Introduction
This guide describes how to configure and manage your FortiSandbox system and the connected Fortinet Security Fabric devices. For documentation on Fortinet devices, such as FortiGate and FortiClient, see Fortinet Document Library.
FortiSandbox overview
Fighting today’s Advanced Persistent Threats (APTs) requires a multi-layer approach. FortiSandbox offers the ultimate combination of proactive mitigation, advanced threat visibility, and comprehensive reporting. More than just a sandbox, FortiSandbox deploys Fortinet’s award-winning, dynamic antivirus and threat scanning technology, dual level sandboxing, and optional integrated FortiGuard cloud queries to beat Advanced Evasion Techniques (AETs) and deliver state-of-the-art threat protection.
FortiSandbox utilizes advanced detection, dynamic antivirus scanning, and threat scanning technology to detect viruses and APTs. It leverages the FortiGuard web filtering database to inspect and flag malicious URL requests, and is able to identify threats that standalone antivirus solutions may not detect.
FortiSandbox works with your existing devices, like FortiGate, FortiWeb, FortiClient and FortiMail, to identify malicious and suspicious files and network traffic. It has a complete extreme antivirus database that will catch viruses that may have been missed.
FortiSandbox can be configured to sniff traffic from the network, scan files on a network share with a predefined schedule, quarantine malicious files, and receive files from FortiGate, FortiWeb, FortiMail, and FortiClient. For example, FortiMail 5.2.0 and later allows you to forward email attachments to FortiSandbox for advanced inspection and analysis. Files can also be uploaded directly to it for sandboxing through the web GUI or JSON API. You can also submit a website URL to scan to help you identify web pages hosting malicious content before users attempt to open the pages on their host machines.
FortiSandbox executes suspicious files in the VM host module to determine if the file is High, Medium, or Low Risk based on the behavior observed in the VM sandbox module. The rating engine scores each file from its behavior log (tracer log) that is gathered in the VM module and, if the score falls within a certain range, a risk level is determined.
What's new in FortiSandbox 4.2.4
- Added replacement message on Sniffer Mode when TCP Reset is enabled. See, Sniffer.
- Show disclaimer message on SSH session. See, Login Disclaimer
- Added csv file support on Microsoft Office scan profile group.
- Enhanced Network Share scan logic on handling 10K files (conserve mode).
- Increased VM memory size on VM00, 500F and 1000F models to improve scan performance.
- Introduced a new Optional VM 'WIN10O19V1' based on Windows 10 with Office 2019.