Fortinet black logo

Administration Guide

Home FortiSASE Administration Guide

Sandbox

Sandbox

To configure the Sandbox tab:
  1. Create a new profile or edit an existing one:
    1. Go to Configuration > Profiles.
    2. Click Create or edit an existing profile.
    3. In the Name field, enter the desired name of the endpoint profile.
  2. On the Sandbox tab, configure the following. This feature only works for endpoints where Sandbox Detection was enabled when installing FortiClient. Configure the following options:

    Options

    Description

    Sandbox Mode

    Select FortiSASE to configure connection to FortiSASE Sandbox or Standalone FortiSandbox to configure connection to an on-premise standalone FortiSandbox.

    IP address/Hostname

    For a standalone FortiSandbox, enter the FortiSandbox's IP address, FQDN, or hostname.

    Username

    Optional. Enter the FortiSandbox username. This option is only available for a standalone FortiSandbox.

    Password

    Optional. Enter the FortiSandbox password. This option is only available for a standalone FortiSandbox.

    Region

    FortiSASE Sandbox region.

    Time Offset

    FortiSASE Sandbox time offset.

    File Submission Options

    All Files Executed from Removable Media

    Submit all files executed on removable media, such as USB drives, to FortiSandbox for analysis.

    All Files Executed from Mapped Network Drives

    Submit all files executed from mapped network drives.

    All Web Downloads

    Submit all web downloads.

    All Email Downloads

    Submit all email downloads.

    Remediation Actions

    Action

    Choose Quarantine or Alert & Notify for infected files. Whether FortiClient quarantines the file depends on if FortiSandbox reports the file as malicious and the Sandbox Detection Verdict Level setting.

    Sandbox Detection Verdict Level

    Select the desired detection verdict level. For FortiClient to apply the action selected in the Action field to an infected file, FortiSandbox must detect the file as this level or higher. For example, if Action is configured as Quarantine and FortiSandbox Detection Verdict Level is configured as Medium, FortiClient quarantines all infected files that FortiSandbox detects as Medium or a higher level (High or Malicious). FortiClient does not quarantine files for which FortiSandbox returns a verdict below this level (Low Risk or Clean).

    Exceptions

    Exclude Files from Trusted Sources

    Exclude files signed by trusted sources from FortiSandbox submission. Following is a list of sources that FortiSandbox trusts:

    • Microsoft
    • Fortinet
    • Mozilla
    • Windows
    • Google
    • Skype
    • Apple
    • Yahoo!
    • Intel

    Exclude Specified Folders/Files

    Exclude specified folders/files from FortiSandbox submission. You must also create the exclusion list.

Previous
Next

Sandbox

To configure the Sandbox tab:
  1. Create a new profile or edit an existing one:
    1. Go to Configuration > Profiles.
    2. Click Create or edit an existing profile.
    3. In the Name field, enter the desired name of the endpoint profile.
  2. On the Sandbox tab, configure the following. This feature only works for endpoints where Sandbox Detection was enabled when installing FortiClient. Configure the following options:

    Options

    Description

    Sandbox Mode

    Select FortiSASE to configure connection to FortiSASE Sandbox or Standalone FortiSandbox to configure connection to an on-premise standalone FortiSandbox.

    IP address/Hostname

    For a standalone FortiSandbox, enter the FortiSandbox's IP address, FQDN, or hostname.

    Username

    Optional. Enter the FortiSandbox username. This option is only available for a standalone FortiSandbox.

    Password

    Optional. Enter the FortiSandbox password. This option is only available for a standalone FortiSandbox.

    Region

    FortiSASE Sandbox region.

    Time Offset

    FortiSASE Sandbox time offset.

    File Submission Options

    All Files Executed from Removable Media

    Submit all files executed on removable media, such as USB drives, to FortiSandbox for analysis.

    All Files Executed from Mapped Network Drives

    Submit all files executed from mapped network drives.

    All Web Downloads

    Submit all web downloads.

    All Email Downloads

    Submit all email downloads.

    Remediation Actions

    Action

    Choose Quarantine or Alert & Notify for infected files. Whether FortiClient quarantines the file depends on if FortiSandbox reports the file as malicious and the Sandbox Detection Verdict Level setting.

    Sandbox Detection Verdict Level

    Select the desired detection verdict level. For FortiClient to apply the action selected in the Action field to an infected file, FortiSandbox must detect the file as this level or higher. For example, if Action is configured as Quarantine and FortiSandbox Detection Verdict Level is configured as Medium, FortiClient quarantines all infected files that FortiSandbox detects as Medium or a higher level (High or Malicious). FortiClient does not quarantine files for which FortiSandbox returns a verdict below this level (Low Risk or Clean).

    Exceptions

    Exclude Files from Trusted Sources

    Exclude files signed by trusted sources from FortiSandbox submission. Following is a list of sources that FortiSandbox trusts:

    • Microsoft
    • Fortinet
    • Mozilla
    • Windows
    • Google
    • Skype
    • Apple
    • Yahoo!
    • Intel

    Exclude Specified Folders/Files

    Exclude specified folders/files from FortiSandbox submission. You must also create the exclusion list.

Previous
Next