In this video, you will learn how to set up sandboxing to send suspicious files to a FortiSandbox Appliance for further inspection. The FortiGate sends suspicious files to the FortiSandbox. The FortiSandbox scans for threats that can get past other detection methods, by using Windows Virtual Machines, or VMs, to test suspicious files in isolation from your network. You will also configure your FortiGate to automatically receive signature updates from FortiSandbox and add the originating URL of any malicious file to a blocked URL list. Finally you will configure FortiClient to use extended scanning that includes FortiSandbox. This feature is currently only available in FortiClient 5.4 for Windows.
There was a change in the FortiClient security profile from FOS 5.4 to FOS 5.4.1. The VPN, Advanced and Mobile tabs do not appear in FOS versions 5.4.1 and above. Features emphasizing compliance of the endpoint devices have been added. These enhancements facilitate integration with the Cooperative Security Fabric (called “Security Fabric” in FOS 5.6). Read more in the What’s New for Security Profiles 5.4.1.
The recipe for this video is available here.