Connecting a FortiGate to FortiSandbox
- Connect the FortiSandbox Appliance to your FortiGate so that port 1 and port 3 on the FortiSandbox are on different subnets.
|FortiSandbox port 3 is used for outgoing communication triggered by the execution of the files under analysis. It is recommended to connect this port to a dedicated interface on your FortiGate to protect the rest of the network from threats currently being investigated by the FortiSandbox.|
- FortiSandbox port 3 must be able to connect to the Internet. On the FortiGate, go to Policy & Objects > IPv4 Policy and create a policy allowing connections from the FortiSandbox to the Internet (using the isolated interface on the FortiGate mentioned above).
- On the FortiSandbox, go to Network > System Routing and add static routes for port 1 and port 3.
- On the FortiSandbox, go to Dashboard and locate the System Information widget. Now that the FortiSandbox has Internet access, it can activate its VM licenses. Wait until a green arrow shows up beside Windows VM before continuing to the next step.
- On the FortiGate, go to System > Cooperative Security Fabric. Select Enable Sandbox Inspection and select FortiSandbox Appliance. Set the IP Address and enter a Notifier Email. If you select Test Connectivity, the Status shows as Service is not configured because the FortiGate has not been authorized to connect to the FortiSandbox.
- On the FortiSandbox, go to File Detection >Summary Report and select the Device from the drop-down list. Edit the entry for the FortiGate. Under Permissions, enable Authorized.
- On the FortiGate, go to System > Cooperative Security Fabric and for FortiSandbox select Test Connectivity. The Status now shows that Service is online.
Once the FortiGate is connected to FortiSandbox, an AntiVirus profile can be configured to send suspicious files for inspection. Sandbox integration can also be configured, for more information see Sandbox Integration.
Before you can connect a FortiGate to FortiSandbox Cloud, you need an active FortiCloud account. For more information, see the FortiCloud documentation.
Once you have created a FortiCloud account, sandbox inspection should be enabled by default. To verify this, go to System > Cooperative Security Fabricand make sure Enable Sandbox Inspection is selected and set to FortiSandbox Cloud.
To see the results from FortiSandbox Cloud in the FortiGate logs, go to Log & Report > Log Settings and make sure Send Logs to FortiCloud is enabled and GUI Preferences is set to Display Logs from FortiCloud.
Now that the FortiGate is connected to FortiSandbox, an AntiVirus profile can be configured to send suspicious files for inspection. Sandbox integration can also be configured, for more information see Sandbox Integration.