Inline Block Policy
The Inline Block Policy improves the scan performance by checking for a trusted verdict in FortiGates running FOS v7.2 and higher.
- If a trusted verdict is found, the verdict is returned, the file is released, and a log is created.
- If a trusted verdict is not found, the file is added to the job queue and action is taken based on the policy configuration.
For information about Inline Block, see Understanding the Inline Block feature in the Best Practices and Troubleshooting Guide.
To enable Inline Block Policy:
- Go to Security Fabric > Device and select a FortiGate device.
- Enable Inline Block Policy.
- Under Files with selected risk will be blocked, select the risk level (Malicious, High Risk, Medium Risk or Low Risk.). You can select multiple risk levels.
- Click OK.
FortiSandbox must be reachable via port 4443. |
To automatically enable Inline Block policy on all FortiGates:
device-authorization -I
The FortiGate needs to be authorized manually in the Security Fabric > Device page before FortiSandbox can accept files from it. FortiGate can only connect to FortiSandbox by an Admin or API port for Inline Blocking. |