Fortinet white logo
Fortinet white logo

Administration Guide

Settings

Settings

Go to System > Settings to configure the administrator account settings.

GUI

Idle timeout

Length of time before FortiSandbox logs out an inactive user, from 1 to 480 minutes.

Language

Change the GUI language.

Show alarms of unprocessed detections in Notifications on Header Bar

Enable this option to show notifications in the top banner. Select the time period and rating of notifications. You must log out and log back in to show notifications. Click the notification to go to Dashboard > Operation Center to see the details.

VM External Network Access

Allow Virtual Machines to access external network through outgoing port3

Enable to allow Virtual Machines to access external network through the outgoing port3. For further details, refer to the port3 (VM outgoing interface) topic in Interfaces.

Status

Port3 status to access the Internet.

Gateway

Enter the next hop gateway IP address.

The System and VM cannot use the same gateway to access the Internet.

Disable SIMNET if Virtual Machines are not able to access external network through outgoing port3

Enable to disable SIMNET when Virtual Machines are not able to access external network through the outgoing port3.

DNS

DNS server used by VM images when a file is scanned.

Use Proxy

Enable to use the proxy. Configure the Proxy Type, Server Name/IP, Port, Proxy Username, and Proxy Password.

When the proxy server is enabled, all the non UDP outgoing traffic started from Sandbox VM will be directed to the proxy server.

When a proxy server is used, if the proxy server type is HTTP CONNECT, the system level DNS server is used and accessed via system routings. If the type is SOCKS5, users need to configure an external DNS server that port3 can access via proxy server.

For other traffic started by FortiSandbox firmware, such as FortiGuard Distribution Network (FDN) upgrades, the configurations should be done under the FortiGuard menu.

Proxy Type

Select the proxy type from the dropdown list. The following options are available:

  • HTTP Connect (System DNS is used)
  • SOCKS v5 (Requires DNS)

Server Name/IP

Enter the proxy server name or IP address.

Port

Enter the proxy server port number.

Proxy Username

Enter a proxy username.

Proxy Password

Enter the proxy password.

Data Storage

Delete original files of Clean or Other rating after

Enable to delete all traces of jobs of Clean or Other ratings after a specified time. If the time is 0, the original files with either Clean or Other ratings will not be kept on the system. Original files with Clean or Other rating can be kept in the system for a maximum of 4 weeks.

Delete original files of Malicious or Suspicious rating after

Enable to delete original files with Malicious or Suspicious ratings after a specified time.

Delete all traces of jobs of Clean or Other rating after

Enable to delete all traces of jobs with Clean or Other ratings after a specified time. Traces of jobs with Clean or Other rating can be kept in system for a maximum of 4 weeks. The duration to keep the job traces should be longer than the duration to keep the original files.

Delete all traces of jobs of Malicious or Suspicious rating after

Enable to delete all traces of jobs with Malicious or Suspicious ratings after a specified time. The setting time also affects records in Network Alerts.

Download of Original file

Set customized password for original files

Enter a password for the downloaded original file. If this option is disabled, the default password is fortisandbox.

Include a readme file containing extraction password in downloaded job package

All downloaded archive files will have a readme file with the customized password. When disabled, the readme file will be removed from the downloaded archive file.

Reset all widgets

Reset all widgets in Dashboard > Status.

Note

By default, job traces of files with a Clean or Other rating will be kept for three days.

Note

If Delete all traces of jobs of Malicious or Suspicious rating after is configured, the network alert records in Log & Report > Network Alerts will be deleted after the specified time. Otherwise, the network alert records deletion period is 32 days.

Settings

Settings

Go to System > Settings to configure the administrator account settings.

GUI

Idle timeout

Length of time before FortiSandbox logs out an inactive user, from 1 to 480 minutes.

Language

Change the GUI language.

Show alarms of unprocessed detections in Notifications on Header Bar

Enable this option to show notifications in the top banner. Select the time period and rating of notifications. You must log out and log back in to show notifications. Click the notification to go to Dashboard > Operation Center to see the details.

VM External Network Access

Allow Virtual Machines to access external network through outgoing port3

Enable to allow Virtual Machines to access external network through the outgoing port3. For further details, refer to the port3 (VM outgoing interface) topic in Interfaces.

Status

Port3 status to access the Internet.

Gateway

Enter the next hop gateway IP address.

The System and VM cannot use the same gateway to access the Internet.

Disable SIMNET if Virtual Machines are not able to access external network through outgoing port3

Enable to disable SIMNET when Virtual Machines are not able to access external network through the outgoing port3.

DNS

DNS server used by VM images when a file is scanned.

Use Proxy

Enable to use the proxy. Configure the Proxy Type, Server Name/IP, Port, Proxy Username, and Proxy Password.

When the proxy server is enabled, all the non UDP outgoing traffic started from Sandbox VM will be directed to the proxy server.

When a proxy server is used, if the proxy server type is HTTP CONNECT, the system level DNS server is used and accessed via system routings. If the type is SOCKS5, users need to configure an external DNS server that port3 can access via proxy server.

For other traffic started by FortiSandbox firmware, such as FortiGuard Distribution Network (FDN) upgrades, the configurations should be done under the FortiGuard menu.

Proxy Type

Select the proxy type from the dropdown list. The following options are available:

  • HTTP Connect (System DNS is used)
  • SOCKS v5 (Requires DNS)

Server Name/IP

Enter the proxy server name or IP address.

Port

Enter the proxy server port number.

Proxy Username

Enter a proxy username.

Proxy Password

Enter the proxy password.

Data Storage

Delete original files of Clean or Other rating after

Enable to delete all traces of jobs of Clean or Other ratings after a specified time. If the time is 0, the original files with either Clean or Other ratings will not be kept on the system. Original files with Clean or Other rating can be kept in the system for a maximum of 4 weeks.

Delete original files of Malicious or Suspicious rating after

Enable to delete original files with Malicious or Suspicious ratings after a specified time.

Delete all traces of jobs of Clean or Other rating after

Enable to delete all traces of jobs with Clean or Other ratings after a specified time. Traces of jobs with Clean or Other rating can be kept in system for a maximum of 4 weeks. The duration to keep the job traces should be longer than the duration to keep the original files.

Delete all traces of jobs of Malicious or Suspicious rating after

Enable to delete all traces of jobs with Malicious or Suspicious ratings after a specified time. The setting time also affects records in Network Alerts.

Download of Original file

Set customized password for original files

Enter a password for the downloaded original file. If this option is disabled, the default password is fortisandbox.

Include a readme file containing extraction password in downloaded job package

All downloaded archive files will have a readme file with the customized password. When disabled, the readme file will be removed from the downloaded archive file.

Reset all widgets

Reset all widgets in Dashboard > Status.

Note

By default, job traces of files with a Clean or Other rating will be kept for three days.

Note

If Delete all traces of jobs of Malicious or Suspicious rating after is configured, the network alert records in Log & Report > Network Alerts will be deleted after the specified time. Otherwise, the network alert records deletion period is 32 days.