Fortinet black logo

New Features

Support FortiSandbox Cloud  6.2.1

Copy Link
Copy Doc ID 761d83e3-4a7b-11e9-94bf-00505692583a:849192
Download PDF

Support FortiSandbox Cloud 6.2.1

Explicit proxy connections can leverage FortiSandbox Cloud for advanced threat scanning and updates.

The following options are available with config system fortiguard:

Option

Description

proxy-server-ip

IP address of the proxy server.

proxy-server-port

Port used to communicate with the proxy server.

proxy-username

Proxy user name.

proxy-password

Proxy user password.

For example:

config system fortiguard

set proxy-server-ip 172.16.200.44

set proxy-server-port 3128

set proxy-username "test1"

set proxy-password ENC Y0+KTg9UsILkv8+nDe+Pe3VlnlaHUMzLkfAXLATknW/xm/Xv7EdZHTnua1djM+waZA1vxCh8LV7Ci4sEhj/PABSTShStxskEn3E1+CjxviwVSljgF6AD+zJZF/+4jkspq+PogZT3LVO68+kqsPdU4rikuy1BbnsbZcPxC/MJyuIx7343bdKYqp+IUprQUR2wf8tiMg==

end

The following example shows an explicit proxy connection to FortiSandbox Cloud:

# diagnose debug application forticldd -1

Debug messages will be on for 30 minutes.

# diagnose debug enable

[2942] fds_handle_request: Received cmd 23 from pid-2526, len 0

[40] fds_queue_task: req-23 is added to Cloud-sandbox-controller

[178] fds_svr_default_task_xmit: try to get IPs for Cloud-sandbox-controller

[239] fds_resolv_addr: resolve aptctrl1.fortinet.com

[169] fds_get_addr: name=aptctrl1.fortinet.com, id=32, cb=0x2bc089

[101] dns_parse_resp: DNS aptctrl1.fortinet.com -> 172.16.102.21

[227] fds_resolv_cb: IP-1: 172.16.102.21

[665] fds_ctx_set_addr: server: 172.16.102.21:443

[129] fds_svr_default_pickup_server: Cloud-sandbox-controller: 172.16.102.21:443

[587] fds_https_start_server: server: 172.16.102.21:443

[579] ssl_new: SSL object is created

[117] https_create: proxy server 172.16.200.44 port:3128

[519] fds_https_connect: https_connect(172.16.102.21) is established.

[261] fds_svr_default_on_established: Cloud-sandbox-controller has connected to ip=172.16.102.21

[268] fds_svr_default_on_established: server-Cloud-sandbox-controller handles cmd-23

[102] fds_pack_objects: number of objects: 1

[75] fds_print_msg: FCPC: len=109

[81] fds_print_msg: Protocol=2.0

[81] fds_print_msg: Command=RegionList

[81] fds_print_msg: Firmware=FG101E-FW-6.02-0917

[81] fds_print_msg: SerialNumber=FG101E4Q17002429

[81] fds_print_msg: TimeZone=-7

[75] fds_print_msg: http req: len=248

[81] fds_print_msg: POST https://172.16.102.21:443/FCPService HTTP/1.1

[81] fds_print_msg: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

[81] fds_print_msg: Host: 172.16.102.21:443

[81] fds_print_msg: Cache-Control: no-cache

[81] fds_print_msg: Connection: close

[81] fds_print_msg: Content-Type: application/octet-stream

[81] fds_print_msg: Content-Length: 301

[524] fds_https_connect: http request to 172.16.102.21: header=248, ext=301.

[257] fds_https_send: sent 248 bytes: pos=0, len=248

[265] fds_https_send: 172.16.102.21: sent 248 byte header, now send 301-byte body

[257] fds_https_send: sent 301 bytes: pos=0, len=301

[273] fds_https_send: sent the entire request to server: 172.16.102.21:443

[309] fds_https_recv: read 413 bytes: pos=413, buf_len=2048

[332] fds_https_recv: received the header from server: 172.16.102.21:443, [HTTP/1.1 200

Content-Type: application/octet-stream

Content-Length: 279

Date: Thu, 20 Jun 2019 16:41:11 GMT

Connection: close]

[396] fds_https_recv: Do memmove buf_len=279, pos=279

[406] fds_https_recv: server: 172.16.102.21:443, buf_len=279, pos=279

[453] fds_https_recv: received a packet from server-172.16.102.21:443: sz=279, objs=1

