Académique Documents
Professionnel Documents
Culture Documents
FortiSandbox
Multi-layer proactive threat mitigation
FortiSandbox
FortiSandbox 1000D, 3000D, 3500D, FortiSandbox-VM and FortiSandbox Cloud
Actionable Insight
All classifications malicious and high/medium/low risk are presented within an intuitive
dashboard. Full threat information from the virtual execution including system activity,
exploit efforts, web traffic, subsequent downloads, communication attempts and more is
available in rich logs and reports.
support.fortinet.com
www.fortiguard.com
Prevent Attacks
FortiGuard Labs.
www.fortinet.com
DEPLOYMENT OPTIONS
Easy Deployment
FortiSandbox supports inspection of many protocols in one unified
existing securityframework.
Standalone
This deployment mode relies on inputs from
spanned switch ports or network taps. It may
also include administrators on-demand file
Network Tap /
Span Port
Sniffer Mode
FortiSandbox
Integrated
Various Fortinet products, namely FortiGate,
FortiMail, FortiWeb and FortiClient can
Enterprise
FortiGate
FortiMail
FortiWeb
* Not applicable to FortIWeb
FortiClient
FortiSandbox
Distributed
This deployment is attractive for organizations
that have distributed environments, where
Data Center
FortiSandbox
FortiWiFi
FortiGate
Branch Offices/Outlets
FEATURES
VM Sandboxing
Complement your established defenses with cuttingedge capability analyzing suspicious and high-risk
files in a contained environment to uncover the full attack
lifecycle using system activity and callback detection.
Remediation
Fortinets ability to uniquely integrate various products with FortiSandbox
offers automatic protection with incredibly simple setup. Once a malicious
code is determined, the analyzer will develop and forward the dynamically
generated signature to all registered devices and clients. These devices then
examine subsequent files against the latest DB.
FortiSandbox
File Submission
File Submission
FSA Dynamic
Threat DB Update
FSA Dynamic
Threat DB Update
SECURED BY
FORTIGUARD
Query
1
2
3a
4
3b
Remediation
3a Auto File Quarantine on Host
FortiGate
FortiClient
Protection
3c
Enforce Network
Quarantine
www.fortinet.com
FEATURES
Multi-tiered file processing optimizes resource usage that
improves security, capacity and performance
AV Engine
analysis/rating
Exposes full threat lifecycle information
Cloud Query
andexfiltration
malware detection
Code Emulation
Quickly simulates intended activity
OS independent and immune to
evasion/obfuscation
FEATURES SUMMARY
Administration
Supports WebUI and CLI configurations
Multiple administrator account creation
Configuration file backup and restore
Notification email when malicious file is detected
File type support: .7z, .apk, .arj, .asf, .asp, .bat, .bz2, .cab, .cdf, .cmd, .com, .com1, .dll, .doc, .docm, .docx,
.dot, .dotm, .dotx, .exe, .gif, .gz, .htm, html, .htmnojs, .ico, .jar, .jarlib, .jpeg, .jpg, .js, .jsp, .kgb, .lnk, .lzh,
.mov, .mp3, .mp4, .msg, .msi, .onetoc, .pdf, .php, .png, .pot, .potm, .potx, .ppam, .pps, .ppsm, .ppsx, .ppt,
.pptm, .pptx, .ps1, .qt, .rar, .rm, .rtf, .sldm, .sldx, .swf, .tar, .tgz, .thmx, .tiff, .tnef, .txt, .unk, .upx, url, .vbs, .vcf,
WEBLink, .xlam, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xz, .z, .zip
Protocols/applications supported:
Sniffer mode: HTTP, FTP, POP3, IMAP, SMTP, SMB
Integrated mode with FortiGate: HTTP, SMTP, POP3, IMAP, MAPI, FTP, IM and their equivalent SSL
encrypted versions
Integrated mode with FortiMail: SMTP, POP3, IMAP
Integrated mode with FortiWeb: HTTP
VM status monitoring
Networking/Deployment
Network threat detection in Sniffer Mode: Identify Botnet activities and network attacks, malicious URL visit
Systems Integration
File Submission input: FortiGate, FortiClient, FortiMail, FortiWeb
File Status Feedback and Report: FortiGate, FortiClient, FortiMail, FortiWeb
Dynamic Threat DB update: FortiGate, FortiClient, FortiMail
Periodically push dynamic DB to registered entities.
