Upload malicious and suspicious file information to Sandbox community Cloud
|
Enable to upload malicious and suspicious file information to the Sandbox community Cloud. If enabled, the file checksum, tracer log, verdict, submitting device serial number, downloading URL, and original files are uploaded.
|
Submit suspicious URL to Fortinet WebFilter Service
|
Enable to submit malware downloading URL to the FortiGuard Web Filter Service.
|
Allow Virtual Machines to access external network through outgoing port3
|
Enable to allow Virtual Machines to access external network through the outgoing port3.
If the VM cannot access the outside network, a simulated network (SIMNET) will start by default. SIMNET provides responses of popular network services, like http where certain malware is expected. If the VM internet access is down, beside the down icon, SIMNET status is displayed. Clicking it will enter the VM network configuration page. Note: SIMNET is not a real internet. This can affect catch rate. Do not to have an IP from the production IP pool for the IP assignment on port3 because there is a chance it will get added to the blocklist.
FortiSandbox VM accesses external network through port3. The next-hop gateway and DNS settings can be configured in Scan Policy > General > Allow Virtual Machines to access external network through outgoing port3.
|
|
Status
|
Port3 status to access the Internet.
|
|
Gateway
|
Enter the next hop gateway IP address.
|
|
Disable SIMNET if Virtual Machines are not able to access external network through outgoing port3
|
Enable to disable SIMNET when Virtual Machines are not able to access external network through the outgoing port3.
|
|
DNS
|
DNS server used by VM images when a file is scanned.
|
|
Use Proxy
|
Enable to use the proxy. Configure the Proxy Type, Server Name/IP, Port, Proxy Username, and Proxy Password.
When the proxy server is enabled, all the non UDP outgoing traffic started from Sandbox VM will be directed to the proxy server.
When a proxy server is used, if the proxy server type is not SOCKS, the system level DNS server is used. If the type is SOCKS5, users need to configure an external DNS server that port3 can access.
For other traffic started by FortiSandbox firmware, such as FortiGuard Distribution Network (FDN) upgrades, the configurations should be done under the Network menu.
|
|
Proxy Type
|
Select the proxy type from the dropdown list. The following options are available:
- HTTP Connect
- HTTP Relay
- SOCKS v4
- SOCKS v5; requires DNS
UDP protocol is not supported.
|
|
Server Name/IP
|
Enter the proxy server name or IP address.
|
|
Port
|
Enter the proxy server port number.
|
|
Proxy Username
|
Enter a proxy username.
|
|
Proxy Password
|
Enter the proxy password.
|
Apply default passwords to extract archive files
|
User can define a list of passwords that can be tried to extract archive files. Input passwords line by line.
|
Disable Community Cloud Query
|
By default the Cloud Query is enabled. Disable the Cloud Query in the following scenarios:
- You have an enclosed environment. Disabling the Cloud Query will improve the scan speed.
- You receive an incorrect verdict from the Cloud Query and before Fortinet fixes it, you can turn it off temporarily.
|
Disable AV Rescan of finished Jobs
|
AV signature updates are frequent (every hour). Running an AV rescan against finished jobs of the last 48 hours could hinder performance. You have the option to disable the AV Rescan to improve performance.
|
Enable URL call back detection
|
Enable URL call back detection. When enabled, previously detected clean URLs in sniffered traffic are frequently queried against Web Filtering service.
|
Enable log event of file submission
|
Enable to log the file submission events of an input source.
|
|
Devices
|
Select to log the file submission events of a device, like FortiGate, FortiMail or FortiClient.
|
|
Adapter
|
Select to log the file submission events from an adapter like a Carbon Black server.
|
|
Network Share
|
Select to log the file submission events when they are from a network share.
|
|
BCC Adapter
|
Select to log the file submission events from a BCC client.
|
|
ICAP
|
Select to log the file submission events from an ICAP client.
|
Reject duplicate file from device
|
Enable to reject duplicate files from devices.
|
Delete original files of Clean or Other rating after
|
Enable to delete original files of Clean or Other ratings after a specified time. If the time is 0, the original files with either Clean or Other ratings will not be kept on the system. Original files of Clean or Other rating can be kept in system for a maximum of 4 weeks.
|
|
Day
|
Enter the day.
|
|
Hour
|
Enter the hour.
|
|
Minute
|
Enter the minute.
|
Delete original files of Malicious or Suspicious rating after
|
Enable to delete original files of Malicious or Suspicious ratings after a specified time.
|
|
Day
|
Enter the day.
|
|
Hour
|
Enter the hour.
|
|
Minute
|
Enter the minute.
|
Delete all traces of jobs of Clean or Other rating after
|
Enable to delete all traces of jobs of Clean or Other ratings after a specified time. Traces of jobs with Clean or Other rating can be kept in system for a maximum of 4 weeks.
|
|
Day
|
Enter the day.
|
|
Hour
|
Enter the hour.
|
|
Minute
|
Enter the minute.
|
Delete all traces of jobs of Malicious or Suspicious after
|
Enable to delete all traces of jobs of Malicious or Suspicious ratings after a specified time.
|
|
Day
|
Enter the day.
|
|
Hour
|
Enter the hour.
|
|
Minute
|
Enter the minute.
|