Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiSandbox 4.4.5 Administration Guide
    4.4.5
    5.0.0
    4.4.6
    4.4.5
    4.4.4
    4.4.3
    4.4.2
    4.4.1
    4.4.0
    4.2.7
    4.2.6
    4.2.5
    4.2.4
    4.2.3
    4.2.2
    4.2.1
    4.2.0
    4.0.5
    4.0.4
    4.0.3
    4.0.2
    4.0.1
    4.0.0
    3.2.4
    3.2.3
    3.2.2
    3.2.1
    3.2.0
    3.1.5
    3.1.4
    3.1.3
    3.1.2
    3.1.1
    3.1.0
    3.0.7
    3.0.6

    Network Share

    Network Share

    FortiSandbox can scan files stored on a network share and optionally quarantine files of any rating. Go to Security Fabric > Network Share to view and configure network share information.

    Network share scans can be scheduled or run on-demand, and connectivity with the network share can be tested. Network Share saves scan results for four weeks.

    Note

    Network Share is only available in the Primary node of an HA cluster.
    Tooltip

    To improve the scan performance, delete any empty sub-folders in the Network Share.

    The following options are available:

    Create New

    Create a new network share.

    Edit

    Edit the selected entry.

    Clone

    Clone the selected entry. Only the Network Share Name is different. All other settings are the same as the original.

    Delete

    Delete the selected entry.

    Scan Now

    Schedule an immediate scan for the selected entry.

    Scan Details

    View the selected entry's scheduled scan entries.

    Test Connection

    Test the selected entry's connection. The result is displayed in the banner at the bottom right corner.

    The following information is displayed:

    Name

    Name of the network share.

    Scan Scheduled

    Display if the scan scheduled is enabled or not. Scheduled network scans are done in parallel.

    Type

    Mount type.

    Share Path

    Network share path.

    Quarantine

    Displays if quarantine is enabled or disabled.

    Sanitized

    Displays if sanitized is enabled or disabled..

    Enabled

    Displays if the network share is enabled or disabled. FortiSandbox does not run the scheduled scans when disabled.

    Status

    Displays if the network share status is accessible or down.

    AWS S3 and Azure Blob Storage connection status will always be . Click Test Connection for cloud storage status.
    To create a new network share:
    1. Go to Security Fabric > Network Share.
    2. Click Create New.
    3. Configure the following options and click OK.

      Enabled

      Select to enable network share configuration. If network share is not enabled, its scheduled scan will not run.

      Mount Type

      Select the mount type. The following options are available:

      For domain-based DFS namespace, ensure the domain name can be resolved with the system Primary DNS server.

      Network Share Name

      Network share name.

      Server Name/IP

      Server FQDN or IP address.

      Share Path

      File share path in the format /path1/path2.

      Scan Files Of Specified Pattern

      Include or exclude files which match a file name pattern.

      File Name Pattern

      File name pattern.

      Username, Password, Confirm Password

      Username and password. For domain users, use the format domain_name\user_name.

      Scan Job Priority

      When multiple network share scans run at the same time, higher priority scans get more scan power.

      Keep A Copy Of Original File On FortiSandbox

      Keep a copy of the original file on FortiSandbox.

      Skip Sandboxing for the same unchanged files

      To improve scan speed, you can skip sandboxing scan on existing files (if applicable) and only do sandboxing scan on new files. Existing files are only scanned by AntiVirus engine and Community Cloud query.

      Enable Quarantine of Malicious Files

      Quarantine files with a Malicious rating in the selected location.

      Quarantined files are put in a folder with the name of the Job ID and each file is renamed with the Job ID for that file and a meta file with more information.

      Enable Quarantine of Suspicious - High Risk files

      Quarantine suspicious files with a High Risk rating in the selected location.

      Quarantined files are put in a folder with the name of the Job ID and each file is renamed with the Job ID for that file and a meta file with more information.

      Enable Quarantine of Suspicious - Medium Risk files

      Quarantine suspicious files with a Medium Risk rating in the selected location.

      Quarantined files are put in a folder with the name of the Job ID and each file is renamed with the Job ID for that file and a meta file with more information.

      Enable Quarantine of Suspicious - Low Risk files

      Quarantine suspicious files with a Low Risk rating in the selected location.

      Quarantined files are put in a folder with the name of the Job ID and each file is renamed with the Job ID for that file and a meta file with more information.

      Enable Quarantine of Other rating files

      Quarantine suspicious files with a Other rating in the selected location.

      Quarantined files are put in a folder with the name of the Job ID and each file is renamed with the Job ID for that file and a meta file with more information.

      Enable copying or moving clean files to a sanitized location

      Copy or move files with a Clean rating to another location.

      By default, a new folder is created for each scheduled scan job in the sanitized location and all clean files are copied into it with the original folder structure. To save space, uncheck Keep a complete copy of clean files for every scheduled scan so that files of the same path have only one copy in the sanitized location.

      Enable Scheduled Scan

      Enable scheduled scan and specify the schedule type.

      Description

      Optional description for the network share entry.

      Send notification email after each scan

      Email a summary report for each network share scan to the specified users.

      When a file is moved, to leave a copy in its original location, go to the Quarantine edit page to enable Leave a File At Source Location and select A Copy of Original File.

    Conserve Mode:

    FortiSandbox goes into Conserve Mode once it has copied 10,000 files to the local device.

    In Conserve Mode, FortiSandbox stops copying files from the remote Network Share and continues processing the copied files until the Pending count is 5000 for a Standalone node or 5000 or more for a node in an HA Cluster.

    A warning level system log entry alerts you of the event.

    To run a network share scan immediately:
    1. Go to Security Fabric > Network Share.
    2. Select a share.

