Trying out sandbox for the 1st time. In an HA pair, will 1 sandbox need to be connected to both FW01 and FW02? And is there any special configuration regarding this?
Is it also possible to generate or use a known infected file to run through the motions of analysis and phone-homing to FDN?
Hi,Only the master member of the cluster should be connected to the Sandbox.When it comes to the virus sample file, please find them here: https://www.eicar.org/?page_id=3950
I'll sugest you to do what i'm doing, because i believe is going to answer all your questions and more, which is to go through the NSE 7 ATP course on https://training.fortinet.com.
It is open to the public (thanks fortinet") and will help you and your staff to make the most of the tool.