Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiSandbox 3.1.1 Administration Guide
    3.1.1
    5.0.0
    4.4.6
    4.4.5
    4.4.4
    4.4.3
    4.4.2
    4.4.1
    4.4.0
    4.2.7
    4.2.6
    4.2.5
    4.2.4
    4.2.3
    4.2.2
    4.2.1
    4.2.0
    4.0.5
    4.0.4
    4.0.3
    4.0.2
    4.0.1
    4.0.0
    3.2.4
    3.2.3
    3.2.2
    3.2.1
    3.2.0
    3.1.5
    3.1.4
    3.1.3
    3.1.2
    3.1.1
    3.1.0
    3.0.7
    3.0.6

    Adapter

    Adapter

    FortiSandbox uses adapters to connect to third party products. Carbon Black/Bit9 server, ICAP and Mail gateway clients are supported.

    With an Adapter, FortiSandbox can analyze files downloaded from the Carbon Black server to send notifications of file verdict back to the server, or receive HTTP message from an ICAP client and return a response to it.

    FortiSandbox supports the BCC adapter to receive forwarded emails from an upstream email gateway and scan them. FortiSandbox will extract email attachments and URLs in an email body and send them to the Job Queue.

    note icon

    The BCC adapter feature is for information only, it will not block any email.

    FortiSandbox includes an MTA adapter, which can be used to inspect and quarantine suspicious emails. For detailed information, please refer to the FortiSandbox user guide in the AWS marketplace.

    The following options are available:

    Create New

    Create a new adapter.

    ICAP and BCC adapters are automatically created by the system.

    Edit

    Edit an adapter.

    Delete

    Delete an adapter.

    ICAP and BCC adapters cannot be deleted.

    This page displays the following information:

    Adapter Name

    The Adapter's name.

    When the adapter type is ICAP, the value is ICAP.

    When the adapter type is BCC, the value is BCC.

    Vendor Name

    Vendor name.

    When the adapter type is ICAP, the value is ICAP.

    When the adapter type is BCC, the value is BCC.

    Serial

    Serial number.

    When the adapter type is ICAP, the value is ICAP.

    When the adapter type is BCC, the value is BCC.

    FQDN/IP

    FQDN/IP address.

    When the adapter type is ICAP, the value is empty.

    When the adapter type is BCC, the value is empty.

    Malicious

    File and URL count of Malicious rating from this Adapter in the last seven days. Separated by |.

    High

    File and URL count of Highly Suspicious rating from this Adapter in the last seven days. Separated by |.

    Medium

    File and URL count of Medium rating from this Adapter in the last seven days. Separated by |.

    Low

    File and URL count of Low rating from this Adapter in the last seven days. Separated by |.

    Clean

    File and URL count of Clean rating from this Adapter in the last seven days. Separated by |.

    Other

    File and URL count of Other rating from this Adapter in the last seven days. Separated by |.

    To create a new adapter:
    1. Go to Scan Input > Adapter.
    2. Click the + Create New button from the toolbar.
    3. Configure the following:

      Vendor Name

      Select Carbon Blaclk/Bit9 as the vendor name.

      Adapter Name

      Enter the adapter name.

      Server FQDN/IP

      Enter the FQDN/IP address of the Carbon Black server.

      Token

      Enter the token string. Authentication token is assigned by the Carbon Black or ICAP server.

      Timeout (seconds)

      Enter the timeout value.

      Serial

      Auto-generated serial number for this adapter. It works as a device serial number to denote file's input device.
    4. Click OK to save the entry.
    To edit an adapter:
    1. Go to Scan Input > Adapter.
    2. Select an adapter.
    3. Click the Edit button from the toolbar.
    4. Make edits as necessary.

      When the adapter type is ICAP, the user can:

      • Enable or disable FortiSandbox to work as an ICAP server.
      • Define the port for encrypted and non-encrypted communication ports with the client.
      • Extract URLs or files from HTTP messages from the client and put them into the Job Queue.
      • Define which ratings are treated as bad to return a block code.
      • Enable a Real Time AV Scan for a faster response of a known virus before a file is put into the job queue.

      When the adapter type is BCC, the user can:

      • Enable or disable FortiSandbox to work as an email server.
      • Enable Parse URL to allow FortiSandbox to extract the first three URLs in an email.
      • Input the SMTP port number that FortiSandbox listens on to receive emails. The default port number is 25.
      • Select the interface port that FortiSandbox lists to. The default is port1.

    5. Click Apply to save the entry.
    To delete an adapter
    1. Go to Scan Input > Adapter.
    2. Select an adapter.

      ICAP and BCC adapters cannot be selected.

