Technical Tip: Adding FortiSandbox inspection to security profiles

Description

This article describes how applying the FortiSandbox inspection on the security profiles feature has been introduced from FortiOS V6.0 onwards.
In this step, the user is adding a FortiSandbox to all FortiGates in the Security Fabric individually, using the profiles that each FortiGate applies to network traffic.

Solution

In order to pass the Advanced Threat Protection check, add FortiSandbox inspection to antivirus profiles for all FortiGates in the Security Fabric.

In antivirus profile:

1. Go to Security Profiles -> Antivirus and edit the default profile.
2. Under Inspection Options, set 'Send Files' to FortiSandbox Appliance for Inspection to all Supported Files.
3. Enable 'Use FortiSandbox Database', so that if the FortiSandbox discovers a threat, it adds a signature for that file to the antivirus signature database on the FortiGate.
   
   

1. Go to Security Profiles -> Web Filter and edit the default profile.
2. Under 'Static URL Filter', enable 'Block malicious URLs discovered by FortiSandbox'. If the FortiSandbox discovers a threat, the URL that the threat came from is added to the list of URLs that are blocked by the FortiGate.

 

On FortiClient compliance profiles: make it in 'Block' letters.

1. Go to Security Profiles -> FortiClient Compliance Profiles and edit the default profile. Enable 'Security Posture Check'.
   
2. Enable 'Real-time Protection' and Scan with FortiSandbox.