Fortinet black logo

Administration Guide

FortiSandbox

FortiSandbox

The Security Fabric supports FortiSandbox appliances and FortiSandbox Cloud. A FortiGate Cloud account is not required.

To use FortiSandbox in a Security Fabric, connect the FortiSandbox to the Security Fabric, then configure an antivirus profile to send files to the FortiSandbox. Sandbox inspection can also be used in web filter profiles.

FortiSandbox settings are configured on the root FortiGate of the Security Fabric. After configuration, the root FortiGate pushes the settings to other FortiGate devices in the Security Fabric.

Note

Either a FortiSandbox appliance or FortiSandbox Cloud can be configured. If one is configured, then the other will not be available.

To add a FortiSandbox appliance to the Security Fabric:
  1. On the root FortiGate, go to Security Fabric > Fabric Connectors and double-click the FortiSandbox card.
  2. Set Status to Enable.
  3. In the Server field, enter the FortiSandbox device's IP address.

  4. Optionally, enter a Notifier email.
  5. Click OK.
  6. On the FortiSandbox device, go to Scan Input > Device.
  7. Edit the root FortiGate.
  8. Under Permissions, check the Authorized box.
  9. Click OK.
  10. Authorize the rest of the FortiGate devices that are in the Security Fabric.
To add a FortiSandbox cloud instance to the Security Fabric:
  1. On the root FortiGate, go to Security Fabric > Fabric Connectors and double-click the FortiSandbox Cloud card.
  2. Set Status to Enable.
  3. Select the FortiSandbox cloud Region from the dropdown list. Data from your network will only be sent to servers in the selected region.

  4. Click OK.
Tooltip

If FortiSandbox Cloud is not visible in the GUI, run the execute forticloud-sandbox region and execute forticloud-sandbox update commands.

Antivirus profiles

An antivirus profile must be configured to send files to the FortiSandbox.

To configure an antivirus profile:
  1. On the FortiGate, go to Security Profile > AntiVirus.
  2. Create, edit, or clone an antivirus profile.

  3. Under APT Protection Options, set Send Files to FortiSandbox Appliance for Inspection to All Supported Files.
  4. Optionally, configure file exceptions.
  5. Enable Use FortiSandbox database.
  6. Click OK.

Web Filter profiles

Sandbox inspection can be used in Web Filter profiles.

To configure a web filter profile:
  1. On the FortiGate, go to Security Profiles > Web Filter.
  2. Create, edit, or clone a profile.
  3. Under Static URL Filter, enable Block malicious URLs discovered by FortiSandbox.
  4. Click OK.

FortiSandbox

The Security Fabric supports FortiSandbox appliances and FortiSandbox Cloud. A FortiGate Cloud account is not required.

To use FortiSandbox in a Security Fabric, connect the FortiSandbox to the Security Fabric, then configure an antivirus profile to send files to the FortiSandbox. Sandbox inspection can also be used in web filter profiles.

FortiSandbox settings are configured on the root FortiGate of the Security Fabric. After configuration, the root FortiGate pushes the settings to other FortiGate devices in the Security Fabric.

Note

Either a FortiSandbox appliance or FortiSandbox Cloud can be configured. If one is configured, then the other will not be available.

To add a FortiSandbox appliance to the Security Fabric:
  1. On the root FortiGate, go to Security Fabric > Fabric Connectors and double-click the FortiSandbox card.
  2. Set Status to Enable.
  3. In the Server field, enter the FortiSandbox device's IP address.

  4. Optionally, enter a Notifier email.
  5. Click OK.
  6. On the FortiSandbox device, go to Scan Input > Device.
  7. Edit the root FortiGate.
  8. Under Permissions, check the Authorized box.
  9. Click OK.
  10. Authorize the rest of the FortiGate devices that are in the Security Fabric.
To add a FortiSandbox cloud instance to the Security Fabric:
  1. On the root FortiGate, go to Security Fabric > Fabric Connectors and double-click the FortiSandbox Cloud card.
  2. Set Status to Enable.
  3. Select the FortiSandbox cloud Region from the dropdown list. Data from your network will only be sent to servers in the selected region.

  4. Click OK.
Tooltip

If FortiSandbox Cloud is not visible in the GUI, run the execute forticloud-sandbox region and execute forticloud-sandbox update commands.

Antivirus profiles

An antivirus profile must be configured to send files to the FortiSandbox.

To configure an antivirus profile:
  1. On the FortiGate, go to Security Profile > AntiVirus.
  2. Create, edit, or clone an antivirus profile.

  3. Under APT Protection Options, set Send Files to FortiSandbox Appliance for Inspection to All Supported Files.
  4. Optionally, configure file exceptions.
  5. Enable Use FortiSandbox database.
  6. Click OK.

Web Filter profiles

Sandbox inspection can be used in Web Filter profiles.

To configure a web filter profile:
  1. On the FortiGate, go to Security Profiles > Web Filter.
  2. Create, edit, or clone a profile.
  3. Under Static URL Filter, enable Block malicious URLs discovered by FortiSandbox.
  4. Click OK.