Fortinet black logo

Cookbook

Creating a firewall policy on FortiSandbox

6.2.0
Copy Link
Copy Doc ID 8ee8a6b6-7281-11e9-81a4-00505692583a:199949
Download PDF

Creating a firewall policy on FortiSandbox

You can use the CLI console in FortiGate to configure a firewall policy, then specify the IP address of the FortiAnalyzer you want to monitor the FortiSandbox.

To configure FortiGate System settings:
  1. In the FortiGate device, click the CLI Console icon on the right side of the banner on any page.
  2. Specify the FortiSandbox in the global configuration:

    config antivirus profile

    edit "test"

    set ftgd-analytics everything config http

    set options scan avmonitor

    end config ftp

    set options scan avmonitor

    end config imap

    set options scan

    end config pop3

    set options scan

    end config smtp

    set options scan

    end config nntp

    set options scan

    end

    next

    end

  3. Create an antivirus profile to allow FortiGate to submit all files scanned by AntiVirus to FortiSandbox. The following is a sample antivirus profile.

    config firewall policy

    edit 13

    set name "to-server1"

    set uuid 5107b480-3d19-51e8-f1c1-571602a6375b

    set srcintf "lan"

    set dstintf "wan1"

    set srcaddr "net-local"

    set dstaddr "server1"

    set action accept

    set schedule "always"

    set service "ALL"

    set utm-status enable

    set logtraffic all

    set fsso disable

    set av-profile "test"

    set ssl-ssh-profile "certificate-inspection"

    set nat enable

    next

    end

  4. Use the antivirus profile in the firewall policy. The following is a sample firewall policy:

    config firewall policy

    edit 13

    set name "to-server1"

    set uuid 5107b480-3d19-51e8-f1c1-571602a6375b

    set srcintf "lan"

    set dstintf "wan1"

    set srcaddr "net-local"

    set dstaddr "server1"

    set action accept

    set schedule "always"

    set service "ALL"

    set utm-status enable

    set logtraffic all

    set fsso disable

    set av-profile "test"

    set ssl-ssh-profile "certificate-inspection"

    set nat enable

    next

    end

  5. Specify the IP address of the FortiAnalyzer unit for FortiGate to send logs.

    configure log fortianalyzer setting

    set status enable

    set server <ip address of FortiAnalyzer> set upload-option realtime

    end

Creating a firewall policy on FortiSandbox

You can use the CLI console in FortiGate to configure a firewall policy, then specify the IP address of the FortiAnalyzer you want to monitor the FortiSandbox.

To configure FortiGate System settings:
  1. In the FortiGate device, click the CLI Console icon on the right side of the banner on any page.
  2. Specify the FortiSandbox in the global configuration:

    config antivirus profile

    edit "test"

    set ftgd-analytics everything config http

    set options scan avmonitor

    end config ftp

    set options scan avmonitor

    end config imap

    set options scan

    end config pop3

    set options scan

    end config smtp

    set options scan

    end config nntp

    set options scan

    end

    next

    end

  3. Create an antivirus profile to allow FortiGate to submit all files scanned by AntiVirus to FortiSandbox. The following is a sample antivirus profile.

    config firewall policy

    edit 13

    set name "to-server1"

    set uuid 5107b480-3d19-51e8-f1c1-571602a6375b

    set srcintf "lan"

    set dstintf "wan1"

    set srcaddr "net-local"

    set dstaddr "server1"

    set action accept

    set schedule "always"

    set service "ALL"

    set utm-status enable

    set logtraffic all

    set fsso disable

    set av-profile "test"

    set ssl-ssh-profile "certificate-inspection"

    set nat enable

    next

    end

  4. Use the antivirus profile in the firewall policy. The following is a sample firewall policy:

    config firewall policy

    edit 13

    set name "to-server1"

    set uuid 5107b480-3d19-51e8-f1c1-571602a6375b

    set srcintf "lan"

    set dstintf "wan1"

    set srcaddr "net-local"

    set dstaddr "server1"

    set action accept

    set schedule "always"

    set service "ALL"

    set utm-status enable

    set logtraffic all

    set fsso disable

    set av-profile "test"

    set ssl-ssh-profile "certificate-inspection"

    set nat enable

    next

    end

  5. Specify the IP address of the FortiAnalyzer unit for FortiGate to send logs.

    configure log fortianalyzer setting

    set status enable

    set server <ip address of FortiAnalyzer> set upload-option realtime

    end