Fortinet black logo

New Features

6.2.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0

Support FortiSandbox Cloud  6.2.1

Support FortiSandbox Cloud 6.2.1

Explicit proxy connections can leverage FortiSandbox Cloud for advanced threat scanning and updates.

The following options are available with config system fortiguard:

Option

Description

proxy-server-ip

IP address of the proxy server.

proxy-server-port

Port used to communicate with the proxy server.

proxy-username

Proxy user name.

proxy-password

Proxy user password.

For example:

config system fortiguard

set proxy-server-ip 172.16.200.44

set proxy-server-port 3128

set proxy-username "test1"

set proxy-password ENC Y0+KTg9UsILkv8+nDe+Pe3VlnlaHUMzLkfAXLATknW/xm/Xv7EdZHTnua1djM+waZA1vxCh8LV7Ci4sEhj/PABSTShStxskEn3E1+CjxviwVSljgF6AD+zJZF/+4jkspq+PogZT3LVO68+kqsPdU4rikuy1BbnsbZcPxC/MJyuIx7343bdKYqp+IUprQUR2wf8tiMg==

end

The following example shows an explicit proxy connection to FortiSandbox Cloud:

# diagnose debug application forticldd -1

Debug messages will be on for 30 minutes.

# diagnose debug enable

[2942] fds_handle_request: Received cmd 23 from pid-2526, len 0

[40] fds_queue_task: req-23 is added to Cloud-sandbox-controller

[178] fds_svr_default_task_xmit: try to get IPs for Cloud-sandbox-controller

[239] fds_resolv_addr: resolve aptctrl1.fortinet.com

[169] fds_get_addr: name=aptctrl1.fortinet.com, id=32, cb=0x2bc089

[101] dns_parse_resp: DNS aptctrl1.fortinet.com -> 172.16.102.21

[227] fds_resolv_cb: IP-1: 172.16.102.21

[665] fds_ctx_set_addr: server: 172.16.102.21:443

[129] fds_svr_default_pickup_server: Cloud-sandbox-controller: 172.16.102.21:443

[587] fds_https_start_server: server: 172.16.102.21:443

[579] ssl_new: SSL object is created

[117] https_create: proxy server 172.16.200.44 port:3128

[519] fds_https_connect: https_connect(172.16.102.21) is established.

[261] fds_svr_default_on_established: Cloud-sandbox-controller has connected to ip=172.16.102.21

[268] fds_svr_default_on_established: server-Cloud-sandbox-controller handles cmd-23

[102] fds_pack_objects: number of objects: 1

[75] fds_print_msg: FCPC: len=109

[81] fds_print_msg: Protocol=2.0

[81] fds_print_msg: Command=RegionList

[81] fds_print_msg: Firmware=FG101E-FW-6.02-0917

[81] fds_print_msg: SerialNumber=FG101E4Q17002429

[81] fds_print_msg: TimeZone=-7

[75] fds_print_msg: http req: len=248

[81] fds_print_msg: POST https://172.16.102.21:443/FCPService HTTP/1.1

[81] fds_print_msg: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

[81] fds_print_msg: Host: 172.16.102.21:443

[81] fds_print_msg: Cache-Control: no-cache

[81] fds_print_msg: Connection: close

[81] fds_print_msg: Content-Type: application/octet-stream

[81] fds_print_msg: Content-Length: 301

[524] fds_https_connect: http request to 172.16.102.21: header=248, ext=301.

[257] fds_https_send: sent 248 bytes: pos=0, len=248

[265] fds_https_send: 172.16.102.21: sent 248 byte header, now send 301-byte body

[257] fds_https_send: sent 301 bytes: pos=0, len=301

[273] fds_https_send: sent the entire request to server: 172.16.102.21:443

[309] fds_https_recv: read 413 bytes: pos=413, buf_len=2048

[332] fds_https_recv: received the header from server: 172.16.102.21:443, [HTTP/1.1 200

Content-Type: application/octet-stream

Content-Length: 279

Date: Thu, 20 Jun 2019 16:41:11 GMT

Connection: close]

[396] fds_https_recv: Do memmove buf_len=279, pos=279

[406] fds_https_recv: server: 172.16.102.21:443, buf_len=279, pos=279

[453] fds_https_recv: received a packet from server-172.16.102.21:443: sz=279, objs=1

