FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes why all the VDOMs of FortiGate are not displayed under Security Fabric -> Device in FortiSandbox.
Scope
FortiGate, FortiSandbox.
Solution
The VDOMs will become visible in FortiSandbox after it receives its first file from each respective VDOM.
To identify if the FortiGate is configured to forward files to FortiSandbox for inspection, check if Sandbox inspection is enabled on security profiles such as antivirus and web filter in that VDOM.
Enable FortiSandbox inspection by choosing 'Suspicious Files Only' or 'All Supported Files' under 'Send files to FortiSandbox for inspection' in the Antivirus security profile.
Enable 'Block malicious URLs discovered by FortiSandbox' so that FortiSandbox adds discovered threats to the list of blocked URLs on the FortiGate.
It is also possible that FortiGate might not be detecting file downloads due to encrypted HTTPS traffic. Consider downloading files using unsecure protocols like HTTP or enabling deep SSL inspection in the firewall policy. Run the quarantine debugs to verify if Fortigate is indeed sending files to FortiSandbox for inspection.
