Interfaces
To view and manage interfaces, go to System > Interfaces.
This page displays the following information and options:
Interface |
The interface name and description, where applicable. The failover IP includes the description: (cluster external port). |
|||
|
port1 (administration port) |
port1 is hard-coded as the administration interface. You can enable or disable HTTP, SSH, or Telnet access rights on port1. HTTPS is enabled by default. You can use port1 for Device mode, although a different, dedicated port is recommended. |
||
|
port2 |
You can use port2 for Sniffer mode, Device mode, or inter-node communication within a cluster. |
||
|
port3 (VM outgoing interface) |
port3 is reserved for outgoing communication triggered by the execution of the files under analysis. FortiSandbox uses port3 to allow scanned files to access the Internet. The Internet visiting behavior is an important factor to determine if a file is malicious. As malicious files are infectious, ensure that the connection for port3 is isolated but can also access the Internet. Do not allow this connection to belong to or be able to access any internal subnet that needs to be protected. Fortinet recommends placing this interface on an isolated network behind a firewall. FortiSandbox VM accesses external networks through port3. Configure the next hop gateway and DNS settings in System > Settings > VM External Network Access. This allows files running inside VMs to access the external network. One special type of outgoing communication from a guest VM is to connect to the Microsoft activation server to activate the Windows Sandbox VM product keys. Office licenses are verified through VM machines so internet access via port3 is required to contact Microsoft for license activation. If the VM cannot access the outside network, a simulated network (SIMNET) starts by default. SIMNET provides responses to popular network services like
|
||
|
port4 |
You can use port4 for Sniffer mode, Device mode, or inter-node communication within a cluster. |
||
|
port5/port6 |
You can use port5 and port6 for Sniffer mode, Device mode, or inter-node communication within a cluster. We recommend using port5 and port6 of FortiSandbox devices with 10G fiber ports for primary or secondary node as communications ports with cluster workers. |
||
|
port7/port8 |
You can use port7 and port8 for Sniffer mode, Device mode, or inter-node communication within a cluster. |
||
IPv4 |
IPv4 IP address and subnet mask of the interface. |
|||
IPv6 |
IPv6 IP address and subnet mask of the interface. |
|||
Interface Status |
State of the interface:
|
|||
Link Status |
Link status:
|
|||
Access Rights |
Access rights associated with the interface. HTTPS is enabled by default on port1 and any other administrative port set by the CLI command |
|||
PCAP |
Click the PCAP icon to sniff the traffic of an interface for up to 60 seconds. Click Capture & Download to download the PCAP file as a zip file. Maximum file size is 100MB file size. You can define the tcpdump filter such as host 172.10.1.1 or TCP port 443. You can only run one capture at a time for each port. Sniffing ports are combined and treated as a single port. |
|||
Create New |
Create an interface. |
|||
Edit |
Edit the selected interface. |
For more information, see Port and access control information .
To set up more administration ports, use the CLI command set admin-port
.
The following subnets are reserved by FortiSandbox. Do not configure interface IP addresses in this range.
192.168.56.0/24
192.168.57.0/24
192.168.250.0/24