Created on 01-28-2021 11:55 PM Edited on 01-17-2022 02:58 AM By Anthony_E
Description
When files are sent to FortiSandbox Cloud, it is possible to get submission failures:
Example.
date=2020-06-03 time=09:05:34 idseq=5567260827583117 bid=8370948 dvid=1030 itime="2020-06-03 09:05:34" euid=3 epid=9150 dsteuid=0 dstepid=101 logver=60 logid=0201009238 type="utm" subtype="virus" level="notice" action="monitored" service="HTTP" srcip=1.2.3.4 dstip=2.3.4.5 srcport=53657 dstport=80 filename="XXX_2b92f11a5bc2266b2cdaba9216cf35e65b4da2c6.exe" dtype="fortisandbox" eventtype="analytics" analyticscksum="03d9082a1128f97441d925d6b95033721d9d0f1a0ed4c446f9a31103abe51442" fsaverdict="submission failed"
This article describes how to fix failure.
Solution
Run the following commands to make sure that FortiGate is successfully communicating with FortiCloud.
# diagnose test application forticldd 1
System=FGT Platform=FGT60E
Management vdom: root, id=0, ha=master.
acct_id=support@fortinet.com
acct_st=OK <-----
FortiGuard interface selection:
method=auto specify=FortiGuard log: status=enabled, full=overwrite, ssl_opt=1, source-ip=0.0.0.0
# diagnose test application forticldd 3
Debug zone info:
Domain: EUROPE
Home log server: 62.209.37.73:514
Alt log server: 81.201.101.251:514
Active Server IP: 62.209.37.73
Active Server status: up
Log quota: 3145728MB
Log used: 5830MB
Daily volume: 20480MB
fams archive pause: 0
APTContract : 1
APT server: 154.45.1.51:514
APT Altserver: 154.45.1.52:514
Active APTServer IP: 154.45.1.51
Active APTServer status: up <-----
1) Enable the below command to send only suspicious files instead of all files.
Go to Security Profiles -> AntiVirus.
Under Send files to FortiSandbox select 'Suspicious Files Only'.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.