Description
This article explains the reasons why the Deployment Network monitors IP and Decoy IP addresses are not reachable from outside if configured with a VLAN tag.
Scope
FortiDeceptor.
Solution
Five probabilities can cause this issue:
- The issue can be in the hypervisor if VMware version 6.5 or 6.7 is installed and has an issue with the network adapter so if the VM adapter E1000E changes to E1000, this is supposed to fix the issue if applicable.
- If the hypervisor virtual switch is not supporting or the MAC addresses mapping option is not enabled, it can cause the same issue.
FortiDeceptor has multiple VMs, and each one has its own MAC address, so the virtual switch should support the MAC address mapping or spoofing as the communication will be from the same adapter with multiple MAC addresses.
So it would be necessary to enable 'Promiscuous mode' in the virtual switch assigned to the Deployment network port.
Also, make sure to follow the below instructions:
Configuring FortiDeceptor VM networking
The below screenshot for this option in VMware:
-
If the physical switch port is configured with a VLAN tag, in this case, it is necessary to configure the deployment network with VLAN 0 not with the assigned VLAN.
-
In the case of Hyper-V, make sure that the option 'MAC address spoofing' is enabled. It is located under the advanced option in the network adapter configuration.
-
In the case of Nutanix AHV hypervisor, the network adapter should be in trunk mode instead of access to allow Multiple VLANs:
VLAN for Guest VMs
