Troubleshooting Dashboard warnings
In the Dashboard, the color of the Connectivity and Services icons indicates their status. When FortiSandbox is fully operational, the icons are green. When FortiSandbox detects a potential issue, the icons are yellow.
This topic provides troubleshooting recommendations for the following services:
Windows VM
When Windows VM is initializing, it is normal for the yellow icon to be displayed in the Dashboard. If the yellow icon persists, the Windows VM was not initialized successfully.
To troubleshoot a Windows VM:
Issue |
Recommendations |
Description |
---|---|---|
VM image not installed |
Go to Scan Policy and Object > VM Settings. Or Run the folling CLI command to display the installed VM images:
|
Verify that Windows VM images are installed and at least one is enabled and the clone number is not zero. |
Invalid Windows license key |
Run the following CLI command: |
Check that a Windows 8 image in Optional VMs group is enabled. If not, a valid Windows 8 key should be purchased and installed. |
Microsoft server failed to activate | Go to Log & Report > Events > VM Events or All Events. |
Verify the logs from the time of the system boot up. For example, errors from Microsoft activation server may help you find the cause of failed activation. |
FortiGuard connectivity servers
FortiGuard connectivity servers include FDN update, community cloud, or web filtering.
To troubleshoot connectivity servers:
Issue |
Recommendations |
Description |
---|---|---|
Invalid Antivirus DB and Web Filtering Contracts |
Go to Dashboard > Status. |
Verify Antivirus DB Contract and Web Filtering Contract on Dashboard are valid. If the contracts are valid, the unit may have a bad network connection to external FortiGuard services. |
The network is blocking the ping |
Run the CLI command:
|
This can provide detailed information about the network condition. Sometimes the network is blocking the ping and errors about the ping are expected. The output shows connection speed and connectivity to related servers. |
Firewall is blocking web filtering query |
Additionally, enable Use override server port of the community cloud server query and select port 8888 in the Community Cloud & Threat Intelligence Settings section. |
Check to see if the firewalls are configured to block packets to UDP port 53. This blocks the web filtering query. |
VM Internet access
A yellow icon means the Windows VM cannot access the Internet through port3. This affects the catch rate even if FortiSandbox has a SIMNET feature. For example, the Downloader type for malware needs access to an outside network to download a malicious payload.
To verify the VM is using port3 to connect to the Internet:
- Go to Scan Policy and Object > General Settings.
- Verify Allow Virtual Machines to access external network through outgoing port is enabled.
- Verify the Gateway is valid and can access the Internet.
If no DNS server is set, the system DNS is used. - Run the following command to show network condition through port3.
test-network