[194] __ssl_data_ctx_free: Done

[839] ssl_free: Done

[830] ssl_disconnect: Shutdown

[481] fds_https_recv: obj-0: type=FCPR, len=87

[294] fds_svr_default_on_response: server-Cloud-sandbox-controller handles cmd-23

[75] fds_print_msg: fcpr: len=83

[81] fds_print_msg: Protocol=2.0

[81] fds_print_msg: Response=202

[81] fds_print_msg: ResponseItem=Region:Europe,Global,Japan,US

[81] fds_print_msg: existing:Japan

[3220] aptctrl_region_res: Got rsp: Region:Europe,Global,Japan,US

[3222] aptctrl_region_res: Got rsp: Region existing:Japan

[439] fds_send_reply: Sending 28 bytes data.

[395] fds_free_tsk: cmd=23; req.noreply=1

# [136] fds_on_sys_fds_change: trace

[2942] fds_handle_request: Received cmd 22 from pid-170, len 0

[40] fds_queue_task: req-22 is added to Cloud-sandbox-controller

[587] fds_https_start_server: server: 172.16.102.21:443

[579] ssl_new: SSL object is created

[117] https_create: proxy server 172.16.200.44 port:3128

[519] fds_https_connect: https_connect(172.16.102.21) is established.

[261] fds_svr_default_on_established: Cloud-sandbox-controller has connected to ip=172.16.102.21

[268] fds_svr_default_on_established: server-Cloud-sandbox-controller handles cmd-22

[102] fds_pack_objects: number of objects: 1

[75] fds_print_msg: FCPC: len=146

[81] fds_print_msg: Protocol=2.0

[81] fds_print_msg: Command=UpdateAPT

[81] fds_print_msg: Firmware=FG101E-FW-6.02-0917

[81] fds_print_msg: SerialNumber=FG101E4Q17002429

[81] fds_print_msg: TimeZone=-7

[81] fds_print_msg: TimeZoneInMin=-420

[81] fds_print_msg: DataItem=Region:US

[75] fds_print_msg: http req: len=248

[81] fds_print_msg: POST https://172.16.102.21:443/FCPService HTTP/1.1

[81] fds_print_msg: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

[81] fds_print_msg: Host: 172.16.102.21:443

[81] fds_print_msg: Cache-Control: no-cache

[81] fds_print_msg: Connection: close

[81] fds_print_msg: Content-Type: application/octet-stream

[81] fds_print_msg: Content-Length: 338

[524] fds_https_connect: http request to 172.16.102.21: header=248, ext=338.

[257] fds_https_send: sent 248 bytes: pos=0, len=248

[265] fds_https_send: 172.16.102.21: sent 248 byte header, now send 338-byte body

[257] fds_https_send: sent 338 bytes: pos=0, len=338

[273] fds_https_send: sent the entire request to server: 172.16.102.21:443

[309] fds_https_recv: read 456 bytes: pos=456, buf_len=2048

[332] fds_https_recv: received the header from server: 172.16.102.21:443, [HTTP/1.1 200

Content-Type: application/octet-stream

Content-Length: 322

Date: Thu, 20 Jun 2019 16:41:16 GMT

Connection: close]

[396] fds_https_recv: Do memmove buf_len=322, pos=322

[406] fds_https_recv: server: 172.16.102.21:443, buf_len=322, pos=322

[453] fds_https_recv: received a packet from server-172.16.102.21:443: sz=322, objs=1

[194] __ssl_data_ctx_free: Done

[839] ssl_free: Done

[830] ssl_disconnect: Shutdown

[481] fds_https_recv: obj-0: type=FCPR, len=130

[294] fds_svr_default_on_response: server-Cloud-sandbox-controller handles cmd-22

[75] fds_print_msg: fcpr: len=126

[81] fds_print_msg: Protocol=2.0

[81] fds_print_msg: Response=202

[81] fds_print_msg: ResponseItem=Server1:172.16.102.51:514

[81] fds_print_msg: Server2:172.16.102.52:514

[81] fds_print_msg: Contract:20210215

[81] fds_print_msg: NextRequest:86400

[615] parse_apt_contract_time_str: The APTContract is valid to Mon Feb 15 23:59:59 2021

[616] parse_apt_contract_time_str: FGT current local time is Thu Jun 20 09:41:16 2019

[3289] aptctrl_update_res: Got rsp: APT=172.16.102.51:514 APTAlter=172.16.102.52:514 next-upd=86400

[395] fds_free_tsk: cmd=22; req.noreply=1

Previous
Next

Support FortiSandbox Cloud 6.2.1

Explicit proxy connections can leverage FortiSandbox Cloud for advanced threat scanning and updates.

