Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

FortiGate devices

For more information on how to configure FortiGate to send files to FortiSandbox, please refer to the FortiOS Handbook in the Fortinet Document Library.

To verify the FortiGate is connected to FortiSandbox:

On your FortiSandbox device, go to Scan Input > Devices. Your FortiGate device and VDOMs will be listed on this page.

The communication protocol does not include a way for the FortiGate to notify FortiSandbox whether VDOMs are enabled. When VDOMs are disabled on the FortiGate, the files received from the FortiGate will be marked with vdom=root.

Since the FortiGate does not explicitly send a list of possible VDOMs to FortiSandbox, the FortiSandbox only learns about a VDOM once it receives a file associated with it. Each of the devices VDOMs listed on this page will only displayed after the first file has been received from that specific VDOM.

If VDOMs are enabled on your FortiGate, you can select the checkbox to have new VDOMs inherit authorization based on the device level setting. If the FortiGate authorization is disabled, all VDOMs under it will not be authorized even if authorization is enabled for a VDOM.

To edit FortiGate settings in FortiSandbox:
  1. On your FortiSandbox device, go to Scan Input > Device. All FortiGate devices and VDOMs will be listed on this page.
  2. Click the device name. The Edit FortiGate Settings page opens.
  3. Edit the following settings:

    Device Status

    Serial Number

    The device serial number is displayed.

    Alias

    The host name of the FortiGate unit. This is a read-only value.

    IP

    The IP address of the FortiGate is displayed.

    Status

    The status of the device, either connected or not connected. This field cannot be edited.

    Last Modified

    The date and time that the FortiGate settings were last changed is displayed.

    Last Seen

    The date and time that the FortiGate last connected to the FortiSandbox is displayed.

    Permissions

    Authorized

    Select the checkbox to authorize the FortiGate device. If this field is not checked, files sent from the FortiGate will be dropped.

    The date and time that the authorization status was changed is displayed.

    New VDOMs/Domains inherit authorization

    Select the checkbox to have new VDOMs inherit the authorization setting configured at the device level.

    Email Settings

    Administrator Email

    The email address entered in the Notifier Email field configured on the FortiGate device at System > Config > FortiSandbox. You cannot edit this field on the FortiSandbox.

    Send Notifications

    Select the checkbox to send notifications. When notifications are enabled, you will receive email notifications when a file from your environment has been detected as potential malware. The email will contain a link to the scan job details page.

    To receive notification emails, you must configure a mail server and enable Send a notification email to the global email list when malicious files are detected settings in System > Mail Server. Otherwise, a warning icon is displayed.

    Send Reports

    Select the checkbox to send job detail PDF reports. To receive reports and define report generation frequency, you must configure mail server and enable Send scheduled PDF report about an individual VDOM/Domain to its email address in System > Mail Server. Otherwise, a warning icon is displayed.

  4. Click OK to save the settings.
To edit VDOM settings:
  1. On your FortiSandbox device, go to Scan Input > Device. All FortiGate devices and VDOMs will be listed on this page.
  2. Click the VDOM name.
  3. Edit the following settings:

    Device Status

    Domain/VDOM

    The device VDOM name. This field cannot be edited.

    Alias

    VDOM name is in the Device Name: VDOM name format.

    IP

    The IP address of the FortiGate. This field cannot be edited.

    Status

    The status of the device, either connected or not connected. This field cannot be edited.

    Files Transmitted

    The total number of files transmitted to FortiSandbox in the last seven days.

    Last Modified

    The date and time that the authorization status was changed. This field cannot be edited.

    Last Seen

    The date and time that the FortiGate VDOM last connected to the FortiSandbox. This field cannot be edited.

    Permissions & Policy

    Authorized

    Select the checkbox to authorize the FortiGate VDOM.

    Submission Limitation

    Limit the VDOM submission speed. Specify the number of submissions per Hour, Day, or Unlimited.

    When limitation is reached, FSA will send a signal to FGT to stop file submission. This will save resources on both sides.

    Send Reach Limit Alert Email

    When checked, an alert email is sent to the VDOM email address when limitation is reached.

    Email Settings

    If this field is checked, when submission limitation is reached, an alert email will be sent to VDOM email address. A mail server should be configured.

    Email

    Enter the Administrator Email address for the VDOM, separated by a comma.

    Send Notifications

    Select checkbox to send notifications when viruses or malware from this VDOM is detected.

    To receive notification emails, you must configure a mail server and enable Send a notification email to the global email list when malicious files are detected settings in System > Mail Server. Otherwise, a warning icon is displayed.

    Send PDF Reports

    Select checkbox to send PDF reports of jobs. To receive reports and define report generation frequency, you must configure System > Mail Server page. Also the Send scheduled PDF report about an individual VDOM/Domain to its email address in that page should be checked. Otherwise, a warning icon is displayed.