[194] __ssl_data_ctx_free: Done

[839] ssl_free: Done

[830] ssl_disconnect: Shutdown

[481] fds_https_recv: obj-0: type=FCPR, len=87

[294] fds_svr_default_on_response: server-Cloud-sandbox-controller handles cmd-23

[75] fds_print_msg: fcpr: len=83

[81] fds_print_msg: Protocol=2.0

[81] fds_print_msg: Response=202

[81] fds_print_msg: ResponseItem=Region:Europe,Global,Japan,US

[81] fds_print_msg: existing:Japan

[3220] aptctrl_region_res: Got rsp: Region:Europe,Global,Japan,US

[3222] aptctrl_region_res: Got rsp: Region existing:Japan

[439] fds_send_reply: Sending 28 bytes data.

[395] fds_free_tsk: cmd=23; req.noreply=1

# [136] fds_on_sys_fds_change: trace

[2942] fds_handle_request: Received cmd 22 from pid-170, len 0

[40] fds_queue_task: req-22 is added to Cloud-sandbox-controller

[587] fds_https_start_server: server: 172.16.102.21:443

[579] ssl_new: SSL object is created

[117] https_create: proxy server 172.16.200.44 port:3128

[519] fds_https_connect: https_connect(172.16.102.21) is established.

[261] fds_svr_default_on_established: Cloud-sandbox-controller has connected to ip=172.16.102.21

[268] fds_svr_default_on_established: server-Cloud-sandbox-controller handles cmd-22

[102] fds_pack_objects: number of objects: 1

[75] fds_print_msg: FCPC: len=146

[81] fds_print_msg: Protocol=2.0

[81] fds_print_msg: Command=UpdateAPT

[81] fds_print_msg: Firmware=FG101E-FW-6.02-0917

[81] fds_print_msg: SerialNumber=FG101E4Q17002429

[81] fds_print_msg: TimeZone=-7

[81] fds_print_msg: TimeZoneInMin=-420

[81] fds_print_msg: DataItem=Region:US

[75] fds_print_msg: http req: len=248

[81] fds_print_msg: POST https://172.16.102.21:443/FCPService HTTP/1.1

[81] fds_print_msg: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

[81] fds_print_msg: Host: 172.16.102.21:443

[81] fds_print_msg: Cache-Control: no-cache

[81] fds_print_msg: Connection: close

[81] fds_print_msg: Content-Type: application/octet-stream

[81] fds_print_msg: Content-Length: 338

[524] fds_https_connect: http request to 172.16.102.21: header=248, ext=338.

[257] fds_https_send: sent 248 bytes: pos=0, len=248

[265] fds_https_send: 172.16.102.21: sent 248 byte header, now send 338-byte body

[257] fds_https_send: sent 338 bytes: pos=0, len=338

[273] fds_https_send: sent the entire request to server: 172.16.102.21:443

[309] fds_https_recv: read 456 bytes: pos=456, buf_len=2048

[332] fds_https_recv: received the header from server: 172.16.102.21:443, [HTTP/1.1 200

Content-Type: application/octet-stream

Content-Length: 322

Date: Thu, 20 Jun 2019 16:41:16 GMT

Connection: close]

[396] fds_https_recv: Do memmove buf_len=322, pos=322

[406] fds_https_recv: server: 172.16.102.21:443, buf_len=322, pos=322

[453] fds_https_recv: received a packet from server-172.16.102.21:443: sz=322, objs=1

[194] __ssl_data_ctx_free: Done

[839] ssl_free: Done

[830] ssl_disconnect: Shutdown

[481] fds_https_recv: obj-0: type=FCPR, len=130

[294] fds_svr_default_on_response: server-Cloud-sandbox-controller handles cmd-22

[75] fds_print_msg: fcpr: len=126

[81] fds_print_msg: Protocol=2.0

[81] fds_print_msg: Response=202

[81] fds_print_msg: ResponseItem=Server1:172.16.102.51:514

[81] fds_print_msg: Server2:172.16.102.52:514

[81] fds_print_msg: Contract:20210215

[81] fds_print_msg: NextRequest:86400

[615] parse_apt_contract_time_str: The APTContract is valid to Mon Feb 15 23:59:59 2021

[616] parse_apt_contract_time_str: FGT current local time is Thu Jun 20 09:41:16 2019

[3289] aptctrl_update_res: Got rsp: APT=172.16.102.51:514 APTAlter=172.16.102.52:514 next-upd=86400

[395] fds_free_tsk: cmd=22; req.noreply=1

Support FortiSandbox Cloud 6.2.1

Explicit proxy connections can leverage FortiSandbox Cloud for advanced threat scanning and updates.

