FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Purpose Sometimes an antiVirus profile in a FortiGate is configured to send all files instead just to send the suspicious ones. That is a problem in the FortiSandbox because the amount of files per hour allowed is out of specifications and it's not required to send all files to FortiSandbox when the antivirus profile in the FortiGate already identify the suspicious ones.
Scope Verify the amount of total job in the FortiSandbox received from a FortiGate and show how to optimize in the AV profile in the FortiGate to just send the suspicious files.
Expectations, Requirements Decrease the amount of files send from the FortiGate to a FortiSandbox to avoid to exceed the files per hour allowed in the FortiSanbdox.
Troubleshooting 1.) Access to the FortiSandbox via CLI and run the following command:
2) Access to the FortiGate device via CLI and access to the AV profile that was configured to send the files to FortiSandbox for inspection, using following commands:
# config antivirus profile # edit 'AV-NAME' # get
Check for the 'ftgd-anaytics' files. the AV profile is enabled to send all files to the FortiSandbox no matter if the antiVirus found the suspicious files. Specify to just send the suspicious file running the following command:
# config antivirus profile edit 'AV-NAME' set ftgd-anaytics suspicious end
