Fortinet black logo

Cookbook

FortiSandbox

Copy Link
Copy Doc ID 5ede200c-a21f-11eb-b70b-00505692583a:660221
Download PDF

FortiSandbox

The Security Fabric supports FortiSandbox appliances and FortiSandbox Cloud. A FortiGate Cloud account is not required.

To use FortiSandbox in a Security Fabric, connect the FortiSandbox to the Security Fabric, then configure an antivirus profile to send files to the FortiSandbox. Sandbox inspection can also be used in Web Filter profiles.

FortiSandbox settings are configured on the root FortiGate of the Security Fabric. After configuration, the root FortiGate pushes the settings to other FortiGate devices in the Security Fabric.

To add a FortiSandbox appliance to the Security Fabric:
  1. On the root FortiGate, go to Security Fabric > Settings.
  2. Enable Sandbox Inspection and set the FortiSandbox Type to FortiSandbox Appliance.
  3. In the Server field, enter the FortiSandbox device's IP address.

  4. Optionally, enter a Notifier email.
  5. Click Apply.
  6. On the FortiSandbox appliance, go to Scan Input > Device.
  7. Edit the root FortiGate.
  8. Under Permissions, check the Authorized box.
  9. Click OK.
  10. Authorize the rest of the FortiGate devices that are in the Security Fabric.
To add a FortiSandbox Cloud instance to the Security Fabric:
  1. On the root FortiGate, go to Security Fabric > Settings.
  2. Enable Sandbox Inspection and set the FortiSandbox Type to FortiSandbox Cloud.
  3. Select the FortiSandbox cloud region from the drop-down list. Data from your network will only be sent to servers in the selected region.
  4. Click Apply.
Tooltip

If FortiSandbox Cloud is not visible in the GUI, run the execute forticloud-sandbox region and execute forticloud-sandbox update commands.

Antivirus profiles

An antivirus profile must be configured to send files to the FortiSandbox.

To configure an antivirus profile:
  1. On the FortiGate, go to Security Profile > AntiVirus.
  2. Create, edit, or clone an antivirus profile.

  3. Under APT Protection Options, set Send Files to FortiSandbox Appliance for Inspection to All Supported Files.
  4. Optionally, configure file exceptions.
  5. Enable Use FortiSandbox Database.
  6. Click OK.

Web Filter profiles

Sandbox inspection can be used in Web Filter profiles.

To configure a Web Filter profile:
  1. On the FortiGate, go to Security Profiles > Web Filter.
  2. Create, edit, or clone a profile.
  3. Under Static URL Filter, enable Block malicious URLs discovered by FortiSandbox.
  4. Click OK.

FortiSandbox

The Security Fabric supports FortiSandbox appliances and FortiSandbox Cloud. A FortiGate Cloud account is not required.

To use FortiSandbox in a Security Fabric, connect the FortiSandbox to the Security Fabric, then configure an antivirus profile to send files to the FortiSandbox. Sandbox inspection can also be used in Web Filter profiles.

FortiSandbox settings are configured on the root FortiGate of the Security Fabric. After configuration, the root FortiGate pushes the settings to other FortiGate devices in the Security Fabric.

To add a FortiSandbox appliance to the Security Fabric:
  1. On the root FortiGate, go to Security Fabric > Settings.
  2. Enable Sandbox Inspection and set the FortiSandbox Type to FortiSandbox Appliance.
  3. In the Server field, enter the FortiSandbox device's IP address.

  4. Optionally, enter a Notifier email.
  5. Click Apply.
  6. On the FortiSandbox appliance, go to Scan Input > Device.
  7. Edit the root FortiGate.
  8. Under Permissions, check the Authorized box.
  9. Click OK.
  10. Authorize the rest of the FortiGate devices that are in the Security Fabric.
To add a FortiSandbox Cloud instance to the Security Fabric:
  1. On the root FortiGate, go to Security Fabric > Settings.
  2. Enable Sandbox Inspection and set the FortiSandbox Type to FortiSandbox Cloud.
  3. Select the FortiSandbox cloud region from the drop-down list. Data from your network will only be sent to servers in the selected region.
  4. Click Apply.
Tooltip

If FortiSandbox Cloud is not visible in the GUI, run the execute forticloud-sandbox region and execute forticloud-sandbox update commands.

Antivirus profiles

An antivirus profile must be configured to send files to the FortiSandbox.

To configure an antivirus profile:
  1. On the FortiGate, go to Security Profile > AntiVirus.
  2. Create, edit, or clone an antivirus profile.

  3. Under APT Protection Options, set Send Files to FortiSandbox Appliance for Inspection to All Supported Files.
  4. Optionally, configure file exceptions.
  5. Enable Use FortiSandbox Database.
  6. Click OK.

Web Filter profiles

Sandbox inspection can be used in Web Filter profiles.

To configure a Web Filter profile:
  1. On the FortiGate, go to Security Profiles > Web Filter.
  2. Create, edit, or clone a profile.
  3. Under Static URL Filter, enable Block malicious URLs discovered by FortiSandbox.
  4. Click OK.