The following options are available with config system fortiguard:

Option

Description

proxy-server-ip

IP address of the proxy server.

proxy-server-port

Port used to communicate with the proxy server.

proxy-username

Proxy user name.

proxy-password

Proxy user password.

For example:

config system fortiguard

set proxy-server-ip 172.16.200.44

set proxy-server-port 3128

set proxy-username "test1"

set proxy-password ENC Y0+KTg9UsILkv8+nDe+Pe3VlnlaHUMzLkfAXLATknW/xm/Xv7EdZHTnua1djM+waZA1vxCh8LV7Ci4sEhj/PABSTShStxskEn3E1+CjxviwVSljgF6AD+zJZF/+4jkspq+PogZT3LVO68+kqsPdU4rikuy1BbnsbZcPxC/MJyuIx7343bdKYqp+IUprQUR2wf8tiMg==

end

The following example shows an explicit proxy connection to FortiSandbox Cloud:

# diagnose debug application forticldd -1

Debug messages will be on for 30 minutes.

# diagnose debug enable

[2942] fds_handle_request: Received cmd 23 from pid-2526, len 0

[40] fds_queue_task: req-23 is added to Cloud-sandbox-controller

[178] fds_svr_default_task_xmit: try to get IPs for Cloud-sandbox-controller

[239] fds_resolv_addr: resolve aptctrl1.fortinet.com

[169] fds_get_addr: name=aptctrl1.fortinet.com, id=32, cb=0x2bc089

[101] dns_parse_resp: DNS aptctrl1.fortinet.com -> 172.16.102.21

[227] fds_resolv_cb: IP-1: 172.16.102.21

[665] fds_ctx_set_addr: server: 172.16.102.21:443

[129] fds_svr_default_pickup_server: Cloud-sandbox-controller: 172.16.102.21:443

[587] fds_https_start_server: server: 172.16.102.21:443

[579] ssl_new: SSL object is created

[117] https_create: proxy server 172.16.200.44 port:3128

[519] fds_https_connect: https_connect(172.16.102.21) is established.

[261] fds_svr_default_on_established: Cloud-sandbox-controller has connected to ip=172.16.102.21

[268] fds_svr_default_on_established: server-Cloud-sandbox-controller handles cmd-23

[102] fds_pack_objects: number of objects: 1

[75] fds_print_msg: FCPC: len=109

[81] fds_print_msg: Protocol=2.0

[81] fds_print_msg: Command=RegionList

[81] fds_print_msg: Firmware=FG101E-FW-6.02-0917

[81] fds_print_msg: SerialNumber=FG101E4Q17002429

[81] fds_print_msg: TimeZone=-7

[75] fds_print_msg: http req: len=248

[81] fds_print_msg: POST https://172.16.102.21:443/FCPService HTTP/1.1

[81] fds_print_msg: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

[81] fds_print_msg: Host: 172.16.102.21:443

[81] fds_print_msg: Cache-Control: no-cache

[81] fds_print_msg: Connection: close

[81] fds_print_msg: Content-Type: application/octet-stream

[81] fds_print_msg: Content-Length: 301

[524] fds_https_connect: http request to 172.16.102.21: header=248, ext=301.

[257] fds_https_send: sent 248 bytes: pos=0, len=248

[265] fds_https_send: 172.16.102.21: sent 248 byte header, now send 301-byte body

[257] fds_https_send: sent 301 bytes: pos=0, len=301

[273] fds_https_send: sent the entire request to server: 172.16.102.21:443

[309] fds_https_recv: read 413 bytes: pos=413, buf_len=2048

[332] fds_https_recv: received the header from server: 172.16.102.21:443, [HTTP/1.1 200

Content-Type: application/octet-stream

Content-Length: 279

Date: Thu, 20 Jun 2019 16:41:11 GMT

Connection: close]

[396] fds_https_recv: Do memmove buf_len=279, pos=279

[406] fds_https_recv: server: 172.16.102.21:443, buf_len=279, pos=279

[453] fds_https_recv: received a packet from server-172.16.102.21:443: sz=279, objs=1

