Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Rajan_kohli
Staff
Staff

Created on ‎12-30-2022 10:15 AM Edited on ‎07-26-2024 06:25 AM By Moderator

Article Id 241529

Technical Tip: How to configure antivirus profile to upload files to FortiSandbox for virus scanning

Description

This article describes how to configure an antivirus profile to upload files to FortiSandbox for virus scanning
Scope

FortiOS 6.0, FortiOS 6.2, FortiOS 6.4, FortiOS 7.0, FortiOS7.2, FortProxy 7.0, FortiProxy 7.2, FortiProxy7.4.
Solution

For the firmware version of FortiOS 6.0, FortiOS 6.2, FortiOS 6.4, FortiOS 7.0 FortiProxy 7.0,FortiProxy 7.2:

 

config antivirus profile

edit "Test" <- Antivirus profile name.

set ftgd-analytics everything <- This option can be set to 'suspicious' or 'everything'.
set analytics-max-upload <- Maximum file size that can be uploaded to FortiSandbox.

end

 

Note:

  • suspicious: Submit files supported by FortiSandbox if heuristics or other methods determine they are suspicious.
  • everything: Submit files supported by FortiSandbox and known infected files.

 

The 'analytics-max-upload' option is only available via the CLI after 'ftgd-analytics' has been set to 'everything' or 'suspicious'.

 

'analytics-max-upload' -> Integer values are (1 - 26214 MB), default value is 10 MB.

 

On FortiOS, the option is available on the GUI after the Security Fabric Connector of 'FortiSandbox' has been created.

 

fos11111.png

 

On FortiProxy version 7.0.x this can be configured only via the CLI.
On FortiProxy version 7.2.x, the 'Send files to FortiSandbox for inspection' option is available on the GUI as well.

pic1.PNG

 

For the firmware version of  FortiOS 7.2 FortiOS 7.4, and  FortiProxy 7.4:

 

config antivirus profile

edit "Test" <- Antivirus profile name.

set fortisandbox-mode analytics-everything <- This option can be set to 'analytics-suspicious' or 'analytics-everything'.

set fortisandbox-max-upload <- Maximum file size that can be uploaded to FortiSandbox.

end

 

Note:

  • analytics-suspicious: FortiSandbox post-transfer scan: submit supported files if heuristics or other methods determine they are suspicious.
  • analytics-everything: FortiSandbox post-transfer scan: submit supported files and known infected files.

 

The 'analytics-max-upload' option is only available in the CLI after 'ftgd-analytics' has been set to 'everything' or 'suspicious'.

 

analytics-max-upload -> Integer values are (1 -  26214 MB), default value is 10.

 

On FortiOS 7.4 and FortiProxy 7.4, the option is available on GUI after the Security Fabric Connector of 'FortiSandbox' has been created.

 

FortiOS GUI:

 

fos11111.png

 

FortiProxy GUI:

 

pic2.PNG

 
2274
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.