Fortinet Document Library

Version:


Table of Contents

Cookbook

6.0.0
Download PDF
Copy Link

FortiSandbox in the Fortinet Security Fabric

In this recipe, you will add a FortiSandbox to the Fortinet Security Fabric and configure each FortiGate in the network to send suspicious files to FortiSandbox for sandbox inspection. The FortiSandbox scans and tests these files in isolation from your network.

This example uses the Security Fabric configuration created in Fortinet Security Fabric installation. The FortiSandbox connects to the root FortiGate in the Security Fabric, known as Edge. There are two connections between the devices:

  • FortiSandbox port 1 (administration port) connects to Edge port 16
  • FortiSandbox port 3 (VM outgoing port) connects to Edge port 13

If possible, you can also use a separate Internet connection for FortiSandbox port 3, rather than connecting through the Edge FortiGate to use your main Internet connection. This configuration avoids having IP addresses from your main network blacklisted if malware that’s tested on the FortiSandbox generates an attack. If you use this configuration, you can skip the steps listed for FortiSandbox port 3.

FortiSandbox in the Fortinet Security Fabric

In this recipe, you will add a FortiSandbox to the Fortinet Security Fabric and configure each FortiGate in the network to send suspicious files to FortiSandbox for sandbox inspection. The FortiSandbox scans and tests these files in isolation from your network.

This example uses the Security Fabric configuration created in Fortinet Security Fabric installation. The FortiSandbox connects to the root FortiGate in the Security Fabric, known as Edge. There are two connections between the devices:

  • FortiSandbox port 1 (administration port) connects to Edge port 16
  • FortiSandbox port 3 (VM outgoing port) connects to Edge port 13

If possible, you can also use a separate Internet connection for FortiSandbox port 3, rather than connecting through the Edge FortiGate to use your main Internet connection. This configuration avoids having IP addresses from your main network blacklisted if malware that’s tested on the FortiSandbox generates an attack. If you use this configuration, you can skip the steps listed for FortiSandbox port 3.