Fortinet black logo

Administration Guide

Network Share

Copy Link
Copy Doc ID 8b8f8f3b-5202-11ec-bdf2-fa163e15d75b:755608
Download PDF

Network Share

FortiSandbox can scan files stored on a network share and optionally quarantine any malicious files. Go to Security Fabric > Network Share to view and configure network share information.

Note

In an HA-Cluster, the Network Share page is only shown on the HA primary device, therefore you can only edit the page on the primary node. After an HA failover, all configurations of network shares will be synced to the new primary device.

Network share scans can be scheduled or run on-demand, and connectivity with the network share can be tested.

Note

After v3.2.0 the scheduled or on-demand scan job stops when the system firmware reboots. The scheduled scan will run on schedule after the reboot. The on-demand scan will need to be run manually if required.

The following options are available:

Create New

Create a new network share.

Edit

Edit the selected entry.

Clone

Clone the selected entry. Only the Network Share Name is different. All other settings are the same as the original.

Delete

Delete the selected entry.

Scan Now

Scan the selected entry.

Scan Details

View the selected entry's scheduled scan entries.

Test Connection

Test the selected entry's connection. The banner at the top displays the result.

The following information is displayed:

Name

Name of the network share.

Scan Scheduled

The scan scheduled status. Scheduled network scans are done in parallel.

Type

Mount type.

Share Path

File share path.

Quarantine

Displays if quarantine is enabled.

Enabled

Displays if the network share is enabled. A disabled network share does not run its scheduled scans.

Status

Displays if the network share status is accessible or down.

To create a new network share:
  1. Go to Security Fabric > Network Share.
  2. Click Create New.
  3. Configure the following options and click OK.

    Enabled

    Select to enable network share configuration. If network share is not enabled, its scheduled scan will not run.

    Mount Type

    Select the mount type. The following options are available:

    • CIFS (SMB v1.0, v2.0, v2.1, v3.0).

      For Microsoft DFS, only SMB v1.0 is supported.

    • NFSv2.
    • NFSv3.
    • NFSv4.
    • Azure File Share. See Cloud Storage.
    • AWS S3. See Cloud Storage.

    For domain-based DFS namespace, ensure the domain name can be resolved with the system Primary DNS server.

    Network Share Name

    Network share name.

    Server Name/IP

    Server FQDN or IP address.

    Share Path

    File share path in the format /path1/path2.

    Scan Files Of Specified Pattern

    Include or exclude files which match a file name pattern.

    File Name Pattern

    File name pattern.

    Username, Password, Confirm Password

    Username and password. For domain users, use the format:

    domain_name\user_name

    Or

    user_name@full_domain_name

    Scan Job Priority

    When multiple network share scans run at the same time, higher priority scans get more scan power.

    Keep A Copy Of Original File On FortiSandbox

    Keep a copy of the original file on FortiSandbox.

    Skip Sandboxing for the same unchanged files

    To improve scan speed, you can skip sandboxing scan on existing files (if applicable) and only do sandboxing scan on new files. Existing files are only scanned by AntiVirus engine and Community Cloud query.

    Enable Quarantine of Malicious Files

    Quarantine files with a Malicious rating in the selected location.

    Quarantined files are put in a folder with the name of the Job ID and each file is renamed with the Job ID for that file and a meta file with more information.

    Enable Quarantine of Suspicious - High Risk files

    Quarantine suspicious files with a High Risk rating in the selected location.

    Quarantined files are put in a folder with the name of the Job ID and each file is renamed with the Job ID for that file and a meta file with more information.

    Enable Quarantine of Suspicious - Medium Risk files

    Quarantine suspicious files with a Medium Risk rating in the selected location.

    Quarantined files are put in a folder with the name of the Job ID and each file is renamed with the Job ID for that file and a meta file with more information.

    Enable Quarantine of Suspicious - Low Risk files

    Quarantine suspicious files with a Low Risk rating in the selected location.

    Quarantined files are put in a folder with the name of the Job ID and each file is renamed with the Job ID for that file and a meta file with more information.

    Enable Quarantine of Other rating files

    Quarantine suspicious files with a Other rating in the selected location.

    Quarantined files are put in a folder with the name of the Job ID and each file is renamed with the Job ID for that file and a meta file with more information.

    Enable copying or moving clean files to a sanitized location

    Copy or move files with a Clean rating to another location.

    By default, a new folder is created for each scheduled scan job in the sanitized location and all clean files are copied into it with the original folder structure. To save space, uncheck Keep a complete copy of clean files for every scheduled scan so that files of the same path have only one copy in the sanitized location.

    Enable Scheduled Scan

    Enable scheduled scan and specify the schedule type.

    Description

    Optional description for the network share entry.

    Send notification email after each scan

    Email a summary report for each network share scan to the specified users.

    When a file is moved, to leave a copy in its original location, go to the Quarantine edit page or sanitized share and select the Keep Original File At Current Location.

If FortiSandbox goes into network share conserve mode, it stops processing files and creates a critical level system log entry to alert you.

To run a network share scan immediately:
  1. Go to Security Fabric > Network Share.
  2. Select a share.
  3. Click Scan Now to immediately run the scan.
To test network share connectivity:
  1. Go to Security Fabric > Network Share.
  2. Select a share.
  3. Click Test Connection to test connectivity with the network share.

