Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

Network Share

FortiSandbox can scan files stored on a network share and optionally quarantine any malicious files. Go to Scan Input > Network Share to view and configure network share information.

Network share scans can be scheduled or run on-demand, and connectivity with the network share can be tested.

The following options are available:

Create New

Click to create a new network share.

Edit

Select an entry from the list and then click Edit in the toolbar to edit the entry selected.

Delete

Select an entry from the list and then click Delete in the toolbar to remove the entry selected.

Scan Now

Select an entry from the list and then click Scan Now in the toolbar to scan the entries.

Scan Details

Select an entry from the list and then click Scan Details in the toolbar to view the scheduled scan entries.

Test Connection

Select an entry from the list and then click Test Connection in the toolbar to test the connection. Result message will be displayed in the top message bar.

The following information is displayed:

Name

The name of the network share.

Scan Scheduled

The scan scheduled status. Scheduled network scans are done in parallel.

Type

The mount type.

Share Path

The file share path.

Quarantine

Displays if quarantine is enabled status.

Enabled

Displays if the network share is enabled. If a network share is disabled, its scheduled scan will not be executed.

Status

Displays the network share status. One of the following states:

  • Network is Accessible
  • Network Down
To create a new network share:
  1. Go to Scan Input > Network Share.
  2. Click the + Create New button from the toolbar.
  3. Configure the following options:

     

    Enabled

    Select to enable network share configuration. If network share is not enabled, its scheduled scan will not run.

     

    Network Share Name

    Enter the network share name.

     

    Mount Type

    Select the mount type from the drop-down list. The following options are available:

    • CIFS (SMB v1.0, v2.0, v2.1, v3.0)

      For Microsoft DFS, CIFS mount type should be used, and only SMB v1.0 is supported.

    • NFSv2
    • NFSv3
    • NFSv4
    • Azure File Share
    • AWS S3

      For domain-based DFS namespace, the domain name should be able to be resolved with the system Primary DNS server.

    SMB and NFS Settings

     

    Server Name/IP

    Enter the server fully qualified domain name (FQDN) or IP address.

    Share Path

    Enter the file share path. In the format /path1/path2

    Username

    Enter a user name. For a domain users, use format domain_name\user_name.

    Password

    Enter the password.

    Confirm Password

    Enter the password a second time for verification.

     

     

    Azure File Share Settings

     

     

    Domain of the Share URL

    Enter the Azure file share URL's domain name, found in the Azure server's menu at Storage Accountsstorage account nameSettingsPropertiesURL.

    Path of the Share URL

    Enter the path of the URL, found in the Azure server's menu at Storage Accounts > storage accounts nameFile ServiceFiles > Share path starting with /.

    Name of the Storage Account

    Enter the name of the storage account, found in the Azure server's menu at Storage Accountstorage account name.

    Access Key of the Account

    Enter the access key of the account, found in the Azure server's menu at Storage Accountstorage account nameSettingsAccess Keys.

    Confirm Access Key

    Confirm the access key.

    AWS S3 Settings

    AWS S3 Bucket Name

    Enter the bucket name, found in the AWS management console in the S3 Service page.

     

    S3 Bucket Folder Path

    Enter the folder's path, starting with /.

     

    AWS IAM Access Key ID

    Enter the access key ID. To find the key ID, go to the AWS management console, click on the username in the top-right of the page, then click the Security Credentials link to generate the access key ID.

     

    Secret Access Key

    Enter the secret key matching the access key ID. The secret access key is displayed when you generate the access key ID.

     

    Confirm Secret Access Key

    Confirm the secret access key.

    Scan Files Of Specified Pattern

    Select to include or exclude files which match a file name pattern.

    File Name Pattern

    Enter the file name pattern.

     

    Scan Job Priority

    When multiple network share scans run at the same time, the higher priority scans will get more scan power compared to those having lower priority. The priority can be set to High, Medium (default), or Low.

     

    Keep A Copy Of Original File On FortiSandbox

    Select to keep a copy of the original file on FortiSandbox.

     

    Skip Sandboxing for the same unchanged files

    Select to skip Sandboxing scan on existing files (if applicable) and only Sandboxing scan new files. Existing files will only be scanned by AntiVirus engine and Community Cloud query. This is to improve scan speed.

     

    Enable Quarantine of Malicious Files

    Select to enable quarantine then select the quarantine location from the dropdown list. Files with a Malicious rating will be quarantined in the quarantine location.

    Quarantined file is placed inside a folder with the name of the Job ID. Inside the folder each quarantined file is renamed with the corresponding Job ID for that particular file and a meta file with more information.

     

    Enable Quarantine of Suspicious - High Risk Files

    Select to enable quarantine of Suspicious High Risk files, then select the quarantine location from the dropdown list. Files with a High Risk rating will be quarantined in the quarantine location.