  4. Click OK to save the settings.

FortiGate devices

For more information on how to configure FortiGate to send files to FortiSandbox, please refer to the FortiOS Handbook in the Fortinet Document Library.

To verify the FortiGate is connected to FortiSandbox:

On your FortiSandbox device, go to Scan Input > Devices. Your FortiGate device and VDOMs will be listed on this page.

The communication protocol does not include a way for the FortiGate to notify FortiSandbox whether VDOMs are enabled. When VDOMs are disabled on the FortiGate, the files received from the FortiGate will be marked with vdom=root.

Since the FortiGate does not explicitly send a list of possible VDOMs to FortiSandbox, the FortiSandbox only learns about a VDOM once it receives a file associated with it. Each of the devices VDOMs listed on this page will only displayed after the first file has been received from that specific VDOM.

If VDOMs are enabled on your FortiGate, you can select the checkbox to have new VDOMs inherit authorization based on the device level setting. If the FortiGate authorization is disabled, all VDOMs under it will not be authorized even if authorization is enabled for a VDOM.

To edit FortiGate settings in FortiSandbox:
  1. On your FortiSandbox device, go to Scan Input > Device. All FortiGate devices and VDOMs will be listed on this page.
  2. Click the device name. The Edit FortiGate Settings page opens.
  3. Edit the following settings:

    Device Status

    Serial Number

    The device serial number is displayed.

    Alias

    The host name of the FortiGate unit. This is a read-only value.

    IP

    The IP address of the FortiGate is displayed.

    Status

    The status of the device, either connected or not connected. This field cannot be edited.

    Last Modified

    The date and time that the FortiGate settings were last changed is displayed.

    Last Seen

    The date and time that the FortiGate last connected to the FortiSandbox is displayed.

    Permissions

    Authorized

    Select the checkbox to authorize the FortiGate device. If this field is not checked, files sent from the FortiGate will be dropped.

    The date and time that the authorization status was changed is displayed.

    New VDOMs/Domains inherit authorization

    Select the checkbox to have new VDOMs inherit the authorization setting configured at the device level.

    Email Settings

    Administrator Email

    The email address entered in the Notifier Email field configured on the FortiGate device at System > Config > FortiSandbox. You cannot edit this field on the FortiSandbox.

    Send Notifications

    Select the checkbox to send notifications. When notifications are enabled, you will receive email notifications when a file from your environment has been detected as potential malware. The email will contain a link to the scan job details page.

    To receive notification emails, you must configure a mail server and enable Send a notification email to the global email list when malicious files are detected settings in System > Mail Server. Otherwise, a warning icon is displayed.

    Send Reports

    Select the checkbox to send job detail PDF reports. To receive reports and define report generation frequency, you must configure mail server and enable Send scheduled PDF report about an individual VDOM/Domain to its email address in System > Mail Server. Otherwise, a warning icon is displayed.

  4. Click OK to save the settings.
To edit VDOM settings:
  1. On your FortiSandbox device, go to Scan Input > Device. All FortiGate devices and VDOMs will be listed on this page.
  2. Click the VDOM name.
  3. Edit the following settings:

    Device Status

    Domain/VDOM

    The device VDOM name. This field cannot be edited.

    Alias

    VDOM name is in the Device Name: VDOM name format.

    IP

    The IP address of the FortiGate. This field cannot be edited.

    Status

    The status of the device, either connected or not connected. This field cannot be edited.

    Files Transmitted

    The total number of files transmitted to FortiSandbox in the last seven days.

    Last Modified

    The date and time that the authorization status was changed. This field cannot be edited.

    Last Seen

    The date and time that the FortiGate VDOM last connected to the FortiSandbox. This field cannot be edited.

    Permissions & Policy

    Authorized

    Select the checkbox to authorize the FortiGate VDOM.

    Submission Limitation

    Limit the VDOM submission speed. Specify the number of submissions per Hour, Day, or Unlimited.

    When limitation is reached, FSA will send a signal to FGT to stop file submission. This will save resources on both sides.

    Send Reach Limit Alert Email

    When checked, an alert email is sent to the VDOM email address when limitation is reached.

    Email Settings

    If this field is checked, when submission limitation is reached, an alert email will be sent to VDOM email address. A mail server should be configured.

    Email

    Enter the Administrator Email address for the VDOM, separated by a comma.

    Send Notifications

    Select checkbox to send notifications when viruses or malware from this VDOM is detected.

    To receive notification emails, you must configure a mail server and enable Send a notification email to the global email list when malicious files are detected settings in System > Mail Server. Otherwise, a warning icon is displayed.

    Send PDF Reports

    Select checkbox to send PDF reports of jobs. To receive reports and define report generation frequency, you must configure System > Mail Server page. Also the Send scheduled PDF report about an individual VDOM/Domain to its email address in that page should be checked. Otherwise, a warning icon is displayed.

  4. Click OK to save the settings.