Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Examples

    7.4.0
    7.4.0
    7.2.0
    7.0.0
    6.4.0

    Configuring FortiAnalyzer to detect FortiSandbox devices

    Configuring FortiAnalyzer to detect FortiSandbox devices

    You can use FortiAnalyzer to monitor FortiSandbox devices. Some configurations are required on FortiSandbox to add the device to FortiAnalyzer. After you add the device, go to FortiView > Threats > FortiSandbox Detection to view the scanned files.

    To detect FortiSandbox on FortiAnalyzer:
    1. Create a firewall policy on FortiSandbox.
    2. Create a log server on FortiSandbox.
    3. Add FortiSandbox to FortiAnalyzer.

    Creating a firewall policy on FortiSandbox

    You can use the CLI console in FortiSandbox to configure a firewall policy, then specify the IP address of the FortiAnalyzer you want to monitor the FortiSandbox.

    To create a firewall policy on FortiSandbox:
    1. In the FortiGate device, click the CLI Console icon on the right-side of the banner on any page.
    2. Specify the FortiSandbox in the global configuration:

      config antivirus profile

      edit "test"

      set ftgd-analytics everything config http

      set options scan avmonitor

      end config ftp

      set options scan avmonitor

      end config imap

      set options scan

      end config pop3

      set options scan

      end config smtp

      set options scan

      end config nntp

      set options scan

      end

      next

      end

    3. Create an antivirus profile to allow FortiGate to submit all files scanned by AntiVirus to FortiSandbox. The following is a sample AntiVirus profile:

      config firewall policy

      edit 13

      set name "to-server1"

      set uuid 5107b480-3d19-51e8-f1c1-571602a6375b

      set srcintf "lan"

      set dstintf "wan1"

      set srcaddr "net-local"

      set dstaddr "server1"

      set action accept

      set schedule "always"

      set service "ALL"

      set utm-status enable

      set logtraffic all

      set fsso disable

      set av-profile "test"

      set ssl-ssh-profile "certificate-inspection"

      set nat enable

      next

      end

    4. Use the antivirus profile in the firewall policy. The following is a sample firewall policy:

      config firewall policy

      edit 13

      set name "to-server1"

      set uuid 5107b480-3d19-51e8-f1c1-571602a6375b

      set srcintf "lan"

      set dstintf "wan1"

      set srcaddr "net-local"

      set dstaddr "server1"

      set action accept

      set schedule "always"

      set service "ALL"

      set utm-status enable

      set logtraffic all

      set fsso disable

      set av-profile "test"

      set ssl-ssh-profile "certificate-inspection"

      set nat enable

      next

      end

    5. Specify the IP address of the FortiAnalyzer unit for FortiGate to send logs.

      configure log fortianalyzer setting

      set status enable

      set server <ip address of FortiAnalyzer> set upload-option realtime

      end

    Creating a log server for FortiAnalyzer

    Use FortiSandbox to create a log server to specify the FortiAnalyzer that will monitor the scanned files.

    To create a log server on FortiSandbox:
    1. On FortiSandbox, go to Log & Report > Log Servers.
    2. Click Create New in the toolbar and configure the following settings:
      NameEnter a name for the new server entry.
      TypeSelect FortiAnalyzer from the dropdown list.
      Log Server AddressEnter the log server IP address for the FortiAnalyzer device.
      PortEnter the port number. The default port is 514.
      StatusSelect Enable to send logs to the server.
      Log Level

      • Set the logging levels to be forwarded to the log server. The following options are available:

        Enable Alert Logs. By default, only logs of non-Clean rated jobs are sent. Users can choose to send Clean Job Alert Logs by selecting Include job with Clean Rating.
      • Enable Critical Logs
      • Enable Error Logs
      • Enable Warning Logs
      • Enable Information Logs
      • Enable Debug Logs

    Adding FortiSandbox to FortiAnalyzer

    You can use the IP address of the configured FortiSandbox to add it to FortiAnalyzer with Device Manager.

    To add the FortiSandbox:
    1. In FortiAnalyzer, go to Device Manager.
    2. Click Add Device, and enter the FortiSandbox information into the dialog box.
      Device Name Type a name for the FortiSandbox device.

      Link Device By

      Serial Number.

      Serial NumberType the serial number for the FortiSandbox device.
      Device ModelSelect the model of the FortiSandbox device.
      DescriptionType a description of the FortiSandbox device (optional).
    3. Click Next.
      The device is added to the ADOM and, if successful, is ready to begin sending logs to the FortiAnalyzer unit.
    4. Click Finish.
    5. In Device Manager, select the FortiSandbox you added, and click Edit in the toolbar.
    6. Enter the Admin User and Password to allow FortiAnalyzer to access the FortiSandbox, then click OK.
    To view FortiSandbox scanned files:
    1. Go to FortiView > FortiView > Threats > FortiSandbox Detection to view the files scanned by FortiSandbox.
    2. Click a file to view the Drilldown Panel.