    3. Click the Delete button from the toolbar.
    4. Click Yes I'm sure button from the Are you sure confirmation box.

    After a Carbon Black adapter is created, FortiSandbox will try to communicate with Carbon Black server. If the connection and authentication is successful, the status column will show a green icon, otherwise a red icon is displayed.

    CLI command: diagnose-debug adapter can be used to troubleshoot communciations with the adapter clients.
    Previous
    Next

    Adapter

    Adapter

    FortiSandbox uses adapters to connect to third party products. Carbon Black/Bit9 server, ICAP and Mail gateway clients are supported.

    With an Adapter, FortiSandbox can analyze files downloaded from the Carbon Black server to send notifications of file verdict back to the server, or receive HTTP message from an ICAP client and return a response to it.

    FortiSandbox supports the BCC adapter to receive forwarded emails from an upstream email gateway and scan them. FortiSandbox will extract email attachments and URLs in an email body and send them to the Job Queue.

    note icon

    The BCC adapter feature is for information only, it will not block any email.

    FortiSandbox includes an MTA adapter, which can be used to inspect and quarantine suspicious emails. For detailed information, please refer to the FortiSandbox user guide in the AWS marketplace.

    The following options are available:

    Create New

    Create a new adapter.

    ICAP and BCC adapters are automatically created by the system.

    Edit

    Edit an adapter.

    Delete

    Delete an adapter.

    ICAP and BCC adapters cannot be deleted.

    This page displays the following information:

    Adapter Name

    The Adapter's name.

    When the adapter type is ICAP, the value is ICAP.

    When the adapter type is BCC, the value is BCC.

    Vendor Name

    Vendor name.

    When the adapter type is ICAP, the value is ICAP.

    When the adapter type is BCC, the value is BCC.

    Serial

    Serial number.

    When the adapter type is ICAP, the value is ICAP.

    When the adapter type is BCC, the value is BCC.

    FQDN/IP

    FQDN/IP address.

    When the adapter type is ICAP, the value is empty.

    When the adapter type is BCC, the value is empty.

    Malicious

    File and URL count of Malicious rating from this Adapter in the last seven days. Separated by |.

    High

    File and URL count of Highly Suspicious rating from this Adapter in the last seven days. Separated by |.

    Medium

    File and URL count of Medium rating from this Adapter in the last seven days. Separated by |.

    Low

    File and URL count of Low rating from this Adapter in the last seven days. Separated by |.

    Clean

    File and URL count of Clean rating from this Adapter in the last seven days. Separated by |.

    Other

    File and URL count of Other rating from this Adapter in the last seven days. Separated by |.

    To create a new adapter:
    1. Go to Scan Input > Adapter.
    2. Click the + Create New button from the toolbar.
    3. Configure the following:

      Vendor Name

      Select Carbon Blaclk/Bit9 as the vendor name.

      Adapter Name

      Enter the adapter name.

      Server FQDN/IP

      Enter the FQDN/IP address of the Carbon Black server.

      Token

      Enter the token string. Authentication token is assigned by the Carbon Black or ICAP server.

      Timeout (seconds)

      Enter the timeout value.

      Serial

      Auto-generated serial number for this adapter. It works as a device serial number to denote file's input device.
    4. Click OK to save the entry.
    To edit an adapter:
    1. Go to Scan Input > Adapter.
    2. Select an adapter.
    3. Click the Edit button from the toolbar.
    4. Make edits as necessary.

      When the adapter type is ICAP, the user can:

      • Enable or disable FortiSandbox to work as an ICAP server.
      • Define the port for encrypted and non-encrypted communication ports with the client.
      • Extract URLs or files from HTTP messages from the client and put them into the Job Queue.
      • Define which ratings are treated as bad to return a block code.
      • Enable a Real Time AV Scan for a faster response of a known virus before a file is put into the job queue.

      When the adapter type is BCC, the user can:

      • Enable or disable FortiSandbox to work as an email server.
      • Enable Parse URL to allow FortiSandbox to extract the first three URLs in an email.
      • Input the SMTP port number that FortiSandbox listens on to receive emails. The default port number is 25.
      • Select the interface port that FortiSandbox lists to. The default is port1.

    5. Click Apply to save the entry.
    To delete an adapter
    1. Go to Scan Input > Adapter.
    2. Select an adapter.

      ICAP and BCC adapters cannot be selected.

    3. Click the Delete button from the toolbar.
    4. Click Yes I'm sure button from the Are you sure confirmation box.

    After a Carbon Black adapter is created, FortiSandbox will try to communicate with Carbon Black server. If the connection and authentication is successful, the status column will show a green icon, otherwise a red icon is displayed.

    CLI command: diagnose-debug adapter can be used to troubleshoot communciations with the adapter clients.
    Previous
    Next