You can apply sandbox inspection with three types of security inspection: antivirus, web filter, and FortiClient compliance profiles. In this step, you add sandbox to all FortiGate devices in the Security Fabric individually, using the profiles that each FortiGate applies to network traffic.
In order to pass the Advanced Threat Protection check, you must add sandbox inspection to antivirus profiles for all FortiGate devices in the Security Fabric.
- Go to Security Profiles > AntiVirus and edit the default profile.
- Under Inspection Options, set Send Files to FortiSandbox Appliance for Inspection to All Supported Files.
- Go to Security Profiles > Web Filter and edit the default profile.
- Under Static URL Filter, enable Block malicious URLs discovered by FortiSandbox.
- Go to Security Profiles > FortiClient Compliance Profiles and edit the default profile. Enable Security Posture Check.
- Enable Realtime Protection and Scan with FortiSandbox.
Enable Use FortiSandbox Database, so that if the FortiSandbox discovers a threat, it adds a signature for that file to the antivirus signature database on the FortiGate.
If the FortiSandbox discovers a threat, the URL that threat came from is added to the list of URLs that are blocked by the FortiGate.