Article Id
190611
Description
You can quarantine only infected files to a FortiAnalyzer for study or submission at a later date. This article describes required steps to configure FortiOS Antivirus so that once viruses have been detected, copies of the quarantined files are sent to a FortiAnalyzer unit.
Scope
A FortiGate unit configured to connect with a FortiAnalyzer unit.
Solution
To configure file quarantine:
1. The FortiAnalyzer unit must be configured to communicate and accept data from the FortiGate unit.
1. The FortiAnalyzer unit must be configured to communicate and accept data from the FortiGate unit.
On the FortiGate unit, go to System > Status. The connection status of a FortiAnalyzer can be seen on the Dashboard in the Unit Operation widget. When connected, the connection shows from the FortiAnalzyer unit to the FortiGate unit (see image below). If this connection has not first been made and verified, ensure this before continuing. For more information, see the FortiGate Administration Guide.
On the FortiGate unit, go to AntiVirus > Quarantine > Config.
Select FortiAnalyzer and select the files and protocols to be quarantined and select Apply.
3. Go to Firewall > Protection Profile.
4. Edit the protection profile.
5. Select the blue arrow for Anti-Virus to expand the options.
6. Enable Quarantine for the needed protocols.
7. Select OK.
