
with Security Fabric integration
including FortiGate, FortiNAC,
Advanced Threat Deception FortiEDR, FortiSOAR, and third-
party. Elevate threat visibility
DECEIVE external and internal threats with deceptive VM instances and hunting with FortiSIEM
aka decoys managed from a centralized location. Deploy a Deception and FortiAnalyzer
Surface of real Windows, Linux, VPN, Medical, IoT/OT, SCADA, and
SAP VMs with services that are indistinguishable from real assets,
e.g. production servers and lures embedded into devices designed to
uncover the attackers.

EXPOSE hacker activity with early and accurate detection and

actionable alerts enabled through tracing and correlation of an
attacker’s Tactics, Tools, and Procedures (TTPs) and active notification
via Web UI, Email, SNMP traps, logs, and events via FortiSIEM and
FortiAnalyzer.

ELIMINATE threats by automating threat response with FortiGates,

FortiNAC, FortiEDR, FortiSOAR, and third party security solutions via
Fortinet Security Fabric.

1
DATA SHEET | FortiDeceptor

DECEPTION WORKFLOW

Email Server Web Server

Router
OT Segment
1
@ OT Decoys
DMZ Segment

IoT Segment
1 DMZ Decoys 3 FortiGate 1
Medical IoT
Decoys

SYSLOG
IT Segment
1
Desktop
FortiSIEM
2 FortiDeceptor FortiSwitch Decoys

Endpoint/Server Deception Lure: Data Center

RDP, SMB, SSH, Cached Credentials, 1
FortiAnalyzer Network Connections, HoneyDocs Server,
Application
Decoys

FortiSOAR

1 FortiDeceptor deploys 2 FortiDeceptor acts as 3 FortiDeceptor allows

decoys with different OS an early warning system security analyst to manually
types equipped with lures that exposes attacker’s investigate and apply
(e.g. RDP/ SMB/ Credentials/ malicious intent and tracks manual remediation or
HoneyDocs) that appear lateral movement, which automatically block these
indistinguishable from real translates to real-time alerts attacks based on severity
IT and OT assets and are sent to FortiDeceptor, as before actual damage
highly interactive. well as FortiAnalyzer and occurs via integration
FortiSIEM for review and with FortiGate, FortiNAC,
validation. FortiDeceptor FortiEDR and FortiSIEM/
applies analytics powered FortiSOAR.
by FortiGuard Labs,
FortiSandbox, and
VirusTotal intelligence, to a
consolidated set of security
events and correlates them
to the campaigns with
timeline of activities.

Feature Integration
FortiGate: FortiDeceptor shown prominently in FortiGate’s
network topology map as a widget detailing system info,
status, and deception servers list.

2 2
 DATA SHEET | FortiDeceptor

SPECIFICATIONS

FORTIDECEPTOR 1000G
Capacity and Performance
Size RAM DDR4-2400 48 GB ECC RDIMM (16 GB*3)
On Board Flash 2 GB USB
Decoy VM Support Combination of Windows 7, Windows 10, Windows 10 (customizable BYOL), Windows Server 2016 and 2019 (customizable BYOL), Linux, VPN
Server, Medical (PACS, Infusion pump), POS, ERP, IoT (Router, Printer and Camera), SAP and/or SCADA, up to 20 Deception VMs and 128
VLANs
Decoy Services SSL VPN, SSH, SAMBA, SMB, RDP, HTTP/S, SQL, GIT, DICOM, Telnet, FTP, TFTP, SNMP, MODBUS, S7COMM, BACNET, IPMI, TRICONEX,
GUARDIAN-AST, IEC104, EtherNet/IP, DNP3, JET-DIRECT, RTSP, UPnP, CDP and TCP port listener
Deception VMs Shipped Deceptor Bundle Contract included license for Deception Decoys, Deception Lure plus FortiGuard Services Subscriptions (AREA, AV, IPS, and
Web Filtering).1 VLAN unit price, minimum order of 2 VLANs
Hardware Specifications
Form Factor 1 RU Rackmount
Total Interfaces 4 x GE (RJ45), 4 x GE (SFP)
Storage Capacity 2 TB (2 x 1 TB HDD)
Usable Storage (After RAID) 1 TB
Removable Hard Drives No
RAID 1 RAID 1
Default RAID Level 1

Optional (SKU: SP-FSA1000G-PS)

Power Supply 650W Redundant PSU (1+0)
Additional PSU (SKU: SP-FSA1000G-PS)

Dimensions
Height x Width x Length (inches) 1.73 x 17.24 x 23.62
Height x Width x Length (cm) 44 x 438 x 600
Weight 27.56 lbs (12.5 kg)

Environments
AC Power Supply 100-240 VAC, 60-50 Hz, 650W Redundant PSU (1+0)
Power Consumption (Max / Average) 253.2 W / 202.56 W
Heat Dissipation 863.92 (BTU/h)
Operating Temperature 32°F to 104°F (0°C to 40°C)
Storage Temperature -13°F to 158°F (-25°C to 70°C)
Humidity 10% to 90% (non-condensing)
Operating Altitude Up to 7400 ft (2250 m) *

