Fortinet black logo

Administration Guide

FortiAI

Copy Link
Copy Doc ID 4f5c3194-0b50-11ec-a4c4-00505692583a:152318
Download PDF

FortiAI

FortiSandbox can use FortiAI as one method to generate verdicts. If FortiAI rates a file as clean, and all other methods gives that file a clean verdict, then FortiSandbox will not go into VM scan. If FortiAI rates a file as malicious or high risk, then FortiSandbox will also rate it as malicious or high risk. For all other FortiAI ratings, FortiSandbox follows the regular scan flow and give a final verdict after using all methods including VM scan.

Prerequisites
  • FortiAI server is installed and licensed.
  • FortiAI is higher than v1.5.0 build 0104.
  • You have the token from FortiAI System > Administrator > Edit > API Key.
To configure FortiAI as a verdict method:
  1. Go to Security Fabric > FortiAI.
  2. Click Enable.

  3. Configure the following options.

    Server IP

    IP address of FortiAI server.

    Token

    The token from FortiAI System > Administrator > Edit > API Key.

    Rating Timeout (Seconds)

    The maximum time to wait for FortiAI to give a verdict. If a file does not get a verdict from FortiAI by this time, the file goes into normal scan flow.

    Uploading Timeout (Seconds)

    The maximum time to upload a file to FortiAI. If a file does not upload to FortiAI by this time, the file goes into normal scan flow.

    Maximum File Size (KB)

    The maximum file size to upload to FortiAI. Oversize files are not sent to FortiAI, they continue with regular scan flow.

  4. Go to Scan Policy and Object > Scan Profile > Pre-Filter.
  5. Enable FortiAI entrust and click Apply.

FortiAI

FortiSandbox can use FortiAI as one method to generate verdicts. If FortiAI rates a file as clean, and all other methods gives that file a clean verdict, then FortiSandbox will not go into VM scan. If FortiAI rates a file as malicious or high risk, then FortiSandbox will also rate it as malicious or high risk. For all other FortiAI ratings, FortiSandbox follows the regular scan flow and give a final verdict after using all methods including VM scan.

Prerequisites
  • FortiAI server is installed and licensed.
  • FortiAI is higher than v1.5.0 build 0104.
  • You have the token from FortiAI System > Administrator > Edit > API Key.
To configure FortiAI as a verdict method:
  1. Go to Security Fabric > FortiAI.
  2. Click Enable.

  3. Configure the following options.

    Server IP

    IP address of FortiAI server.

    Token

    The token from FortiAI System > Administrator > Edit > API Key.

    Rating Timeout (Seconds)

    The maximum time to wait for FortiAI to give a verdict. If a file does not get a verdict from FortiAI by this time, the file goes into normal scan flow.

    Uploading Timeout (Seconds)

    The maximum time to upload a file to FortiAI. If a file does not upload to FortiAI by this time, the file goes into normal scan flow.

    Maximum File Size (KB)

    The maximum file size to upload to FortiAI. Oversize files are not sent to FortiAI, they continue with regular scan flow.

  4. Go to Scan Policy and Object > Scan Profile > Pre-Filter.
  5. Enable FortiAI entrust and click Apply.