Fortinet white logo
Fortinet white logo

Handbook

6.0.0

FortiSandbox

FortiSandbox

The Security Fabric supports both FortiSandbox Appliance and FortiSandbox Cloud. To use FortiSandbox Cloud, you must first activate a FortiCloud account.

To use FortiSandbox in a Security Fabric, you connect the FortiSandbox to the Security Fabric and then configure an antivirus profile to send files to the FortiSandbox. You can also use sandbox inspection in web filtering and FortiClient compliance profiles.

Connect the FortiSandbox to the Security Fabric

You configure FortiSandbox settings on the root FortiGate in the Security Fabric. After you configure these settings, the root FortiGate pushes them to the other FortiGate devices in the Security Fabric.

  1. On the root FortiGate, go to Security Fabric > Settings.
  2. Enable Sandbox Inspection.
  3. Select either FortiSandbox Appliance or FortiSandbox Cloud.
  4. If you're using a FortiSandbox Appliance, set Server to the IP address for the FortiSandbox.
  5. Select Apply.
  6. On the FortiSandbox, go to Scan Input > Device.
  7. Edit the root FortiGate.
  8. Under Permissions & Policies, select Authorized.
  9. Select OK.
  10. Authorize the other FortiGate devices in the Security Fabric.

Configure antivirus profiles

  1. Go to Security Profiles > AntiVirus.
  2. Create a new profile, edit an existing profile, or clone and edit an existing profile.
  3. Under Inspection Options, set Send Files to FortiSandbox Appliance/Cloud for Inspection to All Supported Files.
  4. Enable Use FortiSandbox Database.
  5. Select OK.

Configure web filter profiles

  1. Go to Security Profiles > Web Filter.
  2. Create a new profile, edit an existing profile, or clone and edit an existing profile.
  3. Under Static URL Filter, enable Block malicious URLs discovered by FortiSandbox.
  4. Select OK.

Configure FortiClient compliance profiles

  1. Go to Security Profiles > FortiClient Compliance Profiles.
  2. Create a new profile, edit an existing profile, or clone and edit an existing profile.
  3. Enable Security Posture Check.
  4. Enable Realtime Protection and Scan with FortiSandbox.
  5. Select OK.

Related Videos

sidebar video

Fortinet Security Fabric 6.0.0 Series - Part 4: Connectors

  • 1,364 views
  • 5 years ago

FortiSandbox

FortiSandbox

The Security Fabric supports both FortiSandbox Appliance and FortiSandbox Cloud. To use FortiSandbox Cloud, you must first activate a FortiCloud account.

To use FortiSandbox in a Security Fabric, you connect the FortiSandbox to the Security Fabric and then configure an antivirus profile to send files to the FortiSandbox. You can also use sandbox inspection in web filtering and FortiClient compliance profiles.

Connect the FortiSandbox to the Security Fabric

You configure FortiSandbox settings on the root FortiGate in the Security Fabric. After you configure these settings, the root FortiGate pushes them to the other FortiGate devices in the Security Fabric.

  1. On the root FortiGate, go to Security Fabric > Settings.
  2. Enable Sandbox Inspection.
  3. Select either FortiSandbox Appliance or FortiSandbox Cloud.
  4. If you're using a FortiSandbox Appliance, set Server to the IP address for the FortiSandbox.
  5. Select Apply.
  6. On the FortiSandbox, go to Scan Input > Device.
  7. Edit the root FortiGate.
  8. Under Permissions & Policies, select Authorized.
  9. Select OK.
  10. Authorize the other FortiGate devices in the Security Fabric.

Configure antivirus profiles

  1. Go to Security Profiles > AntiVirus.
  2. Create a new profile, edit an existing profile, or clone and edit an existing profile.
  3. Under Inspection Options, set Send Files to FortiSandbox Appliance/Cloud for Inspection to All Supported Files.
  4. Enable Use FortiSandbox Database.
  5. Select OK.

Configure web filter profiles

  1. Go to Security Profiles > Web Filter.
  2. Create a new profile, edit an existing profile, or clone and edit an existing profile.
  3. Under Static URL Filter, enable Block malicious URLs discovered by FortiSandbox.
  4. Select OK.

Configure FortiClient compliance profiles

  1. Go to Security Profiles > FortiClient Compliance Profiles.
  2. Create a new profile, edit an existing profile, or clone and edit an existing profile.
  3. Enable Security Posture Check.
  4. Enable Realtime Protection and Scan with FortiSandbox.
  5. Select OK.