File checksum and malicious URL DB
Update Database proxy: FortiManager
Remote Logging: FortiAnalyzer, syslog server
Web-based API with which users can upload samples to scanindirectly
Bit9 end point software integration
Scan SMB/NFS network share and quarantine suspicious files. Scan can be scheduled
Scan embedded URLs inside document files
Integrate option for third partyYara rules
Option to auto-submit suspicious files to cloud service for manual analysis and signaturecreation
Option to forward files to a network share for further third-party scanning
Files checksum whitelist and blacklist option
URLs submission for scan and query from emails and files
SPECIFICATIONS
FSA-1000D
FSA-3000D
FSA-3500D
Form Factor
2 RU
2 RU
6x GE RJ45 ports,
2x GE SFP slots
4x GE RJ45 ports,
2x GE SFP slots
2x 10 GE SFP+ slots
Storage Capacity
4 TB (max. 8 TB)
8 TB (max. 16 TB)
10 TB (2 TB per node)
Power Supplies
2x Redundant PSU
2x Redundant PSU
2x Redundant PSU
VM Sandboxing (Files/Hour)
160
560
720*
AV Scanning (Files/Hour)
6,000
15,000
Number of VMs
28
36*
89 x 437 x 368
84 x 482 x 755
Weight
115 / 138 W
392 / 614.6 W
625 / 735.6 W
Maximum Current
100V/5A, 240V/3A
110V/10A, 220V/5A
12A@100V, 8A@240V
Heat Dissipation
471 BTU/h
2131.14 BTU/h
2728.9 BTU/h
Power Source
Humidity
595% non-condensing
2090% non-condensing
890% (non-condensing)
32104F (040C)
5095F (1035C)
-13158F (-2570C)
-40149F (-4065C)
Hardware
System
(Upgradable** to 1,200) (160 per node)
(Upgradable** to 60)
(8 per node)
Dimensions
Environment
Compliance
Certifications
FCC Part 15 Class A, C-Tick, VCCI, CE, BSMI, KC, UL/cUL, CB, GOST
* Based on the assumption that 1 blade will be used as master in HA-cluster mode.
** By adding 3 more SAM-3500D nodes to the same chassis..
FortiSandbox 1000D
FortiSandbox 3000D
FortiSandbox 3500D
FortiSandbox-VM
FortiSandbox Cloud
Hypervisor Support
N.A
4 / Unlimited
(Fortinet recommends that the number of vCPUs match the number of Windows VM +4.)
N.A
8 GB / Unlimited
N.A
30 GB / 16 TB
N.A
N.A
VM Sandboxing (Files/Hour)
Hardware dependent
AV Scanning (Files/Hour)
Hardware dependent
Number of VMs
Hardware Requirements
System
www.fortinet.com
INTEGRATION MATRIX
FSA Appliance and VM
FortiSandbox Cloud
FortiGate
FortiClient
FortiMail
FortiWeb
File Submission
*FortiOS V5.0.4+
FortiMailOSV5.1+
FortiWebOSV5.4+
*FortiOS V5.0.4+
FortiMailOSV5.1+
FortiWebOSV5.4+
*FortiOS V5.4+
FortiMailOSV5.1+
*FortiOS V5.4+
FortiMailOSV5.3+
FortiWebOSV5.4+
File Submission
*FortiOS V5.2.3+
FortiMailOSV5.3+
FortiWebOS5.5.3+
*FortiOS V5.2.3+
FortiMailOSV5.3+
FortiWebOS5.5.3+
*FortiOS V5.2.3+
*FortiOS V5.4+
FortiMailOSV5.3+
FortiWebOS5.5.3+
*some models may require CLI configuration
ORDER INFORMATION
Product
SKU
Description
FortiSandbox 1000D
FSA-1000D
Advanced Threat Protection System 6x GE RJ45, 2x GE SFP slots, redundant PSU, 8 Windows licenses and
1 Microsoft Office license included.
FortiSandbox 3000D
FSA-3000D
Advanced Threat Protection System 4x GE RJ45, 2x GE SFP slots, 2x 10 GE SFP+ slots, redundant PSU, 28 Windows
licenses and 3 Microsoft Office licenses included.
FortiSandbox 3500D
FortiSandbox-3500D
Advanced Threat Protection System 3U 8-slot chassis with redundant PSU 5x SAM-3500D nodes with 20x GE RJ45,
5x 10 GE SFP+ slots, 36 VMs with WinXP, Win7, Win8, Win10 and 5 Microsoft Office licenses included.
SandboxModule 3500D
SAM-3500D
Advanced Threat Protection Node 4x GE RJ45, 1x 10 GE SFP+ slots, 8 VMs with WinXP, Win7, Win8, Win10 and
1 Microsoft Office licenses included.
FortiSandbox-VM
FSA-VM-BASE
Base license for stackable FortiSandbox-VM. 4 Windows licenses and 1 Microsoft Office license included. FSA-VM maximum
expansion limited to 54 total VMs.
FC-10-00XXX-123-02-12
FG-TRAN-SX
1 GE SFP SX transceiver module for all systems with SFP and SFP/SFP+ slots.
FG-TRAN-LX
1 GE SFP LX transceiver module for all systems with SFP and SFP/SFP+ slots.
FG-TRAN-SFP+SR
10 GE SFP+ transceiver module, short range for all systems with SFP+ and SFP/SFP+ slots.
FG-TRAN-SFP+LR
10 GE SFP+ transceiver module, long range for all systems with SFP+ and SFP/SFP+ slots.
Optional Accessories
GLOBAL HEADQUARTERS
Fortinet Inc.
899 Kifer Road
Sunnyvale, CA 94086
United States
Tel: +1.408.235.7700
www.fortinet.com/sales
Copyright 2016 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, FortiCare and FortiGuard, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be
trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary and may be significantly less effective than the metrics stated herein. Network variables, different network environments
and other conditions may negatively affect performance results and other metrics stated herein. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinets General
Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet and any such commitment
shall be limited by the disclaimers in this paragraph and other limitations in the written contract. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinets internal lab tests, and in no event will Fortinet be responsible for events or issues that are outside of its
reasonable control. Notwithstanding anything to the contrary, Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version
of the publication shall be applicable.
FST-PROD-DS-FSA FSA-DAT-R15-201608