Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiSandbox 5.0.0 Administration Guide
    5.0.0
    5.0.0
    4.4.6
    4.4.5
    4.4.4
    4.4.3
    4.4.2
    4.4.1
    4.4.0
    4.2.7
    4.2.6
    4.2.5
    4.2.4
    4.2.3
    4.2.2
    4.2.1
    4.2.0
    4.0.5
    4.0.4
    4.0.3
    4.0.2
    4.0.1
    4.0.0
    3.2.4
    3.2.3
    3.2.2
    3.2.1
    3.2.0
    3.1.5
    3.1.4
    3.1.3
    3.1.2
    3.1.1
    3.1.0
    3.0.7
    3.0.6

    Quarantine

    Quarantine

    Create and edit quarantine locations in the Security Fabric. Quarantine supports SMB, NFS, AWS S3, Azure File Share, Azure Blob Storage, Google Cloud Storage, MS One Drive and SFTP mount types. To view the quarantine information, go to Security Fabric > Quarantine .

    Note

    Quarantine is only available in the Primary node of an HA cluster

    The following options are available:

    Create New

    Select to create a new quarantine location.

    Edit

    Select an entry from the list and then select Edit in the toolbar to edit the entry selected. When editing an entry you can select to test connectivity to ensure that the quarantine location is accessible.

    Delete

    Select an entry from the list and then select Delete in the toolbar to remove the entry selected.

    Test Connection

    Test the selected entry's connection. The result is displayed in the banner at the bottom right corner.

    The following information is displayed:

    Name

    The name of the quarantine location.

    Type

    The mount type.

    Share Path

    The file share path.

    Enabled

    Displays if the quarantine location is enabled.

    Status

    		 Displays the quarantine access status. One of the following states:
    • Quarantine is Accessible
    • Quarantine Down

    Click Test Connection to show the connection status (AWS S3, Azure Blob Storage, Google Cloud Storage, MS One Drive and SFTP).
    To create a new quarantine entry:
    1. Go to Security Fabric > Quarantine.
    2. Click the Create New button from the toolbar.
    3. Configure the following options:

      Enabled

      Select to enable quarantine location.

      Quarantine Name

      Enter the quarantine name.

      Mount Type

      Select the mount type from the dropdown list. The following options are available:

      Server Name/IP

      Enter the server fully qualified domain name (FQDN) or IP address.

      Share Path

      Enter the file share path. In the format /path1/path2.

      Username

      Enter a user name. For a domain user, use the format domain_name\user_name.

      Password

      Enter the password.

      Confirm Password

      Enter the password a second time for verification.

      Keep Original File At Current Location

      Select to keep the original file at the current location when a file is quarantined from a network share. By default, the original file is kept at its current location when being moved.

      NOTE: Configuring this setting may affect when the original files are kept, deleted and transferred after a network share scan. For detailed information, see Configure Network share to keep, delete or transfer files in the FortiSandbox Best Practice guide.

      Enable/Disable

      • Enable: Keep the original file at its network share location.

      • Disable: Allow FSA to delete the original file from the network share location.

      By default, the original file is kept at its current location.

      A Copy of Original File

      Select to keep the original file at the current network share location without change. By default, the original file is kept at its current location without change.

      A Placeholder File Showing File is Quarantined

      Select to allow FortiSandbox remove the original file from the network share location and .quarantine files generated for non CLEAN files.

      Description

      Enter an optional description for the quarantine location entry.

    4. Select OK to save the entry.
    To edit a quarantine:
    1. Go to Security Fabric > Quarantine.
    2. Select a quarantine.
    3. Click the Edit button from the toolbar.
    4. Make the necessary changes.
    5. Click OK to save the entry.
    To delete a quarantine:
    1. Go to Security Fabric > Quarantine.
    2. Select a quarantine.
    3. Click the Delete button from the toolbar.
    4. Click Yes I'm sure button from the Are you sure confirmation box.
    Previous
    Next

    Quarantine

    Quarantine

    Create and edit quarantine locations in the Security Fabric. Quarantine supports SMB, NFS, AWS S3, Azure File Share, Azure Blob Storage, Google Cloud Storage, MS One Drive and SFTP mount types. To view the quarantine information, go to Security Fabric > Quarantine .

    Note

    Quarantine is only available in the Primary node of an HA cluster

    The following options are available:

    Create New

    Select to create a new quarantine location.

    Edit

    Select an entry from the list and then select Edit in the toolbar to edit the entry selected. When editing an entry you can select to test connectivity to ensure that the quarantine location is accessible.

    Delete

    Select an entry from the list and then select Delete in the toolbar to remove the entry selected.

    Test Connection

    Test the selected entry's connection. The result is displayed in the banner at the bottom right corner.

    The following information is displayed:

    Name

    The name of the quarantine location.

    Type

    The mount type.

    Share Path

    The file share path.

    Enabled

    Displays if the quarantine location is enabled.

    Status

    		 Displays the quarantine access status. One of the following states:
    • Quarantine is Accessible
    • Quarantine Down

    Click Test Connection to show the connection status (AWS S3, Azure Blob Storage, Google Cloud Storage, MS One Drive and SFTP).
    To create a new quarantine entry:
    1. Go to Security Fabric > Quarantine.
    2. Click the Create New button from the toolbar.
    3. Configure the following options:

      Enabled

      Select to enable quarantine location.

      Quarantine Name

      Enter the quarantine name.

      Mount Type

      Select the mount type from the dropdown list. The following options are available:

      Server Name/IP

      Enter the server fully qualified domain name (FQDN) or IP address.

      Share Path

      Enter the file share path. In the format /path1/path2.

      Username

      Enter a user name. For a domain user, use the format domain_name\user_name.

      Password

      Enter the password.

      Confirm Password

      Enter the password a second time for verification.

      Keep Original File At Current Location

      Select to keep the original file at the current location when a file is quarantined from a network share. By default, the original file is kept at its current location when being moved.

      NOTE: Configuring this setting may affect when the original files are kept, deleted and transferred after a network share scan. For detailed information, see Configure Network share to keep, delete or transfer files in the FortiSandbox Best Practice guide.

      Enable/Disable

      • Enable: Keep the original file at its network share location.

      • Disable: Allow FSA to delete the original file from the network share location.

      By default, the original file is kept at its current location.

      A Copy of Original File

      Select to keep the original file at the current network share location without change. By default, the original file is kept at its current location without change.

      A Placeholder File Showing File is Quarantined

      Select to allow FortiSandbox remove the original file from the network share location and .quarantine files generated for non CLEAN files.

      Description

      Enter an optional description for the quarantine location entry.

    4. Select OK to save the entry.
    To edit a quarantine:
    1. Go to Security Fabric > Quarantine.
    2. Select a quarantine.
    3. Click the Edit button from the toolbar.
    4. Make the necessary changes.
    5. Click OK to save the entry.
    To delete a quarantine:
    1. Go to Security Fabric > Quarantine.
    2. Select a quarantine.
    3. Click the Delete button from the toolbar.
    4. Click Yes I'm sure button from the Are you sure confirmation box.
    Previous
    Next