Network Share

FortiSandbox can scan files stored on a network share and optionally quarantine any malicious files. Go to Security Fabric > Network Share to view and configure network share information.

Note

In an HA-Cluster, the Network Share page is only shown on the HA primary device, therefore you can only edit the page on the primary node. After an HA failover, all configurations of network shares will be synced to the new primary device.

Network share scans can be scheduled or run on-demand, and connectivity with the network share can be tested.

Note

After v3.2.0 the scheduled or on-demand scan job stops when the system firmware reboots. The scheduled scan will run on schedule after the reboot. The on-demand scan will need to be run manually if required.

The following options are available:

Create New

Create a new network share.

Edit

Edit the selected entry.

Clone

Clone the selected entry. Only the Network Share Name is different. All other settings are the same as the original.

Delete

Delete the selected entry.

Scan Now

Scan the selected entry.

Scan Details

View the selected entry's scheduled scan entries.

Test Connection

Test the selected entry's connection. The banner at the top displays the result.

The following information is displayed:

Name

Name of the network share.

Scan Scheduled

The scan scheduled status. Scheduled network scans are done in parallel.

Type

Mount type.

Share Path

File share path.

Quarantine

Displays if quarantine is enabled.

Enabled

Displays if the network share is enabled. A disabled network share does not run its scheduled scans.

Status

Displays if the network share status is accessible or down.

To create a new network share:
  1. Go to Security Fabric > Network Share.
  2. Click Create New.
  3. Configure the following options and click OK.

    Enabled

    Select to enable network share configuration. If network share is not enabled, its scheduled scan will not run.

    Mount Type

    Select the mount type. The following options are available:

    • CIFS (SMB v1.0, v2.0, v2.1, v3.0).

      For Microsoft DFS, only SMB v1.0 is supported.

    • NFSv2.
    • NFSv3.
    • NFSv4.
    • Azure File Share. See Cloud Storage.
    • AWS S3. See Cloud Storage.

    For domain-based DFS namespace, ensure the domain name can be resolved with the system Primary DNS server.

    Network Share Name

    Network share name.

    Server Name/IP

    Server FQDN or IP address.

    Share Path

    File share path in the format /path1/path2.

    Scan Files Of Specified Pattern

    Include or exclude files which match a file name pattern.

    File Name Pattern

    File name pattern.

    Username, Password, Confirm Password

    Username and password. For domain users, use the format:

    domain_name\user_name

    Or

    user_name@full_domain_name

    Scan Job Priority

    When multiple network share scans run at the same time, higher priority scans get more scan power.

    Keep A Copy Of Original File On FortiSandbox

    Keep a copy of the original file on FortiSandbox.

    Skip Sandboxing for the same unchanged files

    To improve scan speed, you can skip sandboxing scan on existing files (if applicable) and only do sandboxing scan on new files. Existing files are only scanned by AntiVirus engine and Community Cloud query.

    Enable Quarantine of Malicious Files

    Quarantine files with a Malicious rating in the selected location.

    Quarantined files are put in a folder with the name of the Job ID and each file is renamed with the Job ID for that file and a meta file with more information.

    Enable Quarantine of Suspicious - High Risk files

    Quarantine suspicious files with a High Risk rating in the selected location.

    Quarantined files are put in a folder with the name of the Job ID and each file is renamed with the Job ID for that file and a meta file with more information.

    Enable Quarantine of Suspicious - Medium Risk files

    Quarantine suspicious files with a Medium Risk rating in the selected location.

    Quarantined files are put in a folder with the name of the Job ID and each file is renamed with the Job ID for that file and a meta file with more information.

    Enable Quarantine of Suspicious - Low Risk files

    Quarantine suspicious files with a Low Risk rating in the selected location.

    Quarantined files are put in a folder with the name of the Job ID and each file is renamed with the Job ID for that file and a meta file with more information.

    Enable Quarantine of Other rating files

    Quarantine suspicious files with a Other rating in the selected location.

    Quarantined files are put in a folder with the name of the Job ID and each file is renamed with the Job ID for that file and a meta file with more information.

    Enable copying or moving clean files to a sanitized location

    Copy or move files with a Clean rating to another location.

    By default, a new folder is created for each scheduled scan job in the sanitized location and all clean files are copied into it with the original folder structure. To save space, uncheck Keep a complete copy of clean files for every scheduled scan so that files of the same path have only one copy in the sanitized location.

    Enable Scheduled Scan

    Enable scheduled scan and specify the schedule type.

    Description

    Optional description for the network share entry.

    Send notification email after each scan

    Email a summary report for each network share scan to the specified users.

    When a file is moved, to leave a copy in its original location, go to the Quarantine edit page or sanitized share and select the Keep Original File At Current Location.

If FortiSandbox goes into network share conserve mode, it stops processing files and creates a critical level system log entry to alert you.

To run a network share scan immediately:
  1. Go to Security Fabric > Network Share.
  2. Select a share.
  3. Click Scan Now to immediately run the scan.
To test network share connectivity:
  1. Go to Security Fabric > Network Share.
  2. Select a share.
  3. Click Test Connection to test connectivity with the network share.