Creating a firewall policy on FortiSandbox
You can use the CLI console in FortiGate to configure a firewall policy, then specify the IP address of the FortiAnalyzer you want to monitor the FortiSandbox.
To configure FortiGate System settings:
- In the FortiGate device, click the CLI Console icon on the right side of the banner on any page.
- Specify the FortiSandbox in the global configuration:
config antivirus profile
edit "test"
set ftgd-analytics everything config http
set options scan avmonitor
end config ftp
set options scan avmonitor
end config imap
set options scan
end config pop3
set options scan
end config smtp
set options scan
end config nntp
set options scan
end
next
end
- Create an antivirus profile to allow FortiGate to submit all files scanned by AntiVirus to FortiSandbox. The following is a sample antivirus profile.
config firewall policy
edit 13
set name "to-server1"
set uuid 5107b480-3d19-51e8-f1c1-571602a6375b
set srcintf "lan"
set dstintf "wan1"
set srcaddr "net-local"
set dstaddr "server1"
set action accept
set schedule "always"
set service "ALL"
set utm-status enable
set logtraffic all
set fsso disable
set av-profile "test"
set ssl-ssh-profile "certificate-inspection"
set nat enable
next
end
- Use the antivirus profile in the firewall policy. The following is a sample firewall policy:
config firewall policy
edit 13
set name "to-server1"
set uuid 5107b480-3d19-51e8-f1c1-571602a6375b
set srcintf "lan"
set dstintf "wan1"
set srcaddr "net-local"
set dstaddr "server1"
set action accept
set schedule "always"
set service "ALL"
set utm-status enable
set logtraffic all
set fsso disable
set av-profile "test"
set ssl-ssh-profile "certificate-inspection"
set nat enable
next
end
- Specify the IP address of the FortiAnalyzer unit for FortiGate to send logs.
configure log fortianalyzer setting
set status enable
set server <ip address of FortiAnalyzer> set upload-option realtime
end