    Quarantined file is placed inside a folder with the name of the Job ID. Inside the folder each quarantined file is renamed with the corresponding Job ID for that particular file and a meta file with more information.

     

    Enable Quarantine of Suspicious - Medium Risk Files

    Select to enable quarantine of Suspicious Medium Risk files, then select the quarantine location from the drop-down list. Files with a Medium Risk rating will be quarantined in the quarantine location.

    Quarantined file is placed inside a folder with the name of the Job ID. Inside the folder each quarantined file is renamed with the corresponding Job ID for that particular file and a meta file with more information.

     

    Enable Quarantine of Suspicious - Low Risk Files

    Select to enable quarantine of Suspicious Low Risk files, then select the quarantine location from the drop-down list. Files with a Low Risk rating will be quarantined in the quarantine location.

    Quarantined file is placed inside a folder with the name of the Job ID. Inside the folder each quarantined file is renamed with the corresponding Job ID for that particular file and a meta file with more information.

     

    Enable Quarantine of Other rating files

    Select to enable quarantine of Other Rating files, then select the quarantine location from the drop-down list. Files with a Other rating , which means the scan was not completed for some reason, will be quarantined in the quarantine location.

    Quarantined file is placed inside a folder with the name of the Job ID. Inside the folder each quarantined file is renamed with the corresponding Job ID for that particular file and a meta file with more information.

     

    Enable moving clean files to a sanitized location

    Select to move Clean rating files to another location. By default, a new folder is created for each scheduled scan job in the sanitized location and all clean files are copied under it with the original folder structure. To save storage size, the user can un-check Keep a complete copy of clean files for every scheduled scan, then files of the same path will have only one copy saved in the sanitized location.

     

    Enable Scheduled Scan

    Select to enable scheduled scan. Select the schedule type from the drop-down list. Select the minute or hour from the second drop-down list.

     

    Description

    Enter an optional description for the network share entry.

    When a file is moved, to leave a copy in its original location, the user can go to the Quarantine edit page or sanitized share and select the Keep Original File At Current Location checkbox.

  4. Select OK to save the entry.
To run a network share scan immediately:
  1. Go to Scan Input > Network Share.
  2. Select a share.
  3. Click the Scan Now button to run the scan immediately.
To test network share connectivity:
  1. Go to Scan Input > Network Share.
  2. Select a share.
  3. Click Test Connection to test connectivity with the network share.

Network Share

FortiSandbox can scan files stored on a network share and optionally quarantine any malicious files. Go to Scan Input > Network Share to view and configure network share information.

Network share scans can be scheduled or run on-demand, and connectivity with the network share can be tested.

The following options are available:

Create New

Click to create a new network share.

Edit

Select an entry from the list and then click Edit in the toolbar to edit the entry selected.

Delete

Select an entry from the list and then click Delete in the toolbar to remove the entry selected.

Scan Now

Select an entry from the list and then click Scan Now in the toolbar to scan the entries.

Scan Details

Select an entry from the list and then click Scan Details in the toolbar to view the scheduled scan entries.

Test Connection

Select an entry from the list and then click Test Connection in the toolbar to test the connection. Result message will be displayed in the top message bar.

The following information is displayed:

Name

The name of the network share.

Scan Scheduled

The scan scheduled status. Scheduled network scans are done in parallel.

Type

The mount type.

Share Path

The file share path.

Quarantine

Displays if quarantine is enabled status.

Enabled

Displays if the network share is enabled. If a network share is disabled, its scheduled scan will not be executed.

Status

Displays the network share status. One of the following states:

  • Network is Accessible
  • Network Down
To create a new network share:
  1. Go to Scan Input > Network Share.
  2. Click the + Create New button from the toolbar.
  3. Configure the following options:

     

    Enabled

    Select to enable network share configuration. If network share is not enabled, its scheduled scan will not run.

     

    Network Share Name

    Enter the network share name.

     

    Mount Type

    Select the mount type from the drop-down list. The following options are available:

    • CIFS (SMB v1.0, v2.0, v2.1, v3.0)

      For Microsoft DFS, CIFS mount type should be used, and only SMB v1.0 is supported.

    • NFSv2
    • NFSv3
    • NFSv4
    • Azure File Share
    • AWS S3

      For domain-based DFS namespace, the domain name should be able to be resolved with the system Primary DNS server.

    SMB and NFS Settings

     

    Server Name/IP

    Enter the server fully qualified domain name (FQDN) or IP address.

    Share Path

    Enter the file share path. In the format /path1/path2

    Username

    Enter a user name. For a domain users, use format domain_name\user_name.

    Password

    Enter the password.

    Confirm Password

    Enter the password a second time for verification.

