Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
luisedopicari
Staff
Staff

Created on ‎09-04-2024 10:42 AM Edited on ‎09-06-2024 09:56 AM By Moderator

Article Id 339044

Technical Tip: How to configure the FortiGuard AI-based Malware Prevention Service in FortiGate

Description Inline Sandbox has been renamed to the AI-based Inline Malware Prevention Service. This service represents the most advanced sandbox capability. This article describes how to configure this service in FortiGate appliances and VMs.
Scope FortiGate, FortiSandbox.
Solution

For this service, it is necessary to have:

 

  1. License: Enterprise Protection or FortiGuard AI-based Inline Malware Prevention Service (Add-on).
  2. A FortiGate appliance or FortiGate VM.

 

 

 

  1. Activate the FortiGate Cloud Sandbox connection. Access FortiGate via the CLI and configure the following next commands:

 

execute forticloud-sandbox region
0 Europe
1 Global
2 Japan
3 US
Please select cloud sandbox region[0-3]:3 (Select the region more convenient for the service)

 

 

 

 

  1. To enable FortiSandbox inline scanning:

    Go to Security Fabric -> Fabric Connectors -> Sandbox:

 

1.jpg
 

 

  1. Create security profile (Antivirus).

 

11.jpg

  1. Define a name for the antivirus security profile.
  2. Select to enable the AV engine for detection of known malware files.
  3. Select the option 'Proxy-based'.
  4. Define the scope of protocols to be inspected.
  5. Select the option 'Send files to FortiSandbox for inspection'.
  6. Define the scan strategy:
    1. Inline: File will be sent to FortiSandbox and will wait for a result before completing the file transfer to the client.
    2. Post transfer: The file will be sent to FortiSandbox, but it will not wait for a result to complete the transfer to the client. This will update the FortiSandbox database with any infected files.
  7. Define the action if the file is detected as malware.
  8. Optional: Select this option to put the file in quarantine and to download it for further analysis.

 

 

 

  1. Select the antivirus security profile in the firewall policy:

    Go to Policy & Objects -> Firewall Policy -> Create new.

 

 

3.jpg

 

  1. Verify Sandbox detection with the 'To verify that infected files are blocked inline' section of this process.

    On a client, download an infected file. Use this site and try to download the file 'Windows Executable'.

 

 

4.jpg

 

 

Verify the antivirus log:

 

Go to Log & Report -> Security Events -> AntiVirus.

 

5.jpg

 

Field 1 shows the file name.
Field 2 shows the action.

Field 3 shows the detection type

 

Access FortiGate Cloud (https://login.forticloud.com) in order to see the results. 

Go to Sandbox -> Scan Results.

 

6.jpg

443
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.