Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiProxy 7.4.5 Administration Guide
    7.4.5
    7.6.0
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.0
    7.0.19
    7.0.17
    7.0.0
    2.0.0
    1.2.0
    1.1.0
    1.0.0

    Using FortiSandbox post-transfer scanning with antivirus

    Using FortiSandbox post-transfer scanning with antivirus

    Antivirus profiles can submit potential zero-day viruses to FortiSandbox for inspection. Based on FortiSandbox's analysis, the FortiProxy can supplement its own antivirus database with FortiSandbox's threat intelligence to detect files determined as malicious or suspicious. This augments the FortiProxy antivirus with zero-day detection.

    The FortiProxy first examines the file for any known viruses. When a match is found, the file is tagged as known malware. If no match is found, the files are forwarded to FortiSandbox using the following options:

    • All Supported Files: all files matching the file types defined in the scan profile of the FortiSandbox are forwarded.

    • Suspicious Files Only: files classified by the antivirus as having any possibility of active content are forwarded to FortiSandbox.

    To enable FortiSandbox inspection in FortiProxy:

    1. Enable FortiSandbox cloud by running the following command:

      config system global

      set gui-fortigate-cloud-sandbox enable

      end

    2. Activate the FortiSandbox connection by running the following command:

      execute forticloud-sandbox region

      0 Europe

      1 Global

      2 US

      3 Japan

      Please select cloud sandbox region[0-3]:0

      Cloud sandbox region is selected: Europe

    3. Configure the FortiSandbox scanning options in an antivirus profile:
      1. Go to Security Profiles > AntiVirus.
      2. Create, edit, or clone an antivirus profile.
      3. In the Inspection Options section, set Send files to FortiSandbox for inspection to analytics-suspicious or analytics-everything.
      4. Enable Use FortiSandbox Database.
      5. Click OK.

    FortiProxy diagnostics

    To view the detection count:
    # diagnose test application quarantined 7
Total: 0

Statistics:
        vfid: 0, detected: 2, clean: 1252, risk_low: 6, risk_med: 2, risk_high: 1, limit_reached:0
    To verify the address is configured correctly:
    # diagnose test application quarantined 1
…
fortisandbox-fsb1 is enabled: analytics, realtime=yes, taskfull=no 
addr=172.18.52.154/514, source-ip=0.0.0.0, keep-alive=no. ssl_opt=3, hmac_alg=0
…
    To run the diagnostics for real-time debugging:
    # diagnose debug application quarantined -1
# diagnose debug enable
    To check the FortiGate Cloud server status:
    # diagnose test application forticloud 3  
…
    Active APTServer status:  up

    FortiSandbox diagnostics

    To run the OFTP debug for advanced debugging:
    # diagnose-debug device <client serial number>
    Previous
    Next

    Using FortiSandbox post-transfer scanning with antivirus

    Using FortiSandbox post-transfer scanning with antivirus

    Antivirus profiles can submit potential zero-day viruses to FortiSandbox for inspection. Based on FortiSandbox's analysis, the FortiProxy can supplement its own antivirus database with FortiSandbox's threat intelligence to detect files determined as malicious or suspicious. This augments the FortiProxy antivirus with zero-day detection.

    The FortiProxy first examines the file for any known viruses. When a match is found, the file is tagged as known malware. If no match is found, the files are forwarded to FortiSandbox using the following options:

    • All Supported Files: all files matching the file types defined in the scan profile of the FortiSandbox are forwarded.

    • Suspicious Files Only: files classified by the antivirus as having any possibility of active content are forwarded to FortiSandbox.

    To enable FortiSandbox inspection in FortiProxy:

    1. Enable FortiSandbox cloud by running the following command:

      config system global

      set gui-fortigate-cloud-sandbox enable

      end

    2. Activate the FortiSandbox connection by running the following command:

      execute forticloud-sandbox region

      0 Europe

      1 Global

      2 US

      3 Japan

      Please select cloud sandbox region[0-3]:0

      Cloud sandbox region is selected: Europe

    3. Configure the FortiSandbox scanning options in an antivirus profile:
      1. Go to Security Profiles > AntiVirus.
      2. Create, edit, or clone an antivirus profile.
      3. In the Inspection Options section, set Send files to FortiSandbox for inspection to analytics-suspicious or analytics-everything.
      4. Enable Use FortiSandbox Database.
      5. Click OK.

    FortiProxy diagnostics

    To view the detection count:
    # diagnose test application quarantined 7
Total: 0

Statistics:
        vfid: 0, detected: 2, clean: 1252, risk_low: 6, risk_med: 2, risk_high: 1, limit_reached:0
    To verify the address is configured correctly:
    # diagnose test application quarantined 1
…
fortisandbox-fsb1 is enabled: analytics, realtime=yes, taskfull=no 
addr=172.18.52.154/514, source-ip=0.0.0.0, keep-alive=no. ssl_opt=3, hmac_alg=0
…
    To run the diagnostics for real-time debugging:
    # diagnose debug application quarantined -1
# diagnose debug enable
    To check the FortiGate Cloud server status:
    # diagnose test application forticloud 3  
…
    Active APTServer status:  up

    FortiSandbox diagnostics

    To run the OFTP debug for advanced debugging:
    # diagnose-debug device <client serial number>
    Previous
    Next