Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

FortiClient

FortiClient 5.4 and previous versions can silently connect to FortiSandbox without needing to be authorized. Users can de-authorize a FortiClient host manually. If a FortiClient endpoint is managed by EMS, it will follow the authorization status and file submission speed setting of EMS. Users can change them manually.

For more information on how to configure FortiClient to send files to FortiSandbox, please refer to the FortiClient Administration Guide on the Fortinet Document Library.

To view connected FortiClient endpoints in FortiSandbox, go to Scan Input > FortiClient.

The following options are available:

Refresh

Click the Refresh icon to refresh the entries displayed after applying search filters.

Device Filter

Users can filter FortiClient by entering part of host name, host IP or serial number.

This page displays the following information:

FCT Serial

The FortiClient serial number.

Hostname

Hostname.

User

Current login user on the FortiClient host, if the information is available.

IP

Host IP Address.

Malicious

The number of malicious files forwarded by the FortiClient to FortiSandbox in the last seven days. Malicious files are not executed in the FortiSandbox VM module as the antivirus scanner has already determined the file rating.

High Risk

The number of high risk rating files submitted to FortiSandbox in the last seven days.

Medium Risk

The number of medium rating risk files submitted to FortiSandbox in the last seven days.

Low Risk

The number of low risk rating files submitted to FortiSandbox in the last seven days.

Clean

The number of clean rating files submitted to FortiSandbox in the last seven days.

Others

The number of other rating files submitted by FortiGate or FortiMail to FortiSandbox in the last seven days.

Malware Pkg

The malware package currently on the device.

URL Pkg

The URL package versions currently on the device.

Auth

If the FortiClient is authorized. The user can click on the FortiClient serial number and modify its authorization status manually.

Limit

If a submission limit is set for this device.

Status

The status of the FortiClient host. This field displays an up icon when the device is connected and a down icon for devices which are disconnected.

Delete

Click to delete the FortiClient. If FortiClient connects to FortiSandbox later, it will show up again as a new one.

To edit FortiClient settings in FortiSandbox:
  1. On your FortiSandbox device, go to Scan Input > FortiClient.
  2. Click the device name. The Edit FortiClient Settings page opens.
  3. Edit the following settings:

    FortiClient Status

     

     

    Serial Number

    The device serial number is displayed.

     

    Hostname

    The host name of the FortiClient unit. This is a read-only value.

     

    IP

    The IP address of the FortiClient is displayed.

     

    Status

    The status of the device, either connected or not connected. This field cannot be edited.

     

    Files Transmitted

    The total number of files transmitted to FortiSandbox in the last seven days.

     

    Last Seen

    The date and time that FortiClient last connected to FortiSandbox is displayed.

    Permissions

     

     

    Authorized

    Click the checkbox to toggle the authorization device.

     

    Submission Limitation

    Limit submission speed. Specify the number of submissions per Hour, Day, or Unlimited. When limitation is reached, FortiSandbox will send a signal to FortiClient to stop file submission. This will save resources on both sides.

  4. Click OK to save the settings.

A FortiSandbox system, either a Standalone unit or a cluster system has no number limitation on authorized devices and FortiClients. However, the concurrent connections of all client devices is limited to 30,000.

FortiClient

FortiClient 5.4 and previous versions can silently connect to FortiSandbox without needing to be authorized. Users can de-authorize a FortiClient host manually. If a FortiClient endpoint is managed by EMS, it will follow the authorization status and file submission speed setting of EMS. Users can change them manually.

For more information on how to configure FortiClient to send files to FortiSandbox, please refer to the FortiClient Administration Guide on the Fortinet Document Library.

To view connected FortiClient endpoints in FortiSandbox, go to Scan Input > FortiClient.

The following options are available:

Refresh

Click the Refresh icon to refresh the entries displayed after applying search filters.

Device Filter

Users can filter FortiClient by entering part of host name, host IP or serial number.

This page displays the following information:

FCT Serial

The FortiClient serial number.

Hostname

Hostname.

User

Current login user on the FortiClient host, if the information is available.

IP

Host IP Address.

Malicious

The number of malicious files forwarded by the FortiClient to FortiSandbox in the last seven days. Malicious files are not executed in the FortiSandbox VM module as the antivirus scanner has already determined the file rating.

High Risk

The number of high risk rating files submitted to FortiSandbox in the last seven days.

Medium Risk

The number of medium rating risk files submitted to FortiSandbox in the last seven days.

Low Risk

The number of low risk rating files submitted to FortiSandbox in the last seven days.

Clean

The number of clean rating files submitted to FortiSandbox in the last seven days.

Others

The number of other rating files submitted by FortiGate or FortiMail to FortiSandbox in the last seven days.

Malware Pkg

The malware package currently on the device.

URL Pkg

The URL package versions currently on the device.

Auth

If the FortiClient is authorized. The user can click on the FortiClient serial number and modify its authorization status manually.

Limit

If a submission limit is set for this device.

Status

The status of the FortiClient host. This field displays an up icon when the device is connected and a down icon for devices which are disconnected.

Delete

Click to delete the FortiClient. If FortiClient connects to FortiSandbox later, it will show up again as a new one.

To edit FortiClient settings in FortiSandbox:
  1. On your FortiSandbox device, go to Scan Input > FortiClient.
  2. Click the device name. The Edit FortiClient Settings page opens.
  3. Edit the following settings:

    FortiClient Status

     

     

    Serial Number

    The device serial number is displayed.

     

    Hostname

    The host name of the FortiClient unit. This is a read-only value.

     

    IP

    The IP address of the FortiClient is displayed.

     

    Status

    The status of the device, either connected or not connected. This field cannot be edited.

     

    Files Transmitted

    The total number of files transmitted to FortiSandbox in the last seven days.

     

    Last Seen

    The date and time that FortiClient last connected to FortiSandbox is displayed.

    Permissions

     

     

    Authorized

    Click the checkbox to toggle the authorization device.

     

    Submission Limitation

    Limit submission speed. Specify the number of submissions per Hour, Day, or Unlimited. When limitation is reached, FortiSandbox will send a signal to FortiClient to stop file submission. This will save resources on both sides.

  4. Click OK to save the settings.

A FortiSandbox system, either a Standalone unit or a cluster system has no number limitation on authorized devices and FortiClients. However, the concurrent connections of all client devices is limited to 30,000.