Fortinet black logo

Administration Guide

General Settings

Copy Link
Copy Doc ID 4f5a6250-a945-11ec-9fd1-fa163e15d75b:342320
Download PDF

General Settings

Go to Scan Policy and Object > General Settings to view and configure the General Options.

The following options are available:

Upload malicious and suspicious file information to Sandbox Community Cloud

Enable to upload malicious and suspicious file and URL information to the Sandbox Community Cloud. If enabled, the original file/URL, file/URL checksum, tracer log, verdict, submitting device serial number, and downloading URL are uploaded.

Submit suspicious URL to Fortinet WebFilter Service

Enable to submit malware downloading URL to the FortiGuard Web Filter Service.

Upload statistics data to FortiGuard service

Enable to upload statistics to FortiGuard. If enabled, the following are uploaded: submitting device serial number and firmware, job-related results and statistics.

Allow Virtual Machines to access external network through outgoing port3

Enable to allow Virtual Machines to access external network through the outgoing port3. For further details, refer to the port3 (VM outgoing interface) topic in Interfaces.

Status

Port3 status to access the Internet.

Gateway

Enter the next hop gateway IP address.

The System and VM cannot use the same gateway to access the Internet.

Disable SIMNET if Virtual Machines are not able to access external network through outgoing port3

Enable to disable SIMNET when Virtual Machines are not able to access external network through the outgoing port3.

DNS

DNS server used by VM images when a file is scanned.

Use Proxy

Enable to use the proxy. Configure the Proxy Type, Server Name/IP, Port, Proxy Username, and Proxy Password.

When the proxy server is enabled, all the non UDP outgoing traffic started from Sandbox VM will be directed to the proxy server.

When a proxy server is used, if the proxy server type is not SOCKS, the system level DNS server is used. If the type is SOCKS5, users need to configure an external DNS server that port3 can access.

For other traffic started by FortiSandbox firmware, such as FortiGuard Distribution Network (FDN) upgrades, the configurations should be done under the Network menu.

Proxy Type

Select the proxy type from the dropdown list. The following options are available:

  • HTTP Connect
  • SOCKS v4
  • SOCKS v5; requires DNS

UDP protocol is not supported.

Server Name/IP

Enter the proxy server name or IP address.

Port

Enter the proxy server port number.

Proxy Username

Enter a proxy username.

Proxy Password

Enter the proxy password.

Apply default passwords to extract archive files

User can define a list of passwords that can be tried to extract archive files. Input passwords line by line.

Set password for password protected PDF and office files

User can define one password for PDF and Office files.

Set customized password for original files

User can define their own password for the original sample when downloaded from FortiSandbox.

Disable Community Cloud Query

By default the Cloud Query is enabled. Disable the Cloud Query in the following scenarios:

  • You have an enclosed environment. Disabling the Cloud Query will improve the scan speed.
  • You receive an incorrect verdict from the Cloud Query and before Fortinet fixes it, you can turn it off temporarily.

Disable AV Rescan of finished Jobs

AV signature updates are frequent (every hour). Running an AV rescan against finished jobs of the last 48 hours could hinder performance. You have the option to disable the AV Rescan to improve performance.

Enable URL call back detection

Enable URL call back detection. When enabled, previously detected clean URLs in sniffed traffic are frequently queried against Web Filtering service.

Enable log event of file submission

Enable to log the file submission events of an input source.

Devices

Select to log the file submission events of a device, like FortiGate, FortiMail, or FortiClient.

Adapter

Select to log the file submission events from an adapter like a Carbon Black server.

Network Share

Select to log the file submission events when they are from a network share.

ICAP

Select to log the file submission events from an ICAP client.

BCC Adapter

Select to log the file submission events from a BCC client.

MTA Adapter

Select to log the file submission events from a MTA client.

Reject duplicate file from device

Enable to reject duplicate files from devices.

Delete original files of Clean or Other rating after

Enable to delete original files of Clean or Other ratings after a specified time. If the time is 0, the original files with either Clean or Other ratings will not be kept on the system. Original files of Clean or Other rating can be kept in system for a maximum of 4 weeks.

Day

Enter the day.

Hour

Enter the hour.

Minute

Enter the minute.

Delete original files of Malicious or Suspicious rating after

Enable to delete original files of Malicious or Suspicious ratings after a specified time.

Day

Enter the day.

Hour

Enter the hour.

Minute

Enter the minute.

Delete all traces of jobs of Clean or Other rating after

Enable to delete all traces of jobs of Clean or Other ratings after a specified time. Traces of jobs with Clean or Other rating can be kept in system for a maximum of 4 weeks.

Day

Enter the day.

Hour

Enter the hour.

Minute

Enter the minute.

Delete all traces of jobs of Malicious or Suspicious rating after

Enable to delete all traces of jobs of Malicious or Suspicious ratings after a specified time.

Day

Enter the day.

Hour

Enter the hour.

