Integrating Security Fabric
FortiSandbox PaaS uses a Fortinet proprietary traffic protocol (based on OFTP) to communicate with connected Security Fabric devices via TCP port 514. FortiSandbox PaaS uses port TCP/4443 for FortiGate Inline Block (HTTP/2). The traffic data is encrypted over TLS. Ensure any firewall between FortiSandbox PaaS and the fabric devices allows for them to communicate.
For devices connected to the Security Fabric, ensure they are configured properly. Do all related configuration from either the root Fabric or FortiManager.
To integrate with the Security Fabric in FortiGate:
- Go to Security Fabric > Fabric Connectors and double-click the Cloud Sandbox card.
- Set Status to Enable.
- For Type, select FortiSandbox Cloud.
If the FortiSandbox PaaS option is grayed out or not visible, enter the following in the CLI:
config system global
set gui-fortigate-cloud-sandbox enable
end
- Click OK.
-
In FortiSandbox PaaS, go to Security Fabric > Device, click the Authorize icon on the FortiGate so that it can establish Fabric connectivity. Verify that the Status is updated.
To integrate with Security Fabric in the FortiGate CLI
For information, see Configuring sandboxing in the FortiGate / FortiOS Administration Guide.
To integrate with Security Fabric in FortiMail:
- In FortiMail, go to System > FortiSandbox.
- For FortiSandbox PaaS type, click Enhanced Cloud.
- In FortiSandbox PaaS, go to Security Fabric > Device, click the Authorize icon on the FortiMail so that it can establish Fabric connectivity. Verify that the Status is updated.
Specific firmware versions of FortiMail models support the above Security Fabric connectivity. See Requirements.
To troubleshoot the connection on FortiMail:
Run the following CLI command:
diagnose debug application sandboxclid <ID>
Example:
In the example below, the connection failed due to a firewall policy on the client side to block connectivity to port 514.
insidemail02 # diagnose debug application sandboxclid 65 System Time: 2023-04-12 09:02:43 JST (Uptime: 5d 8h 48m) insidemail02 # diagnose debug application sandboxclid display System Time: 2023-04-12 09:03:07 JST (Uptime: 5d 8h 48m) sandboxclid:2023-04-12T09:03:00:SandboxJob.cpp:145:process():use configured FortiSandbox server sandboxclid:2023-04-12T09:03:00:Connection.cpp:31:__s2ip():'fortisandboxcloud.com' is not an IP, try to resolve it sandboxclid:2023-04-12T09:03:00:Connection.cpp:321:ConnectionSecure__():remote address is fortisandbox cloud, user_id=1423794 sandboxclid:2023-04-12T09:03:00:Connection.cpp:31:__s2ip():'fortisandboxcloud.com' is not an IP, try to resolve it sandboxclid:2023-04-12T09:03:00:Connection.cpp:167:Connect():connecting to 66.35.19.98 sandboxclid:2023-04-12T09:04:02:Connection.cpp:171:Connect():connect() failed, errno = 115 sandboxclid:2023-04-12T09:04:02:Session.cpp:248:ConnectImpl():FortiSandbox server is not available at the moment. Connection block time: 1 seconds sandboxclid:2023-04-12T09:04:02:Session.cpp:101:Connect0():connection broken sandboxclid:2023-04-12T09:04:10:Connection.cpp:31:__s2ip():'fortisandboxcloud.com' is not an IP, try to resolve it sandboxclid:2023-04-12T09:04:10:Connection.cpp:321:ConnectionSecure__():remote address is fortisandbox cloud, user_id=1423794 sandboxclid:2023-04-12T09:04:10:Connection.cpp:31:__s2ip():'fortisandboxcloud.com' is not an IP, try to resolve it sandboxclid:2023-04-12T09:04:10:Connection.cpp:167:Connect():connecting to 66.35.19.98 sandboxclid:2023-04-12T09:04:15:Connection.cpp:31:__s2ip():'fortisandboxcloud.com' is not an IP, try to resolve it sandboxclid:2023-04-12T09:04:15:Connection.cpp:321:ConnectionSecure__():remote address is fortisandbox cloud, user_id=1423794 sandboxclid:2023-04-12T09:04:15:Connection.cpp:31:__s2ip():'fortisandboxcloud.com' is not an IP, try to resolve it sandboxclid:2023-04-12T09:04:15:Connection.cpp:167:Connect():connecting to 66.35.19.98 sandboxclid:2023-04-12T09:04:20:Connection.cpp:31:__s2ip():'fortisandboxcloud.com' is not an IP, try to resolve it sandboxclid:2023-04-12T09:04:20:Connection.cpp:321:ConnectionSecure__():remote address is fortisandbox cloud, user_id=1423794 sandboxclid:2023-04-12T09:04:20:Connection.cpp:31:__s2ip():'fortisandboxcloud.com' is not an IP, try to resolve it sandboxclid:2023-04-12T09:04:20:Connection.cpp:167:Connect():connecting to 66.35.19.98 sandboxclid:2023-04-12T09:05:11:Connection.cpp:171:Connect():connect() failed, errno = 115 sandboxclid:2023-04-12T09:05:11:Session.cpp:248:ConnectImpl():FortiSandbox server is not available at the moment. Connection block time: 1 seconds sandboxclid:2023-04-12T09:05:11:Session.cpp:101:Connect0():connection broken sandboxclid:2023-04-12T09:05:11:Session.cpp:72:Connect0():connection is blocked for 1 seconds ^C insidemail02 # execute telnettest fortisandboxcloud.com:514 Connection timed out in 30 seconds. Connection status to fortisandboxcloud.com port 514: Connecting to remote host failed. insidemail02 #
To integrate with the Security Fabric in FortiClient:
- In the FortiClient Console, go to Sandbox Detection.
- Enter the domain in the IP field. For example: 856651.eu-central-1.fortisandboxcloud.com
- In FortiSandbox PaaS, go to Security Fabric > FortiClient, click the Authorize icon on the FortiClient so that it can establish Fabric connectivity. Verify that the Status is updated.
To integrate with the Security Fabric in FortiClient EMS
- In the EMS Console, go to Endpoint Profiles > Sandbox > Edit the profile for FortiSandbox PaaS > Enable Sandbox Detection.
- In the IP address/Hostname field, enter the FortiSandbox PaaS FQDN. For example: us-west-1.fortisandboxcloud.com
- In the Account ID field, enter the Account ID.
- In FortiSandbox PaaS, go to Security Fabric > Device, click the Authorize icon on the EMS so that it can establish Fabric connectivity with all FortiClient Endpoints automatically.
- In the FortiClient Endpoints, go to Sandbox Detection, verify the IP field is overridden by EMS and connected to the FortiSandbox PaaS.
- In FortiSandbox PaaS, go to Security Fabric > FortiClient, verify the Status.