[194] __ssl_data_ctx_free: Done

[839] ssl_free: Done

[830] ssl_disconnect: Shutdown

[481] fds_https_recv: obj-0: type=FCPR, len=87

[294] fds_svr_default_on_response: server-Cloud-sandbox-controller handles cmd-23

[75] fds_print_msg: fcpr: len=83

[81] fds_print_msg: Protocol=2.0

[81] fds_print_msg: Response=202

[81] fds_print_msg: ResponseItem=Region:Europe,Global,Japan,US

[81] fds_print_msg: existing:Japan

[3220] aptctrl_region_res: Got rsp: Region:Europe,Global,Japan,US

[3222] aptctrl_region_res: Got rsp: Region existing:Japan

[439] fds_send_reply: Sending 28 bytes data.

[395] fds_free_tsk: cmd=23; req.noreply=1

# [136] fds_on_sys_fds_change: trace

[2942] fds_handle_request: Received cmd 22 from pid-170, len 0

[40] fds_queue_task: req-22 is added to Cloud-sandbox-controller

[587] fds_https_start_server: server: 172.16.102.21:443

[579] ssl_new: SSL object is created

[117] https_create: proxy server 172.16.200.44 port:3128

[519] fds_https_connect: https_connect(172.16.102.21) is established.

[261] fds_svr_default_on_established: Cloud-sandbox-controller has connected to ip=172.16.102.21

[268] fds_svr_default_on_established: server-Cloud-sandbox-controller handles cmd-22

[102] fds_pack_objects: number of objects: 1

[75] fds_print_msg: FCPC: len=146

[81] fds_print_msg: Protocol=2.0

[81] fds_print_msg: Command=UpdateAPT

[81] fds_print_msg: Firmware=FG101E-FW-6.02-0917

[81] fds_print_msg: SerialNumber=FG101E4Q17002429

[81] fds_print_msg: TimeZone=-7

[81] fds_print_msg: TimeZoneInMin=-420

[81] fds_print_msg: DataItem=Region:US

[75] fds_print_msg: http req: len=248

[81] fds_print_msg: POST https://172.16.102.21:443/FCPService HTTP/1.1

[81] fds_print_msg: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

[81] fds_print_msg: Host: 172.16.102.21:443

[81] fds_print_msg: Cache-Control: no-cache

[81] fds_print_msg: Connection: close

[81] fds_print_msg: Content-Type: application/octet-stream

[81] fds_print_msg: Content-Length: 338

[524] fds_https_connect: http request to 172.16.102.21: header=248, ext=338.

[257] fds_https_send: sent 248 bytes: pos=0, len=248

[265] fds_https_send: 172.16.102.21: sent 248 byte header, now send 338-byte body

[257] fds_https_send: sent 338 bytes: pos=0, len=338

[273] fds_https_send: sent the entire request to server: 172.16.102.21:443

[309] fds_https_recv: read 456 bytes: pos=456, buf_len=2048

[332] fds_https_recv: received the header from server: 172.16.102.21:443, [HTTP/1.1 200

Content-Type: application/octet-stream

Content-Length: 322

Date: Thu, 20 Jun 2019 16:41:16 GMT

Connection: close]

[396] fds_https_recv: Do memmove buf_len=322, pos=322

[406] fds_https_recv: server: 172.16.102.21:443, buf_len=322, pos=322

[453] fds_https_recv: received a packet from server-172.16.102.21:443: sz=322, objs=1

[194] __ssl_data_ctx_free: Done

[839] ssl_free: Done

[830] ssl_disconnect: Shutdown

[481] fds_https_recv: obj-0: type=FCPR, len=130

[294] fds_svr_default_on_response: server-Cloud-sandbox-controller handles cmd-22

[75] fds_print_msg: fcpr: len=126

[81] fds_print_msg: Protocol=2.0

[81] fds_print_msg: Response=202

[81] fds_print_msg: ResponseItem=Server1:172.16.102.51:514

[81] fds_print_msg: Server2:172.16.102.52:514

[81] fds_print_msg: Contract:20210215

[81] fds_print_msg: NextRequest:86400

[615] parse_apt_contract_time_str: The APTContract is valid to Mon Feb 15 23:59:59 2021

[616] parse_apt_contract_time_str: FGT current local time is Thu Jun 20 09:41:16 2019

[3289] aptctrl_update_res: Got rsp: APT=172.16.102.51:514 APTAlter=172.16.102.52:514 next-upd=86400

[395] fds_free_tsk: cmd=22; req.noreply=1