Technical Tip: Enabling FortiGate Cloud Sandbox in FortiOS from the CLI

nprakash · ‎09-04-2023

Description

This article describes how to enable FortiGate Cloud Sandbox in FortiOS from the CLI.

Scope

FortiGate.

Solution

The following are the three ways files can be sent to a cloud sandbox:

Files are sent to the Fortinet-maintained cloud sandbox cluster for scanning and processing.
Files are sent to a customer-operated and maintained FortiSandbox Cloud instance.
Files are sent to a customer-operated and maintained FortiSandbox hardware appliance.

By default, the option to send the files to FortiGate Cloud Sandbox is not enabled and will not be shown in the GUI.

To enable this option:

Enable 'fortigate-cloud-sandbox' from the CLI:

config system global

set gui-fortigate-cloud-sandbox enable

end

Log out from FortiGate and log back in again. Navigate to Security Fabric -> Fabric Connectors -> Sandbox.

The FortiGate Cloud Sandbox option should be visible now. Users should also select a region to send the traffic to for analysis.

To configure the FortiGate Cloud Sandbox, first activate the connection from the CLI. Note that FortiGate Cloud Sandbox is decoupled from FortiGate Cloud logging, so no need to have a FortiCloud account or have cloud logging enabled.

To activate the FortiGate Cloud Sandbox connection:

execute forticloud-sandbox region

0 Europe

1 Global

2 Japan

3 US

Please select cloud sandbox region[0-3]:3

After a region is selected, the following configuration is added:

config system fortiguard

set sandbox-region {0 | 1 | 2 | 3}

end

Alternatively, using the execute forticloud-sandbox update command also works.

To enable the setting from the GUI, see this documentation.