Skip to main content
hazim
Staff
hazim
Staff
September 29, 2022

Technical Tip: How to send files from FortiGate to FortiSandbox for inspection

  • September 29, 2022
  • 0 replies
  • 3780 views
Description The article describes how to send files from FortiGate to FortiSandbox for inspection by applying the Antivirus profile in the policy.
Scope FortiGate 6.4, 7.0 and 7.2.
Solution

Go to Security Profiles -> Antivirus  and select 'Create new/Edit'.

 

Enable the following features:

  1. Inspected Protocols -> HTTP.
  2. Select Send files to FortiSandbox for inspection -> All Supported Files.
  3. Enable FortiSandbox database.

 

hazim_3-1664431953468.png

 

Enable the Antivirus profile in the policy.

 

hazim_4-1664431997467.png

 

Test by downloading the example Virus file. eicar: https://www.eicar.com/download-anti-malware-testfile/ 

 

Here is the log result example:

 

hazim_2-1664431899637.png

 

hazim_1-1664431525862.png

 

The above logs show the file submitted to FortiSandbox and the inspection done by FortiSandbox to analyze the file.

Related article: 

Technical Note: How to check if FortiGate is sending files for inspection to the FortiSandbox
    Terms & ConditionsAccessibility statement