Fortinet black logo

Administration Guide

Home FortiSandbox 3.1.2 Administration Guide

Master's role and slave's role

3.1.2
4.4.5
4.4.4
4.4.3
4.4.2
4.4.1
4.4.0
4.2.7
4.2.6
4.2.5
4.2.4
4.2.3
4.2.2
4.2.1
4.2.0
4.0.5
4.0.4
4.0.3
4.0.2
4.0.1
4.0.0
3.2.4
3.2.3
3.2.2
3.2.1
3.2.0
3.1.5
3.1.4
3.1.3
3.1.2
3.1.1
3.1.0
3.0.7
3.0.6
Copy Link
Copy Doc ID 7e8449d5-f446-11e9-8977-00505692583a:882982
Download PDF

Master's role and slave's role

On the master node, all functionality is turned on. This includes accepting files from different input sources, sending alert emails, and generating malware packages. Scan profiles should also be configured on the master node and will be synchronized to other nodes.

The following information is synchronized from the master node to all other nodes so they should not be configured on slave nodes:

  • Job cleanup schedule
  • FortiGuard page settings
  • Malware package generation settings
  • VM access to the Internet settings.

    Only the Allow Virtual Machines to access external network through outgoing Port3 status is synchronized. The network settings for Port3 (IP address) and next hop gateway , etc., are not synchronized. They have to be set on each unit separately.

  • Black and White lists
  • YARA rules
  • Scan profile settings
  • Archive server settings
  • Job Queue Priority
  • Overridden Verdicts
  • URL category
  • Customized Rating
  • AI Mode
  • Inter-cluster communication encryption
  • TLS version
Note

Although you can assign different VM types to each node in a cluster, we recommend all nodes share the same VM types. VM types are collected from all nodes and are displayed in the master node’s Scan Profile > VM Association page where VM associations can be configured and synchronized for the entire cluster. If an association for a VM type is missing on the slave node, the sandbox scan cannot be completed.

For example, if you associate WIN10X64VM to scan all executable files when configuring the Scan Profile on the master node, but do not enable WIN10X64VM on a slave node, all executable files distributed to that slave are not scanned.

The following information is synchronized from the master node to primary slave nodes only, and is only applied when the primary slave node becomes a master during a failover:

  • Users
  • Sniffer settings
  • Mail server settings
  • Network settings (including DNS, proxy, and routing tables)
  • Scheduled task settings (network share scans, and scheduled report generation)
  • Log server settings
  • Uploaded certificates
  • Device group settings
  • System Recovery settings
  • Device (including FortiClient)
  • Network Share settings\
  • Quarantine settings
  • SNMP settings
  • Widget settings
  • Adapter settings
  • Global network settings
  • Login disclaimers
  • Health Check settings
  • Local Log settings
  • Diagnostic Logs > CLI Logs settings
  • Master scan power
  • BCC and MTA adapter settings
Previous
Next

Master's role and slave's role

On the master node, all functionality is turned on. This includes accepting files from different input sources, sending alert emails, and generating malware packages. Scan profiles should also be configured on the master node and will be synchronized to other nodes.

The following information is synchronized from the master node to all other nodes so they should not be configured on slave nodes:

  • Job cleanup schedule
  • FortiGuard page settings
  • Malware package generation settings
  • VM access to the Internet settings.

    Only the Allow Virtual Machines to access external network through outgoing Port3 status is synchronized. The network settings for Port3 (IP address) and next hop gateway , etc., are not synchronized. They have to be set on each unit separately.

  • Black and White lists
  • YARA rules
  • Scan profile settings
  • Archive server settings
  • Job Queue Priority
  • Overridden Verdicts
  • URL category
  • Customized Rating
  • AI Mode
  • Inter-cluster communication encryption
  • TLS version
Note

Although you can assign different VM types to each node in a cluster, we recommend all nodes share the same VM types. VM types are collected from all nodes and are displayed in the master node’s Scan Profile > VM Association page where VM associations can be configured and synchronized for the entire cluster. If an association for a VM type is missing on the slave node, the sandbox scan cannot be completed.

For example, if you associate WIN10X64VM to scan all executable files when configuring the Scan Profile on the master node, but do not enable WIN10X64VM on a slave node, all executable files distributed to that slave are not scanned.

The following information is synchronized from the master node to primary slave nodes only, and is only applied when the primary slave node becomes a master during a failover:

  • Users
  • Sniffer settings
  • Mail server settings
  • Network settings (including DNS, proxy, and routing tables)
  • Scheduled task settings (network share scans, and scheduled report generation)
  • Log server settings
  • Uploaded certificates
  • Device group settings
  • System Recovery settings
  • Device (including FortiClient)
  • Network Share settings\
  • Quarantine settings
  • SNMP settings
  • Widget settings
  • Adapter settings
  • Global network settings
  • Login disclaimers
  • Health Check settings
  • Local Log settings
  • Diagnostic Logs > CLI Logs settings
  • Master scan power
  • BCC and MTA adapter settings
Previous
Next