Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Carl_Wallmark
Valued Contributor

Created on ‎05-23-2014 10:42 AM

Have you tested the fortisandbox?

Hi, Have anyone bought/tested the fortisandbox ? If so please share your impressions.

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
5401
0 Kudos
6 REPLIES 6
Sean_Toomey_FTNT
Staff
Staff

Created on ‎08-01-2014 07:55 AM

I can tell you that we did VERY well on the NSS Labs tests :) http://www.fortinet.com/press_releases/2014/fortinet-earns-recommended-rating-fortisandbox-nss-labs.html If you have any specific questions on what you' re looking for I can work internally to get you the answers. I know people that are experts on this product. Cheers!
-- Sean Toomey, CISSP FCNSP Consulting Security Engineer (CSE) FORTINET— High Performance Network Security
3120
0 Kudos
ede_pfau
SuperUser
SuperUser

Created on ‎08-02-2014 07:33 AM

Do you know why it failed on packers, with 0% success?

Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
3120
0 Kudos
fropert_FTNT
Staff
Staff

Created on ‎09-03-2014 11:54 AM

Hello Ede, It is really surprising that packers could be the root cause of detection failures. Could you please elaborate about your testing plan and fortisandbox deployment mode used? Regards, Francois
3120
0 Kudos
netmin
Contributor II
In response to fropert_FTNT

Created on ‎09-03-2014 01:30 PM

I think Ede is referring to page 7 of this document: http://www.fortinet.com/sites/default/files/whitepapers/BDS-Fortinet-FortiSandbox-3000D.pdf
3120
0 Kudos
ede_pfau
SuperUser
SuperUser

Created on ‎09-03-2014 03:03 PM

That' s right, I got the statement from the report mentioned. I only can imagine that support for packing algorithms is planned for a future release. Apart from this the results are quite impressive.

Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
3120
0 Kudos
fropert_FTNT
Staff
Staff

Created on ‎09-04-2014 06:02 AM

Hi guys, Thanks for the nss link. I know exactly what you refer to. In fact the problem was two-fold. 1/ Avengine was unable to detect the virus when using some packers in the testing plan. As the avengine detected nothing then the virus was send for analysis to the sandboxing... 2/ When the nss test was conduced our sandbox wasn' t able to detect the virus but it is now fixed :) Regards, Francois
3120
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.