Fortinet white logo
Fortinet white logo

Administration Guide

FortiGate devices

FortiGate devices

You can add FortiSandbox as a Security Fabric device in FortiGate. For information on how to configure FortiGate to send files to FortiSandbox, see the FortiGate guides in the Fortinet Document Library.

On FortiSandbox, go to Security Fabric > Device to see the FortiGate devices and VDOMs.

The communication protocol does not include a way for the FortiGate to notify FortiSandbox whether VDOMs are enabled. When VDOMs are disabled on the FortiGate, the files from FortiGate are marked with vdom=root.

Since the FortiGate does not explicitly send a list of possible VDOMs to FortiSandbox, FortiSandbox only knows about a VDOM after it receives a file associated with it. Each of the devices VDOMs listed on this page are displayed after the first file is received from that specific VDOM.

If VDOMs are enabled on FortiGate, you can select the checkbox to have new VDOMs inherit authorization based on the device level setting. If the FortiGate authorization is disabled, all VDOMs under it will not be authorized even if authorization is enabled for a VDOM.

To edit FortiGate settings in FortiSandbox:
  1. On your FortiSandbox device, go to Security Fabric > Device.

    This page lists all devices and VDOMs.

  2. Click the FortiGate device name to open the Edit Device Settings page.
  3. Edit the following settings and then click OK.

    Device Status

    Serial Number

    Device serial number.

    Hostname

    FortiGate host name.

    IP

    IP address of the FortiGate.

    Status

    Status of the device.

    Last Modified

    Date and time the FortiGate settings were last changed.

    Last Seen

    Date and time the FortiGate last connected to FortiSandbox.

    Permissions & Policy

    Authorized

    Enable to authorize the FortiGate device. If disabled, files sent from FortiGate are dropped.

    New VDOMs/Domains Inherit Authorization

    Enable to have new VDOMs inherit the authorization setting configured at the device level.

    Email Settings

    Administrator Email

    Email address in Notifier email in FortiGate at Security Fabric > Settings > Sandbox Inspection.

    Send Notifications

    Enable to send notifications. When enabled, you receive email notifications when a file from your environment is detected as potential malware. The email contains a link to the scan job details page.

    To receive notification emails, configure a mail server in System > Mail Server and enable Send a notification email to the Device/Domain/VDOM email list when Files/URLs with selected rating are detected. Otherwise, a warning icon displays.

    Send PDF Reports

    Enable to send PDF reports of job details.

    To receive reports and define report generation frequency, configure a mail server in System > Mail Server and enable Send scheduled PDF report to Device/Domain/VDOM email address. Otherwise, a warning icon displays.

    Inline Block Policy

    Enable to check for a trusted verdict in FortiGate.

    • If Yes, the verdict is returned and the file is dropped and a log is created.
    • If No, the file is added to the job queue.

    Select the risk level to be blocked: Malicious, High Risk, Medium Risk or Low Risk.

To edit VDOM settings:
  1. On your FortiSandbox device, go to Security Fabric > Device.

    This page lists all devices and VDOMs.

  2. Click the VDOM name to open the Edit Domain Settings page.
  3. Edit the following settings and then click OK.

    Device Status

    Domain/VDOM

    Device VDOM name.

    Serial Number

    Device serial number.

    Hostname

    VDOM name in the format of Device-Name:VDOM-name.

    IP

    IP address of the FortiGate.

    Status

    Status of the device.

    Files Transmitted

    Number of files and URLs transmitted to FortiSandbox in the last seven days.

    Last Modified

    Date and time the authorization status was changed.

    Last Seen

    Date and time the FortiGate VDOM last connected to FortiSandbox.

    Permissions & Policy

    Authorized

    Enable to authorize the FortiGate VDOM.

    Submission Limitation

    Limit the VDOM submission speed. Select Unlimited or specify the number of submissions per Hour or Day.

    When the limit is reached, FortiSandbox sends a signal to FortiGate to stop file submission to save resources on both devices.

    Email Settings

    Email

    Enter the administrator email addresses for the VDOM, separated by commas.

    Send Notifications

    Enable to send notifications when viruses or malware from this VDOM is detected.

    To receive notification emails, configure a mail server in System > Mail Server and enable Send a notification email to the Device/Domain/VDOM email list when Files/URLs with selected rating are detected. Otherwise, a warning icon displays.

    Send PDF Reports

    Enable to send PDF reports of job details.

    To receive reports and define report generation frequency, configure a mail server in System > Mail Server and enable Send scheduled PDF report to Device/Domain/VDOM email address. Otherwise, a warning icon displays.

    Send Reach Limit Alert Email

    Enable to send an alert email to the VDOM email address when Submission Limitation is reached.