    3. Click the FortiSandbox Scan link to view the Sandbox Execution Details panel.
    Previous
    Next

    Configuring FortiAnalyzer to detect FortiSandbox devices

    Configuring FortiAnalyzer to detect FortiSandbox devices

    You can use FortiAnalyzer to monitor FortiSandbox devices. Some configurations are required on FortiSandbox to add the device to FortiAnalyzer. After you add the device, go to FortiView > Threats > FortiSandbox Detection to view the scanned files.

    To detect FortiSandbox on FortiAnalyzer:
    1. Create a firewall policy on FortiSandbox.
    2. Create a log server on FortiSandbox.
    3. Add FortiSandbox to FortiAnalyzer.

    Creating a firewall policy on FortiSandbox

    You can use the CLI console in FortiSandbox to configure a firewall policy, then specify the IP address of the FortiAnalyzer you want to monitor the FortiSandbox.

    To create a firewall policy on FortiSandbox:
    1. In the FortiGate device, click the CLI Console icon on the right-side of the banner on any page.
    2. Specify the FortiSandbox in the global configuration:

      config antivirus profile

      edit "test"

      set ftgd-analytics everything config http

      set options scan avmonitor

      end config ftp

      set options scan avmonitor

      end config imap

      set options scan

      end config pop3

      set options scan

      end config smtp

      set options scan

      end config nntp

      set options scan

      end

      next

      end

    3. Create an antivirus profile to allow FortiGate to submit all files scanned by AntiVirus to FortiSandbox. The following is a sample AntiVirus profile:

      config firewall policy

      edit 13

      set name "to-server1"

      set uuid 5107b480-3d19-51e8-f1c1-571602a6375b

      set srcintf "lan"

      set dstintf "wan1"

      set srcaddr "net-local"

      set dstaddr "server1"

      set action accept

      set schedule "always"

      set service "ALL"

      set utm-status enable

      set logtraffic all

      set fsso disable

      set av-profile "test"

      set ssl-ssh-profile "certificate-inspection"

      set nat enable

      next

      end

    4. Use the antivirus profile in the firewall policy. The following is a sample firewall policy:

      config firewall policy

      edit 13

      set name "to-server1"

      set uuid 5107b480-3d19-51e8-f1c1-571602a6375b

      set srcintf "lan"

      set dstintf "wan1"

      set srcaddr "net-local"

      set dstaddr "server1"

      set action accept

      set schedule "always"

      set service "ALL"

      set utm-status enable

      set logtraffic all

      set fsso disable

      set av-profile "test"

      set ssl-ssh-profile "certificate-inspection"

      set nat enable

      next

      end

    5. Specify the IP address of the FortiAnalyzer unit for FortiGate to send logs.

      configure log fortianalyzer setting

      set status enable

      set server <ip address of FortiAnalyzer> set upload-option realtime

      end

    Creating a log server for FortiAnalyzer

    Use FortiSandbox to create a log server to specify the FortiAnalyzer that will monitor the scanned files.

    To create a log server on FortiSandbox:
    1. On FortiSandbox, go to Log & Report > Log Servers.
    2. Click Create New in the toolbar and configure the following settings:
      NameEnter a name for the new server entry.
      TypeSelect FortiAnalyzer from the dropdown list.
      Log Server AddressEnter the log server IP address for the FortiAnalyzer device.
      PortEnter the port number. The default port is 514.
      StatusSelect Enable to send logs to the server.
      Log Level

      • Set the logging levels to be forwarded to the log server. The following options are available:

        Enable Alert Logs. By default, only logs of non-Clean rated jobs are sent. Users can choose to send Clean Job Alert Logs by selecting Include job with Clean Rating.
      • Enable Critical Logs
      • Enable Error Logs
      • Enable Warning Logs
      • Enable Information Logs
      • Enable Debug Logs

    Adding FortiSandbox to FortiAnalyzer

    You can use the IP address of the configured FortiSandbox to add it to FortiAnalyzer with Device Manager.

    To add the FortiSandbox:
    1. In FortiAnalyzer, go to Device Manager.
    2. Click Add Device, and enter the FortiSandbox information into the dialog box.
      Device Name Type a name for the FortiSandbox device.

      Link Device By

      Serial Number.

      Serial NumberType the serial number for the FortiSandbox device.
      Device ModelSelect the model of the FortiSandbox device.
      DescriptionType a description of the FortiSandbox device (optional).
    3. Click Next.
      The device is added to the ADOM and, if successful, is ready to begin sending logs to the FortiAnalyzer unit.
    4. Click Finish.
    5. In Device Manager, select the FortiSandbox you added, and click Edit in the toolbar.
    6. Enter the Admin User and Password to allow FortiAnalyzer to access the FortiSandbox, then click OK.
    To view FortiSandbox scanned files:
    1. Go to FortiView > FortiView > Threats > FortiSandbox Detection to view the files scanned by FortiSandbox.
    2. Click a file to view the Drilldown Panel.

    3. Click the FortiSandbox Scan link to view the Sandbox Execution Details panel.
    Previous
    Next