Fortinet black logo

Cookbook

Adding sandbox inspection to security profiles

Copy Link
Copy Doc ID a4a06ec3-12a7-11e9-b86b-00505692583a:597805
Download PDF

Adding sandbox inspection to security profiles

You can apply sandbox inspection with three types of security inspection: antivirus, web filter, and FortiClient compliance profiles. In this step, you add sandbox to all FortiGate devices in the Security Fabric individually, using the profiles that each FortiGate applies to network traffic.

In order to pass the Advanced Threat Protection check, you must add sandbox inspection to antivirus profiles for all FortiGate devices in the Security Fabric.

  1. Go to Security Profiles > AntiVirus and edit the default profile.

  2. Under Inspection Options, set Send Files to FortiSandbox Appliance for Inspection to All Supported Files.

  3. Enable Use FortiSandbox Database, so that if the FortiSandbox discovers a threat, it adds a signature for that file to the antivirus signature database on the FortiGate.

  4. Go to Security Profiles > Web Filter and edit the default profile.

  5. Under Static URL Filter, enable Block malicious URLs discovered by FortiSandbox. If the FortiSandbox discovers a threat, the URL that threat came from is added to the list of URLs that are blocked by the FortiGate.

  6. Go to Security Profiles > FortiClient Compliance Profiles and edit the default profile. Enable Security Posture Check.

  7. Enable Realtime Protection and Scan with FortiSandbox.

Adding sandbox inspection to security profiles

You can apply sandbox inspection with three types of security inspection: antivirus, web filter, and FortiClient compliance profiles. In this step, you add sandbox to all FortiGate devices in the Security Fabric individually, using the profiles that each FortiGate applies to network traffic.

In order to pass the Advanced Threat Protection check, you must add sandbox inspection to antivirus profiles for all FortiGate devices in the Security Fabric.

  1. Go to Security Profiles > AntiVirus and edit the default profile.

  2. Under Inspection Options, set Send Files to FortiSandbox Appliance for Inspection to All Supported Files.

  3. Enable Use FortiSandbox Database, so that if the FortiSandbox discovers a threat, it adds a signature for that file to the antivirus signature database on the FortiGate.

  4. Go to Security Profiles > Web Filter and edit the default profile.

  5. Under Static URL Filter, enable Block malicious URLs discovered by FortiSandbox. If the FortiSandbox discovers a threat, the URL that threat came from is added to the list of URLs that are blocked by the FortiGate.

  6. Go to Security Profiles > FortiClient Compliance Profiles and edit the default profile. Enable Security Posture Check.

  7. Enable Realtime Protection and Scan with FortiSandbox.