The following options are available with config system fortiguard:

Option

Description

proxy-server-ip

IP address of the proxy server.

proxy-server-port

Port used to communicate with the proxy server.

proxy-username

Proxy user name.

proxy-password

Proxy user password.

For example:

config system fortiguard

set proxy-server-ip 172.16.200.44

set proxy-server-port 3128

set proxy-username "test1"

set proxy-password ENC Y0+KTg9UsILkv8+nDe+Pe3VlnlaHUMzLkfAXLATknW/xm/Xv7EdZHTnua1djM+waZA1vxCh8LV7Ci4sEhj/PABSTShStxskEn3E1+CjxviwVSljgF6AD+zJZF/+4jkspq+PogZT3LVO68+kqsPdU4rikuy1BbnsbZcPxC/MJyuIx7343bdKYqp+IUprQUR2wf8tiMg==

end

The following example shows an explicit proxy connection to FortiSandbox Cloud:

# diagnose debug application forticldd -1

Debug messages will be on for 30 minutes.

# diagnose debug enable

[2942] fds_handle_request: Received cmd 23 from pid-2526, len 0

[40] fds_queue_task: req-23 is added to Cloud-sandbox-controller

[178] fds_svr_default_task_xmit: try to get IPs for Cloud-sandbox-controller

[239] fds_resolv_addr: resolve aptctrl1.fortinet.com

[169] fds_get_addr: name=aptctrl1.fortinet.com, id=32, cb=0x2bc089

[101] dns_parse_resp: DNS aptctrl1.fortinet.com -> 172.16.102.21

[227] fds_resolv_cb: IP-1: 172.16.102.21

[665] fds_ctx_set_addr: server: 172.16.102.21:443

[129] fds_svr_default_pickup_server: Cloud-sandbox-controller: 172.16.102.21:443

[587] fds_https_start_server: server: 172.16.102.21:443

[579] ssl_new: SSL object is created

[117] https_create: proxy server 172.16.200.44 port:3128

[519] fds_https_connect: https_connect(172.16.102.21) is established.

[261] fds_svr_default_on_established: Cloud-sandbox-controller has connected to ip=172.16.102.21

[268] fds_svr_default_on_established: server-Cloud-sandbox-controller handles cmd-23

[102] fds_pack_objects: number of objects: 1

[75] fds_print_msg: FCPC: len=109

[81] fds_print_msg: Protocol=2.0

[81] fds_print_msg: Command=RegionList

[81] fds_print_msg: Firmware=FG101E-FW-6.02-0917

[81] fds_print_msg: SerialNumber=FG101E4Q17002429

[81] fds_print_msg: TimeZone=-7

[75] fds_print_msg: http req: len=248

[81] fds_print_msg: POST https://172.16.102.21:443/FCPService HTTP/1.1

[81] fds_print_msg: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

[81] fds_print_msg: Host: 172.16.102.21:443

[81] fds_print_msg: Cache-Control: no-cache

[81] fds_print_msg: Connection: close

[81] fds_print_msg: Content-Type: application/octet-stream

[81] fds_print_msg: Content-Length: 301

[524] fds_https_connect: http request to 172.16.102.21: header=248, ext=301.

[257] fds_https_send: sent 248 bytes: pos=0, len=248

[265] fds_https_send: 172.16.102.21: sent 248 byte header, now send 301-byte body

[257] fds_https_send: sent 301 bytes: pos=0, len=301

[273] fds_https_send: sent the entire request to server: 172.16.102.21:443

[309] fds_https_recv: read 413 bytes: pos=413, buf_len=2048

[332] fds_https_recv: received the header from server: 172.16.102.21:443, [HTTP/1.1 200

Content-Type: application/octet-stream

Content-Length: 279

Date: Thu, 20 Jun 2019 16:41:11 GMT

Connection: close]

[396] fds_https_recv: Do memmove buf_len=279, pos=279

[406] fds_https_recv: server: 172.16.102.21:443, buf_len=279, pos=279

[453] fds_https_recv: received a packet from server-172.16.102.21:443: sz=279, objs=1

[194] __ssl_data_ctx_free: Done

[839] ssl_free: Done

[830] ssl_disconnect: Shutdown

[481] fds_https_recv: obj-0: type=FCPR, len=87

[294] fds_svr_default_on_response: server-Cloud-sandbox-controller handles cmd-23

[75] fds_print_msg: fcpr: len=83

[81] fds_print_msg: Protocol=2.0

[81] fds_print_msg: Response=202

[81] fds_print_msg: ResponseItem=Region:Europe,Global,Japan,US

[81] fds_print_msg: existing:Japan

[3220] aptctrl_region_res: Got rsp: Region:Europe,Global,Japan,US

[3222] aptctrl_region_res: Got rsp: Region existing:Japan

[439] fds_send_reply: Sending 28 bytes data.

