Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

TCP RST package

Go to Scan Policy and Object > TCP RST Package to view the FortiSandbox Sniffer TCP RST list.

The following options are available:

Refresh

Refresh the TCP RST Package list.

View

Select a package version number and click the View button from the toolbar. The following information is displayed:

  • Job Detail: View the downloaded file's detailed information.
  • Remove from TCP RST package: If marked, the URL will be removed from future TCP RST packages.
  • Detected: The date and time that the item was detected.
  • Host/IP: From where the URL is from.
  • URL: The URL in the package.
  • Rating: The risk rating of the downloaded file.

Package Options

Configure how the packages are generated.

Download Blocklist

Download the FSA Detected Blocklist or Custom Blocklist.

Upload Custom Blocklist

Upload a user-defined blocklist to FortiSandbox.

File requirements:

  • Text files are supported
  • One URL per line
  • URLs, IPs and domains are supported

Example:

http://www.example.com

www.test.net

http://66.77.88.99

11.22.33.44

After the file is uploaded it will overwrite previous versions of the custom blocklist if there are any.

In an HA Cluster , the custom blocklist will only be synced to a new primary node when failover occurs.

Delete Custom Blocklist

Delete a user-defined blocklist.

The TCP RST Package page displays the following information:

Version

The TCP RST package version.

Release Time

The TCP RST package release time.

Total

The total number of URLs inside the package.

To configure a TCP RST package:
  1. Go to Scan Policy and Object > TCP RST Package.
  2. Click Package Options and configure the following settings.

    Includes past 14 day(s) of dataEnter a value between 1-365 days.
    Includes job data of the following ratingsSelect Malicious, High Risk or Medium Risk.
  3. Click OK.

TCP RST package

Go to Scan Policy and Object > TCP RST Package to view the FortiSandbox Sniffer TCP RST list.

The following options are available:

Refresh

Refresh the TCP RST Package list.

View

Select a package version number and click the View button from the toolbar. The following information is displayed:

  • Job Detail: View the downloaded file's detailed information.
  • Remove from TCP RST package: If marked, the URL will be removed from future TCP RST packages.
  • Detected: The date and time that the item was detected.
  • Host/IP: From where the URL is from.
  • URL: The URL in the package.
  • Rating: The risk rating of the downloaded file.

Package Options

Configure how the packages are generated.

Download Blocklist

Download the FSA Detected Blocklist or Custom Blocklist.

Upload Custom Blocklist

Upload a user-defined blocklist to FortiSandbox.

File requirements:

  • Text files are supported
  • One URL per line
  • URLs, IPs and domains are supported

Example:

http://www.example.com

www.test.net

http://66.77.88.99

11.22.33.44

After the file is uploaded it will overwrite previous versions of the custom blocklist if there are any.

In an HA Cluster , the custom blocklist will only be synced to a new primary node when failover occurs.

Delete Custom Blocklist

Delete a user-defined blocklist.

The TCP RST Package page displays the following information:

Version

The TCP RST package version.

Release Time

The TCP RST package release time.

Total

The total number of URLs inside the package.

To configure a TCP RST package:
  1. Go to Scan Policy and Object > TCP RST Package.
  2. Click Package Options and configure the following settings.

    Includes past 14 day(s) of dataEnter a value between 1-365 days.
    Includes job data of the following ratingsSelect Malicious, High Risk or Medium Risk.
  3. Click OK.