Fortinet white logo
Fortinet white logo

Administration Guide

Inline Block Policy

Inline Block Policy

The Inline Block Policy improves the scan performance by checking for a trusted verdict in FortiGates running FOS v7.2 and higher.

  • If a trusted verdict is found, the verdict is returned, the file is released, and a log is created.
  • If a trusted verdict is not found, the file is added to the job queue and action is taken based on the policy configuration.

You can select the file types FortiGate is allowed to send to FortiSandbox. All other file types will be blocked.

For information about Inline Block, see Understanding the Inline Block feature in the Best Practices and Troubleshooting Guide.

To enable Inline Block Policy:
  1. Go to Security Fabric > Device and select a FortiGate device.
  2. Enable Inline Block Policy. The default file list is displayed.

  3. Under Files with selected risk will be blocked, select the risk level (Malicious, High Risk, Medium Risk or Low Risk.). You can select multiple risk levels.
  4. (Optional) Add additional file types.
    1. Click Add inline block files types. The available file types are displayed.
    2. Select the files to be added to the inline block list or click Select a/l.
    3. To remove files from the block list, click Restore to default types.

  5. Click OK.
Caution

FortiSandbox must be reachable via port 4443.

To automatically enable Inline Block policy on all FortiGates:

device-authorization -i

Note

The FortiGate needs to be authorized manually in the Security Fabric > Device page before FortiSandbox can accept files from it. FortiGate can only connect to FortiSandbox by an Admin or API port for Inline Blocking.

Inline Block Policy

Inline Block Policy

The Inline Block Policy improves the scan performance by checking for a trusted verdict in FortiGates running FOS v7.2 and higher.

  • If a trusted verdict is found, the verdict is returned, the file is released, and a log is created.
  • If a trusted verdict is not found, the file is added to the job queue and action is taken based on the policy configuration.

You can select the file types FortiGate is allowed to send to FortiSandbox. All other file types will be blocked.

For information about Inline Block, see Understanding the Inline Block feature in the Best Practices and Troubleshooting Guide.

To enable Inline Block Policy:
  1. Go to Security Fabric > Device and select a FortiGate device.
  2. Enable Inline Block Policy. The default file list is displayed.

  3. Under Files with selected risk will be blocked, select the risk level (Malicious, High Risk, Medium Risk or Low Risk.). You can select multiple risk levels.
  4. (Optional) Add additional file types.
    1. Click Add inline block files types. The available file types are displayed.
    2. Select the files to be added to the inline block list or click Select a/l.
    3. To remove files from the block list, click Restore to default types.

  5. Click OK.
Caution

FortiSandbox must be reachable via port 4443.

To automatically enable Inline Block policy on all FortiGates:

device-authorization -i

Note

The FortiGate needs to be authorized manually in the Security Fabric > Device page before FortiSandbox can accept files from it. FortiGate can only connect to FortiSandbox by an Admin or API port for Inline Blocking.