     

     

    Azure File Share Settings

     

     

    Domain of the Share URL

    Enter the Azure file share URL's domain name, found in the Azure server's menu at Storage Accountsstorage account nameSettingsPropertiesURL.

    Path of the Share URL

    Enter the path of the URL, found in the Azure server's menu at Storage Accounts > storage accounts nameFile ServiceFiles > Share path starting with /.

    Name of the Storage Account

    Enter the name of the storage account, found in the Azure server's menu at Storage Accountstorage account name.

    Access Key of the Account

    Enter the access key of the account, found in the Azure server's menu at Storage Accountstorage account nameSettingsAccess Keys.

    Confirm Access Key

    Confirm the access key.

    AWS S3 Settings

    AWS S3 Bucket Name

    Enter the bucket name, found in the AWS management console in the S3 Service page.

     

    S3 Bucket Folder Path

    Enter the folder's path, starting with /.

     

    AWS IAM Access Key ID

    Enter the access key ID. To find the key ID, go to the AWS management console, click on the username in the top-right of the page, then click the Security Credentials link to generate the access key ID.

     

    Secret Access Key

    Enter the secret key matching the access key ID. The secret access key is displayed when you generate the access key ID.

     

    Confirm Secret Access Key

    Confirm the secret access key.

    Scan Files Of Specified Pattern

    Select to include or exclude files which match a file name pattern.

    File Name Pattern

    Enter the file name pattern.

     

    Scan Job Priority

    When multiple network share scans run at the same time, the higher priority scans will get more scan power compared to those having lower priority. The priority can be set to High, Medium (default), or Low.

     

    Keep A Copy Of Original File On FortiSandbox

    Select to keep a copy of the original file on FortiSandbox.

     

    Skip Sandboxing for the same unchanged files

    Select to skip Sandboxing scan on existing files (if applicable) and only Sandboxing scan new files. Existing files will only be scanned by AntiVirus engine and Community Cloud query. This is to improve scan speed.

     

    Enable Quarantine of Malicious Files

    Select to enable quarantine then select the quarantine location from the dropdown list. Files with a Malicious rating will be quarantined in the quarantine location.

    Quarantined file is placed inside a folder with the name of the Job ID. Inside the folder each quarantined file is renamed with the corresponding Job ID for that particular file and a meta file with more information.

     

    Enable Quarantine of Suspicious - High Risk Files

    Select to enable quarantine of Suspicious High Risk files, then select the quarantine location from the dropdown list. Files with a High Risk rating will be quarantined in the quarantine location.

    Quarantined file is placed inside a folder with the name of the Job ID. Inside the folder each quarantined file is renamed with the corresponding Job ID for that particular file and a meta file with more information.

     

    Enable Quarantine of Suspicious - Medium Risk Files

    Select to enable quarantine of Suspicious Medium Risk files, then select the quarantine location from the drop-down list. Files with a Medium Risk rating will be quarantined in the quarantine location.

    Quarantined file is placed inside a folder with the name of the Job ID. Inside the folder each quarantined file is renamed with the corresponding Job ID for that particular file and a meta file with more information.

     

    Enable Quarantine of Suspicious - Low Risk Files

    Select to enable quarantine of Suspicious Low Risk files, then select the quarantine location from the drop-down list. Files with a Low Risk rating will be quarantined in the quarantine location.

    Quarantined file is placed inside a folder with the name of the Job ID. Inside the folder each quarantined file is renamed with the corresponding Job ID for that particular file and a meta file with more information.

     

    Enable Quarantine of Other rating files

    Select to enable quarantine of Other Rating files, then select the quarantine location from the drop-down list. Files with a Other rating , which means the scan was not completed for some reason, will be quarantined in the quarantine location.

    Quarantined file is placed inside a folder with the name of the Job ID. Inside the folder each quarantined file is renamed with the corresponding Job ID for that particular file and a meta file with more information.

     

    Enable moving clean files to a sanitized location

    Select to move Clean rating files to another location. By default, a new folder is created for each scheduled scan job in the sanitized location and all clean files are copied under it with the original folder structure. To save storage size, the user can un-check Keep a complete copy of clean files for every scheduled scan, then files of the same path will have only one copy saved in the sanitized location.

     

    Enable Scheduled Scan

    Select to enable scheduled scan. Select the schedule type from the drop-down list. Select the minute or hour from the second drop-down list.

     

    Description

    Enter an optional description for the network share entry.

    When a file is moved, to leave a copy in its original location, the user can go to the Quarantine edit page or sanitized share and select the Keep Original File At Current Location checkbox.

  4. Select OK to save the entry.
To run a network share scan immediately:
  1. Go to Scan Input > Network Share.
  2. Select a share.
  3. Click the Scan Now button to run the scan immediately.
To test network share connectivity:
  1. Go to Scan Input > Network Share.
  2. Select a share.
  3. Click Test Connection to test connectivity with the network share.