Fortinet black logo

Administration Guide

Home FortiSandbox 4.4.4 Administration Guide
4.4.4
4.4.5
4.4.4
4.4.3
4.4.2
4.4.1
4.4.0
4.2.7
4.2.6
4.2.5
4.2.4
4.2.3
4.2.2
4.2.1
4.2.0
4.0.5
4.0.4
4.0.3
4.0.2
4.0.1
4.0.0
3.2.4
3.2.3
3.2.2
3.2.1
3.2.0
3.1.5
3.1.4
3.1.3
3.1.2
3.1.1
3.1.0
3.0.7
3.0.6

Web Category

Web Category

The FortiSandbox queries the FortiGuard Web Filtering Service to determine the Web Category of the URL. There are more than 90 web categories described at: https://www.fortiguard.com/webfilter/categories

The FortiSandbox has set a default risk rating on all web categories. The following categories are configurable to override its default rating. The categories that are not listed are set to a Clean rating and cannot be overridden.

Default Rating

Web Categories
Low Risk

Abortion

Advocacy Organizations

Alcohol and Tobacco

Alcohol

Child Abuse *

Crypto Mining *

Dating

Discrimination *

Drug Abuse

Dynamic DNS *

Explicit Violence

Extremist Groups

Gambling

Grayware

Hacking

Homosexuality

Illegal or Unethical *

Malicious Websites

Marijuana

Newly Registered Domain *

Nudity and Risque

Occult *

Other Adult Materials

Phishing

Plagiarism *

Pornography *

Potentially Unwanted Program *

Spam URLs, Terrorism *

Tobacco

Weapons (Sales)

* Updated in 4.4.0 from Clean to Low Risk.
Clean URL Shortening

Using URL Pre-Filter settings

The URL Pre-filter feature uses the web filtering categories to skip the Dynamic scan to increase throughput. This feature is disabled by default and all URLs get forwarded to Dynamic scan.

When URL Pre-Filter is enabled, it will work together with the Scan Profile and Web Category settings.

Note

If the FortiSandbox has Real-Time Anti-Phishing service, URLs that are forwarded to Dynamic scan are also sent to the service to check for Phishing, Malicious or Spam websites. For more information, see Real Time Anti-Phishing.
Scenarios:

URL Sandboxing Pre-Filter is Disabled.

All URLs will be forwarded to Dynamic scan to check any suspicious behavior. Expect that the scan throughput will be slower.

URL Sandboxing Pre-Filter is Enabled.

  1. If the category of the URL is Unrated, Newly Observed Domain and Newly Registered Domain, the URL will be forwarded to Dynamic scan to check any suspicious behavior.
  2. Otherwise, the URL will not be forwarded to Dynamic Scan. The URL will be rated by Static Scan Engine using the default or overridden rating (see the example below).
Example

You can change the Gambling category from Low risk to Medium risk. Then, try to submit the URL http://www.lottolore.com/lotto649.html. The Job Report should show: Medium risk rating, Gambling category and Rated by Static Scan Engine.

Previous
Next

Web Category

The FortiSandbox queries the FortiGuard Web Filtering Service to determine the Web Category of the URL. There are more than 90 web categories described at: https://www.fortiguard.com/webfilter/categories

The FortiSandbox has set a default risk rating on all web categories. The following categories are configurable to override its default rating. The categories that are not listed are set to a Clean rating and cannot be overridden.

Default Rating

Web Categories
Low Risk

Abortion

Advocacy Organizations

Alcohol and Tobacco

Alcohol

Child Abuse *

Crypto Mining *

Dating

Discrimination *

Drug Abuse

Dynamic DNS *

Explicit Violence

Extremist Groups

Gambling

Grayware

Hacking

Homosexuality

Illegal or Unethical *

Malicious Websites

Marijuana

Newly Registered Domain *

Nudity and Risque

Occult *

Other Adult Materials

Phishing

Plagiarism *

Pornography *

Potentially Unwanted Program *

Spam URLs, Terrorism *

Tobacco

Weapons (Sales)

* Updated in 4.4.0 from Clean to Low Risk.
Clean URL Shortening

Using URL Pre-Filter settings

The URL Pre-filter feature uses the web filtering categories to skip the Dynamic scan to increase throughput. This feature is disabled by default and all URLs get forwarded to Dynamic scan.

When URL Pre-Filter is enabled, it will work together with the Scan Profile and Web Category settings.

Note

If the FortiSandbox has Real-Time Anti-Phishing service, URLs that are forwarded to Dynamic scan are also sent to the service to check for Phishing, Malicious or Spam websites. For more information, see Real Time Anti-Phishing.
Scenarios:

URL Sandboxing Pre-Filter is Disabled.

All URLs will be forwarded to Dynamic scan to check any suspicious behavior. Expect that the scan throughput will be slower.

URL Sandboxing Pre-Filter is Enabled.

  1. If the category of the URL is Unrated, Newly Observed Domain and Newly Registered Domain, the URL will be forwarded to Dynamic scan to check any suspicious behavior.
  2. Otherwise, the URL will not be forwarded to Dynamic Scan. The URL will be rated by Static Scan Engine using the default or overridden rating (see the example below).
Example

You can change the Gambling category from Low risk to Medium risk. Then, try to submit the URL http://www.lottolore.com/lotto649.html. The Job Report should show: Medium risk rating, Gambling category and Rated by Static Scan Engine.

Previous
Next