Compliance
Safety Certifications FCC Part 15 Class A, RCM, VCCI, CE, UL/cUL, CB

* Operating at maximum temperature derates 1.5°C per 1,000 ft (305 m)

FORTIDECEPTOR VM

Capacity
Combination of Windows 7, Windows 10, Windows 10 (customizable BYOL), Windows Server 2016 and 2019 (customizable BYOL), Linux, VPN
Decoy VM Support
Server, Medical (PACS, Infusion pump), POS, ERP, IoT (Router, Printer and Camera), SAP and/or SCADA, up to 20 Decoys
SSL VPN, SSH, SAMBA, SMB, RDP, HTTP/S, SQL, GIT, DICOM, Telnet, FTP, TFTP, SNMP, MODBUS, S7COMM, BACNET, IPMI, TRICONEX,
Decoy Services
GUARDIAN-AST, IEC104, EtherNet/IP, DNP3, JET-DIRECT, RTSP, UPnP, CDP and TCP port listener
Deception VMs Shipped VM model 24x7 FortiCare, Deceptor Bundle Contract included license for Deception Decoys, Deception Lures plus FortiGuard Services
Subscriptions (AREA, AV, IPS, and Web Filtering). 1 network VLAN unit price, minimum order of 2 VLANs. Support up to 20 Deception VMs and
up to 128 network VLANS
Virtual Machine
Hypervisor Support VMWare vSphere ESXi 5.1, 5.5 or 6.0 and later, KVM, Hyper-V, AWS. AZURE, GCP
Virtual CPUs (Min / Max) 12 / Unlimited* Intel Virtualization Technology (VT-x/EPT) or AMD Virtualization (AMD-V/RVI)
Virtual Network Interfaces 6
Virtual Memory (Min / Max) 16 GB / Unlimited**
Virtual Storage (Min / Max) 200 GB / 16 TB***
* Fortinet recommends that the number of virtual CPUs is two plus the number of Deception VMs when each Deception VM requires 2vCPU.
** Fortinet recommends that the size of virtual memory is 4GB plus 2 GB for every Deception VM clone.
*** Fortinet recommends that the size of virtual storage is 1TB for production environment.

3
 DATA SHEET | FortiDeceptor

ORDER INFORMATION
FORTIDECEPTOR VM
Product SKU Description
FortiDeceptor-VM Subscription FC1-10-DCVMS-496-02-DD VM model 24x7 FortiCare, Deceptor Bundle Contract included license for Deception Decoys, Deception Lures plus
License FortiGuard Services Subscriptions (AREA, AV, IPS, and Web Filtering). 1 network VLAN unit price, minimum order of 2
VLANs. Support up to 20 Deception VMs and up to 128 network VLANS.
FORTIDECEPTOR HARDWARE
Product SKU Description
FortiDeceptor-1000G FDC-1000G FortiDeceptor 1000G Appliance. Support up to 20 Deception VMs and 128 VLANS.
FC1-10-DC1KG-495-02-DD Deceptor Bundle Contract included license for Deception Decoys, Deception Lure plus FortiGuard Services
Subscriptions (AREA, AV, IPS, and Web Filtering).1 VLAN unit price, minimum order of 2 VLANs.
FC-10-DC1KG-247-02-DD 24x7 FortiCare Contract.
FC-10-DC1KG-210-02-DD Next Day Delivery Premium RMA Service (requires 24x7 support).
FC-10-DC1KG-211-02-DD 4-Hour Hardware Delivery Premium RMA Service (requires 24x7 support).
FC-10-DC1KG-212-02-DD 4-Hour Hardware and Onsite Engineer  Premium RMA Service (requires 24x7 support).
FC-10-DC1KG-301-02-DD Secure RMA Service.
FORTIDECEPTOR LICENSES ADD-ONS
Product SKU Description
FortiDeceptor Central FC-10-FDCCM-497-02-DD Central Management license for up to 50 FortiDeceptor devices.
Management License
FortiDeceptor Windows LIC-FDC-WIN Expands FortiDeceptor Licensed Windows VM capacity by 2. (1) Win7 and (1) Win10 license added.
License*

* This Windows License applies to FDC-VMS and FDC-1000G only.

www.fortinet.com

Copyright © 2022 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product
or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other
conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser
that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any
such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise
revise this publication without notice, and the most current version of the publication shall be applicable.

Fortinet is committed to driving progress and sustainability for all through cybersecurity, with respect for human rights and ethical business practices, making possible a digital world you can always trust. You represent and warrant to Fortinet that you will not use
Fortinet’s products and services to engage in, or support in any way, violations or abuses of human rights, including those involving censorship, surveillance, detention, or excessive use of force. Users of Fortinet products are required to comply with the Fortinet EULA
(https://www.fortinet.com/content/dam/fortinet/assets/legal/EULA.pdf) and report any suspected violations of the EULA via the procedures outlined in the Fortinet Whistleblower Policy (https://secure.ethicspoint.com/domain/media/en/gui/19775/Whistleblower_Policy.pdf).

FDC-DAT-R14-20220407