| Description |
This article describes how to force sandbox traffic to use SD-WAN when using FortiGate Cloud as a solution to an issue where the sandbox does not use SD-WAN. This setting also applies to logs. |
| Scope |
FortiGate with FortiCloud sandbox enabled, or a FortiGate logging to FortiCloud. Tested with FortiOS v7.2.4 and FortiCloud v23.1. From FortiOS v7.4 upwards it will follow the system.fortiguard settings instead of log.fortiguard settings, this article may not apply. |
| Solution |
An issue may occur where sandbox traffic does not abide by specified SD-WAN rules.
Example scenario: - SD-WAN members config: member 1 = wan2
- SD-WAN Rule:
Necessary config:
Force the use of SDWAN with the following configuration:
config log fortiguard setting set interface-select-method sdwan end
Optional - To configure the FortiGuard traffic to also follow SD-WAN, implement the following configuration:
config system fortiguard set interface-select-method sdwan end
To check the sandbox settings, run the following diagnosis command:
diagnose test application quarantined 1
Use the following general sniffer to test:
diagnose sniffer packet any "(net 154.0.0.0/8 or 83.231.212.0/24 or 173.0.0.0/8 or 208.0.0.0/8 or 173.0.0.0/8) and !arp port 514" 4 0 l
To generate traffic, download new files or perform '9. Request analytic stats' in CLI:
diagnose test application quarantined 9
Results:
Sniffer filter:
diagnose sniffer packet any "(net 154.0.0.0/8 or 83.231.212.0/24 or 173.0.0.0/8 or 208.0.0.0/8 or 173.0.0.0/8) and !arp port 514" 4 0 l
Before the change:
wan1 out 10.109.16.103.12995 -> 154.52.11.131.514: syn 2534663346
After the change:
wan2 out 10.109.48.103.3621 -> 154.52.11.131.514: syn 2517737523
Related documents: 'config log fortiguard setting' - CLI DOCS Technical Tip: FortiSandbox Cloud troubleshooting on FortiGate Technical Tip: Unable to activate FortiCloud/FortiSandbox inspection |
