FortiClient
FortiClient 5.4 and earlier versions can silently connect to FortiSandbox without the need to be authorized. You can de-authorize a FortiClient host manually. If a FortiClient endpoint is managed by EMS, it follows the authorization status and file submission speed setting of EMS. You can manually change these settings.
For information on how to configure FortiClient to send files to FortiSandbox, see the FortiClient Administration Guide in the Fortinet Document Library.
To view connected FortiClient endpoints in FortiSandbox, go to Scan Input > FortiClient.
The following options are available:
This page displays the following:
FCT Serial |
The FortiClient serial number. |
Hostname |
FortiClient host name. |
User |
Current user logged into the FortiClient host, if available. |
IP |
Host IP Address. |
Malicious, High, Medium, Low |
The number of malicious, high risk, medium risk, or low risk files submitted by FortiClient to FortiSandbox in the last seven days. Malicious files are not executed in the FortiSandbox VM module as the antivirus scanner has already determined the file rating. |
Clean |
Number of clean files submitted by the device to FortiSandbox in the last seven days. |
Others |
Number of other files submitted by the device to FortiSandbox in the last seven days. |
Mal Pkg |
Malware package version currently on the device. |
Auth |
If the FortiClient is authorized, you can click the FortiClient serial number and modify its authorization status. |
Limit |
Shows if this device has a submission limit. |
Status |
Status of the FortiClient host. An icon shows that the device is connected (up) or down. |
Delete |
Click to delete the FortiClient. If the device connects to FortiSandbox again, it appears as a new device. |
To edit FortiClient settings in FortiSandbox:
- On your FortiSandbox device, go to Scan Input > FortiClient.
- Click the device name to open the Edit FortiClient Settings page.
- Edit the following settings and then click OK.