Fortinet black logo

Handbook

Connecting a FortiGate to FortiSandbox

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:112601
Download PDF

Connecting a FortiGate to FortiSandbox

The procedures for connecting a FortiGate to FortiSandbox depend on whether you are using FortiSandbox Appliance or FortiSandbox Cloud.

If you are using FortiSandbox in a Fortinet Security Fabric, see FortiSandbox in the Fortinet Security Fabric.

After the FortiGate is connected to FortiSandbox, you can configure an AntiVirus profile for sending suspicious files for inspection. Sandbox integration can also be configured, for more information see Sandbox integration.

Connecting to FortiSandbox Appliance

  1. Connect the FortiSandbox Appliance to your FortiGate so that port 1 and port 3 on the FortiSandbox are on different subnets.

    note icon

    FortiSandbox port 3 is used for outgoing communication triggered by the execution of files under analysis. The FortiSandbox can accept files through any port, however, we recommend connecting through port 3 to a dedicated interface on your FortiGate to protect the rest of the network from threats being investigated by the FortiSandbox. Port 1 can be used to accept files but is generally reserved for managing the FortiSandbox.

  2. Enable FortiSandbox port 3 to connect to the Internet.
    1. On the FortiGate, go to Policy & Objects > IPv4 Policy and create a policy allowing connections from the FortiSandbox to the Internet (using the dedicated interface on the FortiGate).
    2. On FortiSandbox, to configure network settings for port 3 on FortiSandbox, go to Scan Policy > General.
  3. On the FortiSandbox, go to Network > System Routing and add static routes for port 1.
  4. On the FortiSandbox, go to Dashboard and locate the System Information widget. Now that the FortiSandbox has Internet access, it can activate its VM licenses. When a green arrow appears beside Windows VM, continue to the next step.
  5. On the FortiGate, go to Security Fabric > Settings. Select Enable Sandbox Inspection and select FortiSandbox Appliance. Set the IP Address and enter a Notifier Email. If you select Test Connectivity, the Status shows as Service is not configured because the FortiGate has not been authorized to connect to the FortiSandbox.
  6. On the FortiSandbox, go to Scan Input > Device. Edit the entry for the FortiGate. Under Permissions & Policy > Authorized, select the checkbox and click OK to authorize the FortiGate.
  7. On the FortiGate, go to Security Fabric > Settings and select Test Connectivity for the FortiSandbox. The Status now shows that Service is online.

Connecting to FortiSandbox Cloud

Before you can connect a FortiGate to FortiSandbox Cloud, you need an active FortiCloud account. For more information, see the FortiCloud documentation.

After you create a FortiCloud account, enable sandbox inspection. Go to Security Fabric > Settings, enable Sandbox Inspection, and set to FortiSandbox Cloud.

To see the results from FortiSandbox Cloud in the FortiGate logs, go to Log & Report > Log Settings and enable Send Logs to FortiCloud and set GUI Preferences is to display logs from FortiCloud.

Connecting a FortiGate to FortiSandbox

The procedures for connecting a FortiGate to FortiSandbox depend on whether you are using FortiSandbox Appliance or FortiSandbox Cloud.

If you are using FortiSandbox in a Fortinet Security Fabric, see FortiSandbox in the Fortinet Security Fabric.

After the FortiGate is connected to FortiSandbox, you can configure an AntiVirus profile for sending suspicious files for inspection. Sandbox integration can also be configured, for more information see Sandbox integration.

Connecting to FortiSandbox Appliance

  1. Connect the FortiSandbox Appliance to your FortiGate so that port 1 and port 3 on the FortiSandbox are on different subnets.

    note icon

    FortiSandbox port 3 is used for outgoing communication triggered by the execution of files under analysis. The FortiSandbox can accept files through any port, however, we recommend connecting through port 3 to a dedicated interface on your FortiGate to protect the rest of the network from threats being investigated by the FortiSandbox. Port 1 can be used to accept files but is generally reserved for managing the FortiSandbox.

  2. Enable FortiSandbox port 3 to connect to the Internet.
    1. On the FortiGate, go to Policy & Objects > IPv4 Policy and create a policy allowing connections from the FortiSandbox to the Internet (using the dedicated interface on the FortiGate).
    2. On FortiSandbox, to configure network settings for port 3 on FortiSandbox, go to Scan Policy > General.
  3. On the FortiSandbox, go to Network > System Routing and add static routes for port 1.
  4. On the FortiSandbox, go to Dashboard and locate the System Information widget. Now that the FortiSandbox has Internet access, it can activate its VM licenses. When a green arrow appears beside Windows VM, continue to the next step.
  5. On the FortiGate, go to Security Fabric > Settings. Select Enable Sandbox Inspection and select FortiSandbox Appliance. Set the IP Address and enter a Notifier Email. If you select Test Connectivity, the Status shows as Service is not configured because the FortiGate has not been authorized to connect to the FortiSandbox.
  6. On the FortiSandbox, go to Scan Input > Device. Edit the entry for the FortiGate. Under Permissions & Policy > Authorized, select the checkbox and click OK to authorize the FortiGate.
  7. On the FortiGate, go to Security Fabric > Settings and select Test Connectivity for the FortiSandbox. The Status now shows that Service is online.

Connecting to FortiSandbox Cloud

Before you can connect a FortiGate to FortiSandbox Cloud, you need an active FortiCloud account. For more information, see the FortiCloud documentation.

After you create a FortiCloud account, enable sandbox inspection. Go to Security Fabric > Settings, enable Sandbox Inspection, and set to FortiSandbox Cloud.

To see the results from FortiSandbox Cloud in the FortiGate logs, go to Log & Report > Log Settings and enable Send Logs to FortiCloud and set GUI Preferences is to display logs from FortiCloud.