Fortinet black logo

Cookbook

FortiSandbox in the Fortinet Security Fabric

Copy Link
Copy Doc ID 4d801240-7ccc-11e9-81a4-00505692583a:823575
Download PDF

FortiSandbox in the Fortinet Security Fabric

This example shows you how to add a FortiSandbox to the Fortinet Security Fabric and configure each FortiGate in the network to send suspicious files to FortiSandbox for sandbox inspection. FortiSandbox scans and tests these files in isolation from your network.

This example uses the Security Fabric example configuration created in the Fortinet Security Fabric collection. The FortiSandbox connects to the external root FortiGate in the Security Fabric, known as Edge. There are two connections between the devices:

  • FortiSandbox port 1 (administration port) connects to External port 16.
  • FortiSandbox port 3 (VM outgoing port) connects to External port 13.

You can use a separate Internet connection for FortiSandbox port 3 rather than connect through the external FortiGate to use your main Internet connection. This configuration avoids getting IP addresses from your main network blacklisted if malware tested on the FortiSandbox generates an attack. If you use this configuration, you can skip the steps listed for FortiSandbox port 3.

FortiSandbox in the Fortinet Security Fabric

This example shows you how to add a FortiSandbox to the Fortinet Security Fabric and configure each FortiGate in the network to send suspicious files to FortiSandbox for sandbox inspection. FortiSandbox scans and tests these files in isolation from your network.

This example uses the Security Fabric example configuration created in the Fortinet Security Fabric collection. The FortiSandbox connects to the external root FortiGate in the Security Fabric, known as Edge. There are two connections between the devices:

  • FortiSandbox port 1 (administration port) connects to External port 16.
  • FortiSandbox port 3 (VM outgoing port) connects to External port 13.

You can use a separate Internet connection for FortiSandbox port 3 rather than connect through the external FortiGate to use your main Internet connection. This configuration avoids getting IP addresses from your main network blacklisted if malware tested on the FortiSandbox generates an attack. If you use this configuration, you can skip the steps listed for FortiSandbox port 3.