    3. Click Scan Now to immediately run the scan. If you are an admin with Prioritize Netshare Scan privileges, then you have the option of selecting Prioritize Scan.For information, see Netshare Groups.

    To test network share connectivity:
    1. Go to Security Fabric > Network Share.
    2. Select a share.
    3. Click Test Connection to test connectivity with the network share.
    Previous
    Next

    Network Share

    Network Share

    FortiSandbox can scan files stored on a network share and optionally quarantine files of any rating. Go to Security Fabric > Network Share to view and configure network share information.

    Network share scans can be scheduled or run on-demand, and connectivity with the network share can be tested. Network Share saves scan results for four weeks.

    Note

    Network Share is only available in the Primary node of an HA cluster.
    Tooltip

    To improve the scan performance, delete any empty sub-folders in the Network Share.

    The following options are available:

    Create New

    Create a new network share.

    Edit

    Edit the selected entry.

    Clone

    Clone the selected entry. Only the Network Share Name is different. All other settings are the same as the original.

    Delete

    Delete the selected entry.

    Scan Now

    Schedule an immediate scan for the selected entry.

    Scan Details

    View the selected entry's scheduled scan entries.

    Test Connection

    Test the selected entry's connection. The result is displayed in the banner at the bottom right corner.

    The following information is displayed:

    Name

    Name of the network share.

    Scan Scheduled

    Display if the scan scheduled is enabled or not. Scheduled network scans are done in parallel.

    Type

    Mount type.

    Share Path

    Network share path.

    Quarantine

    Displays if quarantine is enabled or disabled.

    Sanitized

    Displays if sanitized is enabled or disabled..

    Enabled

    Displays if the network share is enabled or disabled. FortiSandbox does not run the scheduled scans when disabled.

    Status

    Displays if the network share status is accessible or down.

    AWS S3 and Azure Blob Storage connection status will always be . Click Test Connection for cloud storage status.
    To create a new network share:
    1. Go to Security Fabric > Network Share.
    2. Click Create New.
    3. Configure the following options and click OK.

      Enabled

      Select to enable network share configuration. If network share is not enabled, its scheduled scan will not run.

      Mount Type

      Select the mount type. The following options are available:

      For domain-based DFS namespace, ensure the domain name can be resolved with the system Primary DNS server.

      Network Share Name

      Network share name.

      Server Name/IP

      Server FQDN or IP address.

      Share Path

      File share path in the format /path1/path2.

      Scan Files Of Specified Pattern

      Include or exclude files which match a file name pattern.

      File Name Pattern

      File name pattern.

      Username, Password, Confirm Password

      Username and password. For domain users, use the format domain_name\user_name.

      Scan Job Priority

      When multiple network share scans run at the same time, higher priority scans get more scan power.

      Keep A Copy Of Original File On FortiSandbox

      Keep a copy of the original file on FortiSandbox.

      Skip Sandboxing for the same unchanged files

      To improve scan speed, you can skip sandboxing scan on existing files (if applicable) and only do sandboxing scan on new files. Existing files are only scanned by AntiVirus engine and Community Cloud query.

      Enable Quarantine of Malicious Files

      Quarantine files with a Malicious rating in the selected location.

      Quarantined files are put in a folder with the name of the Job ID and each file is renamed with the Job ID for that file and a meta file with more information.

      Enable Quarantine of Suspicious - High Risk files

      Quarantine suspicious files with a High Risk rating in the selected location.

      Quarantined files are put in a folder with the name of the Job ID and each file is renamed with the Job ID for that file and a meta file with more information.

      Enable Quarantine of Suspicious - Medium Risk files

      Quarantine suspicious files with a Medium Risk rating in the selected location.

      Quarantined files are put in a folder with the name of the Job ID and each file is renamed with the Job ID for that file and a meta file with more information.

      Enable Quarantine of Suspicious - Low Risk files

      Quarantine suspicious files with a Low Risk rating in the selected location.

      Quarantined files are put in a folder with the name of the Job ID and each file is renamed with the Job ID for that file and a meta file with more information.

      Enable Quarantine of Other rating files

      Quarantine suspicious files with a Other rating in the selected location.

      Quarantined files are put in a folder with the name of the Job ID and each file is renamed with the Job ID for that file and a meta file with more information.

      Enable copying or moving clean files to a sanitized location

      Copy or move files with a Clean rating to another location.

      By default, a new folder is created for each scheduled scan job in the sanitized location and all clean files are copied into it with the original folder structure. To save space, uncheck Keep a complete copy of clean files for every scheduled scan so that files of the same path have only one copy in the sanitized location.

      Enable Scheduled Scan

      Enable scheduled scan and specify the schedule type.

      Description

      Optional description for the network share entry.

      Send notification email after each scan

      Email a summary report for each network share scan to the specified users.

      When a file is moved, to leave a copy in its original location, go to the Quarantine edit page to enable Leave a File At Source Location and select A Copy of Original File.

    Conserve Mode:

    FortiSandbox goes into Conserve Mode once it has copied 10,000 files to the local device.

    In Conserve Mode, FortiSandbox stops copying files from the remote Network Share and continues processing the copied files until the Pending count is 5000 for a Standalone node or 5000 or more for a node in an HA Cluster.

    A warning level system log entry alerts you of the event.

    To run a network share scan immediately:
    1. Go to Security Fabric > Network Share.
    2. Select a share.

    3. Click Scan Now to immediately run the scan. If you are an admin with Prioritize Netshare Scan privileges, then you have the option of selecting Prioritize Scan.For information, see Netshare Groups.

    To test network share connectivity:
    1. Go to Security Fabric > Network Share.
    2. Select a share.
    3. Click Test Connection to test connectivity with the network share.
    Previous
    Next