FortiOS 5.4 Online Help Link FortiOS 5.2 Online Help Link FortiOS 5.0 Online Help Link FortiOS 4.3 Online Help Link

Home

Video

FortiGuard

Fuse

KB

Support

  • All Files

Home > Online Help

FortiSandbox

A key part of Fortinet’s Advanced Threat Protection (ATP) solution, FortiSandbox is designed to detect and analyze advanced attacks designed to bypass traditional security defenses. This log view can be filtered by Checksum, File Name, Source IP, Status, and User Name.

The following are features of FortiSandbox:

Protects against advanced threats: Scans files on the network, in emails, in URLs, in network file share locations, and on-demand. Protects against advanced email threats, Windows threats, Office threats, zip threats, pdf threats, mobile threats, and more.

Inspects across all Operating Environments: Code emulation examines and runs instruction sets to assess intended activity independent of operating environment for broader security coverage.

Examines activity, rather than attributes: Executes objects within a secure virtual runtime environment (“sandbox”) to analyze activity — system changes, exploit efforts, site visits, subsequent downloads, botnet communications and more — to expose sophisticated threats.

Analysis and signature creation: Any malicious traffic that FortiSandbox receives will be forwarded to FortiGuard for further analysis and signature creation, which is made available to the Fortinet Distribution Network (FDN), usually within 24 hours. Once your FortiGate downloads this latest update, any similar malicious files in the future will also be blocked.

Pre-filters to deliver fast results: Leverage Fortinet’s proactive anti-malware (consistently top-rated in VB100 RAP tests) and extended database as well as additional patented advanced threat intelligence techniques to detect a large percentage of advanced threats without the time and effort of full “sandboxing”.

Provides rich threat intelligence: Uncover information related to the full threat lifecycle, not just initial code. Trigger automated and manual response in other Fortinet products to mitigate incidents. Opt in to share intelligence with FortiGuard Labs for automated security updates to boost the protection delivered through your entire Fortinet security ecosystem.

Delivers Officially Licensed Microsoft Components: Product comes with Microsoft Windows, Internet Explorer, and Office embedded licenses, confirmed approved for use in virtual environments unlike other sandbox solutions.

Setup

The following steps will show you how to configure the FortiSandbox log view on your FortiGate:

  • From the FortiGate GUI, go to System > Config > FortiSandbox, and select Enable Sandbox Inspection. At this point you can either select FortiSandbox Appliance, and enter the IP address and notifier email address of a FortiSandbox device, or you can select FortiSandbox Cloud. Enabling this option will assign your FortiCloud Account. Once you have selected which method you wish to use, select Apply.
  •  

Scenario:

 

 

Copyright © 2018 Fortinet, Inc. All Rights Reserved. | Terms of Service | Privacy Policy