I'm not sure if any Fortinet staff watches this forum, but I thought I post this here as an idea. I'm currently doing an Eval on FortiSandbox, and I noticed a small bug that happens from time to time where either a VM will stop responding and no longer process files, or the VM is infected and creating false positives on clean files flagging them as infected. You can typically notice which VM is causing this if you are watching the VM Status tab.
It would be nice if Fortinet created a VM Rebuild tab, where you can select a VM of your choosing to be destroyed and rebuilt. The current process of restarting FortiSandbox is less than ideal. Reason behind it is that it's a long process for FortiSandbox to reboot and start before it will start accepting new files from devices or the sniffer to process files. They are, in fact, not added at all until all clones are alive.
The work around would be changing the number of VM images to an odd number, applying, and then resetting the VM images back to your preferred count and then applying again. This will cause all the VMs in that group to be scrapped and rebuilt which will fix the issue. It also addresses the issue of that long period of files not being added to the FortiSandbox. The downside is that you will get a huge queue of items that needs to be scanned and can be quite timely if it's not correctly managed.
My proposed solution would just reset the defective VM, while maintaining access to the working VMs as they continue to scan and process files.
Thoughts?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.