Minute

Enter the minute.

By default, job traces of files with a Clean or Other rating will be kept for three days.

General Settings

Go to Scan Policy and Object > General Settings to view and configure the General Options.

The following options are available:

Upload malicious and suspicious file information to Sandbox Community Cloud

Enable to upload malicious and suspicious file and URL information to the Sandbox Community Cloud. If enabled, the original file/URL, file/URL checksum, tracer log, verdict, submitting device serial number, and downloading URL are uploaded.

Submit suspicious URL to Fortinet WebFilter Service

Enable to submit malware downloading URL to the FortiGuard Web Filter Service.

Upload statistics data to FortiGuard service

Enable to upload statistics to FortiGuard. If enabled, the following are uploaded: submitting device serial number and firmware, job-related results and statistics.

Allow Virtual Machines to access external network through outgoing port3

Enable to allow Virtual Machines to access external network through the outgoing port3. For further details, refer to the port3 (VM outgoing interface) topic in Interfaces.

Status

Port3 status to access the Internet.

Gateway

Enter the next hop gateway IP address.

The System and VM cannot use the same gateway to access the Internet.

Disable SIMNET if Virtual Machines are not able to access external network through outgoing port3

Enable to disable SIMNET when Virtual Machines are not able to access external network through the outgoing port3.

DNS

DNS server used by VM images when a file is scanned.

Use Proxy

Enable to use the proxy. Configure the Proxy Type, Server Name/IP, Port, Proxy Username, and Proxy Password.

When the proxy server is enabled, all the non UDP outgoing traffic started from Sandbox VM will be directed to the proxy server.

When a proxy server is used, if the proxy server type is not SOCKS, the system level DNS server is used. If the type is SOCKS5, users need to configure an external DNS server that port3 can access.

For other traffic started by FortiSandbox firmware, such as FortiGuard Distribution Network (FDN) upgrades, the configurations should be done under the Network menu.

Proxy Type

Select the proxy type from the dropdown list. The following options are available:

  • HTTP Connect
  • SOCKS v4
  • SOCKS v5; requires DNS

UDP protocol is not supported.

Server Name/IP

Enter the proxy server name or IP address.

Port

Enter the proxy server port number.

Proxy Username

Enter a proxy username.

Proxy Password

Enter the proxy password.

Apply default passwords to extract archive files

User can define a list of passwords that can be tried to extract archive files. Input passwords line by line.

Set password for password protected PDF and office files

User can define one password for PDF and Office files.

Set customized password for original files

User can define their own password for the original sample when downloaded from FortiSandbox.

Disable Community Cloud Query

By default the Cloud Query is enabled. Disable the Cloud Query in the following scenarios:

  • You have an enclosed environment. Disabling the Cloud Query will improve the scan speed.
  • You receive an incorrect verdict from the Cloud Query and before Fortinet fixes it, you can turn it off temporarily.

Disable AV Rescan of finished Jobs

AV signature updates are frequent (every hour). Running an AV rescan against finished jobs of the last 48 hours could hinder performance. You have the option to disable the AV Rescan to improve performance.

Enable URL call back detection

Enable URL call back detection. When enabled, previously detected clean URLs in sniffed traffic are frequently queried against Web Filtering service.

Enable log event of file submission

Enable to log the file submission events of an input source.

Devices

Select to log the file submission events of a device, like FortiGate, FortiMail, or FortiClient.

Adapter

Select to log the file submission events from an adapter like a Carbon Black server.

Network Share

Select to log the file submission events when they are from a network share.

ICAP

Select to log the file submission events from an ICAP client.

BCC Adapter

Select to log the file submission events from a BCC client.

MTA Adapter

Select to log the file submission events from a MTA client.

Reject duplicate file from device

Enable to reject duplicate files from devices.

Delete original files of Clean or Other rating after

Enable to delete original files of Clean or Other ratings after a specified time. If the time is 0, the original files with either Clean or Other ratings will not be kept on the system. Original files of Clean or Other rating can be kept in system for a maximum of 4 weeks.

Day

Enter the day.

Hour

Enter the hour.

Minute

Enter the minute.

Delete original files of Malicious or Suspicious rating after

Enable to delete original files of Malicious or Suspicious ratings after a specified time.

Day

Enter the day.

Hour

Enter the hour.

Minute

Enter the minute.

Delete all traces of jobs of Clean or Other rating after

Enable to delete all traces of jobs of Clean or Other ratings after a specified time. Traces of jobs with Clean or Other rating can be kept in system for a maximum of 4 weeks.

Day

Enter the day.

Hour

Enter the hour.

Minute

Enter the minute.

Delete all traces of jobs of Malicious or Suspicious rating after

Enable to delete all traces of jobs of Malicious or Suspicious ratings after a specified time.

Day

Enter the day.

Hour

Enter the hour.

Minute

Enter the minute.

By default, job traces of files with a Clean or Other rating will be kept for three days.