| Description | Technical discusses FortiSandbox Realtime Anti-Phishing Service. |
| Scope | FortiSandbox v4.2.0 and above. |
| Solution |
It is possible to enable the Realtime Anti-Phishing Service by executing the Following Command:
# anti-phishing -e
Once this is done, it will be possible to see the Following Option Under:
Note: with the firmware version 5 option select: Scan Policy and Object -> Scan profile -> Advanced -> Cloud services>Real-time Zero-Day Anti-Phishing Service.
A New Option Under System –> FortiGuard will appear:
Note: As of now, this service is available only in 'Global-Burnaby' and 'Global2-Ottawa'
Lastly, a New Option in the Dashboard will appear to Show the Connectivity Status of the Anti-Phishing Service.
The configuration can be set/unset on a standalone or primary unit. In cluster mode, this setting is synchronized to all nodes.
Note: From firmware v5.0 it shows the license validity period as mentioned below:
When the Realtime Anti-Phishing is enabled: If a URL job is scanned in any VM, it will also send a request to a phishing server. The phishing server will return a score. But the final 'Rated By' will depend on the highest score the Job got.
Example: If VM Engine also gets the same score, the job will be rated by VM Engine.
If the URL is rated by the anti-phishing server, in job detail, the following will be visible: Rated By: Realtime Phishing.
Note: For more verification for RTAP ratting services run command #diagnose-debug anti-phishing as mentioned below:
|