FortiGate devices

FortiGate devices

You can add FortiSandbox as a Security Fabric device in FortiGate. For information on how to configure FortiGate to send files to FortiSandbox, see the FortiGate guides in the Fortinet Document Library.

On FortiSandbox, go to Security Fabric > Device to see the FortiGate devices and VDOMs.

The communication protocol does not include a way for the FortiGate to notify FortiSandbox whether VDOMs are enabled. When VDOMs are disabled on the FortiGate, the files from FortiGate are marked with vdom=root.

Since the FortiGate does not explicitly send a list of possible VDOMs to FortiSandbox, FortiSandbox only knows about a VDOM after it receives a file associated with it. Each of the devices VDOMs listed on this page are displayed after the first file is received from that specific VDOM.

If VDOMs are enabled on FortiGate, you can select the checkbox to have new VDOMs inherit authorization based on the device level setting. If the FortiGate authorization is disabled, all VDOMs under it will not be authorized even if authorization is enabled for a VDOM.

To edit FortiGate settings in FortiSandbox:
  1. On your FortiSandbox device, go to Security Fabric > Device.

    This page lists all devices and VDOMs.

  2. Click the FortiGate device name to open the Edit Device Settings page.
  3. Edit the following settings and then click OK.

    Device Status

    Serial Number

    Device serial number.

    Hostname

    FortiGate host name.

    IP

    IP address of the FortiGate.

    Status

    Status of the device.

    Last Modified

    Date and time the FortiGate settings were last changed.

    Last Seen

    Date and time the FortiGate last connected to FortiSandbox.

    Permissions & Policy

    Authorized

    Enable to authorize the FortiGate device. If disabled, files sent from FortiGate are dropped.

    New VDOMs/Domains Inherit Authorization

    Enable to have new VDOMs inherit the authorization setting configured at the device level.

    Email Settings

    Administrator Email

    Email address in Notifier email in FortiGate at Security Fabric > Settings > Sandbox Inspection.

    Send Notifications

    Enable to send notifications. When enabled, you receive email notifications when a file from your environment is detected as potential malware. The email contains a link to the scan job details page.

    To receive notification emails, configure a mail server in System > Mail Server and enable Send a notification email to the Device/Domain/VDOM email list when Files/URLs with selected rating are detected. Otherwise, a warning icon displays.

    Send PDF Reports

    Enable to send PDF reports of job details.

    To receive reports and define report generation frequency, configure a mail server in System > Mail Server and enable Send scheduled PDF report to Device/Domain/VDOM email address. Otherwise, a warning icon displays.

    Inline Block Policy

    Enable to check for a trusted verdict in FortiGate.

    • If Yes, the verdict is returned and the file is dropped and a log is created.
    • If No, the file is added to the job queue.

    Select the risk level to be blocked: Malicious, High Risk, Medium Risk or Low Risk.

To edit VDOM settings:
  1. On your FortiSandbox device, go to Security Fabric > Device.

    This page lists all devices and VDOMs.

  2. Click the VDOM name to open the Edit Domain Settings page.
  3. Edit the following settings and then click OK.

    Device Status

    Domain/VDOM

    Device VDOM name.

    Serial Number

    Device serial number.

    Hostname

    VDOM name in the format of Device-Name:VDOM-name.

    IP

    IP address of the FortiGate.

    Status

    Status of the device.

    Files Transmitted

    Number of files and URLs transmitted to FortiSandbox in the last seven days.

    Last Modified

    Date and time the authorization status was changed.

    Last Seen

    Date and time the FortiGate VDOM last connected to FortiSandbox.

    Permissions & Policy

    Authorized

    Enable to authorize the FortiGate VDOM.

    Submission Limitation

    Limit the VDOM submission speed. Select Unlimited or specify the number of submissions per Hour or Day.

    When the limit is reached, FortiSandbox sends a signal to FortiGate to stop file submission to save resources on both devices.

    Email Settings

    Email

    Enter the administrator email addresses for the VDOM, separated by commas.

    Send Notifications

    Enable to send notifications when viruses or malware from this VDOM is detected.

    To receive notification emails, configure a mail server in System > Mail Server and enable Send a notification email to the Device/Domain/VDOM email list when Files/URLs with selected rating are detected. Otherwise, a warning icon displays.

    Send PDF Reports

    Enable to send PDF reports of job details.

    To receive reports and define report generation frequency, configure a mail server in System > Mail Server and enable Send scheduled PDF report to Device/Domain/VDOM email address. Otherwise, a warning icon displays.

    Send Reach Limit Alert Email

    Enable to send an alert email to the VDOM email address when Submission Limitation is reached.