[395] fds_free_tsk: cmd=23; req.noreply=1

# [136] fds_on_sys_fds_change: trace

[2942] fds_handle_request: Received cmd 22 from pid-170, len 0

[40] fds_queue_task: req-22 is added to Cloud-sandbox-controller

[587] fds_https_start_server: server: 172.16.102.21:443

[579] ssl_new: SSL object is created

[117] https_create: proxy server 172.16.200.44 port:3128

[519] fds_https_connect: https_connect(172.16.102.21) is established.

[261] fds_svr_default_on_established: Cloud-sandbox-controller has connected to ip=172.16.102.21

[268] fds_svr_default_on_established: server-Cloud-sandbox-controller handles cmd-22

[102] fds_pack_objects: number of objects: 1

[75] fds_print_msg: FCPC: len=146

[81] fds_print_msg: Protocol=2.0

[81] fds_print_msg: Command=UpdateAPT

[81] fds_print_msg: Firmware=FG101E-FW-6.02-0917

[81] fds_print_msg: SerialNumber=FG101E4Q17002429

[81] fds_print_msg: TimeZone=-7

[81] fds_print_msg: TimeZoneInMin=-420

[81] fds_print_msg: DataItem=Region:US

[75] fds_print_msg: http req: len=248

[81] fds_print_msg: POST https://172.16.102.21:443/FCPService HTTP/1.1

[81] fds_print_msg: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

[81] fds_print_msg: Host: 172.16.102.21:443

[81] fds_print_msg: Cache-Control: no-cache

[81] fds_print_msg: Connection: close

[81] fds_print_msg: Content-Type: application/octet-stream

[81] fds_print_msg: Content-Length: 338

[524] fds_https_connect: http request to 172.16.102.21: header=248, ext=338.

[257] fds_https_send: sent 248 bytes: pos=0, len=248

[265] fds_https_send: 172.16.102.21: sent 248 byte header, now send 338-byte body

[257] fds_https_send: sent 338 bytes: pos=0, len=338

[273] fds_https_send: sent the entire request to server: 172.16.102.21:443

[309] fds_https_recv: read 456 bytes: pos=456, buf_len=2048

[332] fds_https_recv: received the header from server: 172.16.102.21:443, [HTTP/1.1 200

Content-Type: application/octet-stream

Content-Length: 322

Date: Thu, 20 Jun 2019 16:41:16 GMT

Connection: close]

[396] fds_https_recv: Do memmove buf_len=322, pos=322

[406] fds_https_recv: server: 172.16.102.21:443, buf_len=322, pos=322

[453] fds_https_recv: received a packet from server-172.16.102.21:443: sz=322, objs=1

[194] __ssl_data_ctx_free: Done

[839] ssl_free: Done

[830] ssl_disconnect: Shutdown

[481] fds_https_recv: obj-0: type=FCPR, len=130

[294] fds_svr_default_on_response: server-Cloud-sandbox-controller handles cmd-22

[75] fds_print_msg: fcpr: len=126

[81] fds_print_msg: Protocol=2.0

[81] fds_print_msg: Response=202

[81] fds_print_msg: ResponseItem=Server1:172.16.102.51:514

[81] fds_print_msg: Server2:172.16.102.52:514

[81] fds_print_msg: Contract:20210215

[81] fds_print_msg: NextRequest:86400

[615] parse_apt_contract_time_str: The APTContract is valid to Mon Feb 15 23:59:59 2021

[616] parse_apt_contract_time_str: FGT current local time is Thu Jun 20 09:41:16 2019

[3289] aptctrl_update_res: Got rsp: APT=172.16.102.51:514 APTAlter=172.16.102.52:514 next-upd=86400

[395] fds_free_tsk: cmd=22; req.noreply=1

Previous
Next