반응형
SMALL

FortiSandbox Shell mode

Then in cli, run 'fnsysctl shell', login with 'fsa_support/Support@FSA1’

cd /drive0/public/clean/20170623/04/2841/3404914715784600920

sandbox-jobs-move -e3404914715784600920.meta

strings 3404914715784600920.meta

tar -czvf kbbank.gz *

cp kbbank.gz /web/static/

https://FSA_IP/static/파일명

reset-bulidno

Please provide me more information as below ;

  1. Go to FortiView > File Scan Search and click button of customize. You can see menu of "Job View Setting". Then please enable Column Headers for "Job ID".
  2. Please export two type files for FSA as below ;

2-1. CLI of "sandbox-jobs-move -p -j[JOB ID]". It is example as below ;

Step1> # sandbox-jobs-move -p -j3429900306737006651
/Storage/clean/20170710/00/2754/3429900306737006651

Step2> #tar -czvf j3429900306737006651.gz /Storage/clean/20170710/00/2754/3429900306737006651
Step3> #cp j3429900306737006651.gz /web/static/
Step4> On web browser, https://FSA_IP/static/j3429900306737006651.gz

2-2. CLI of " cp /ramdisk/FortiSandboxGUI.db /web/static/"

Step1> On web browser, https://FSA_IP/static/FortiSandboxGUI.db

So, please export 6 job ID files and 1 fortisandboxGUI.db file and attach these files in this case.

 

반응형
LIST
저작자표시

'업무이야기 > Security' 카테고리의 다른 글

Configuration Example – Site-to-site VPN between SRX and Cisco ASA (Policy-based VPN)  (0) 2021.03.16
MonitorAPP 웹방화벽 동작 체크 방법  (0) 2021.01.29
Fortinet FortiSandbox Clustering Setting sample  (0) 2021.01.20
Juniper SRX 설정 방법 (CLI)  (0) 2021.01.20
Axgate [SSL VPN] Configuration  (5) 2021.01.17
반응형
SMALL

[FortiSandbox Clustering Setting]

Step 1 - Configure the master

  1. Configure the port IP addresses and gateway address with the following commands:
    set port1-ip 192.168.1.99/24
    set port2-ip 192.168.2.99/24
    set port3-ip 192.168.3.99/24
    set default-gw 192.168.1.1
  2. Configure the device as the master node and its cluster fail-over IP for Port1 with the following commands:
    hc-settings -sc -tM -nMasterA -cTestHCsystem -ppassw0rd -iport2
    hc-settings -si -iport1 -a192.168.1.98/24
    See Appendix A - CLI Reference on page 1 for more information about the CLI commands.
  3. Review the cluster status with the following command:
    hc-status -l
    Other ports on the device can be used for file inputs.

Step 2 - Configure the primary slave

  1. Configure the port IP addresses and gateway address with the following commands:
    set port1-ip 192.168.1.100/24
    set port2-ip 192.168.2.100/24
    set port3-ip 192.168.3.100/24
    set default-gw 192.168.1.1
  2. Configure the device as the primary slave node with the following commands:
    hc-settings -s -tP -nPslaveB -iport2
    hc-settings -l
    hc-slave -a -s192.168.2.99 -ppassw0rd
  3. Review the cluster status with the following command:
    hc-status -l

Step 3 - Configure the normal slave

  1. Configure the port IP addresses and gateway address with the following commands:
    set port1-ip 192.168.1.101/24
    set port2-ip 192.168.2.101/24
    set port3-ip 192.168.3.101/24
    set default-gw 192.168.1.1
  2. Configure the device as a slave node with the following commands:
    hc-settings -s -tR -nSlaveC -iport2
    hc-settings -l
    hc-slave -a -s192.168.2.99 -ppassw0rd
  3. Review the cluster status with the following command:
    hc-status -l

 

반응형
LIST
저작자표시

'업무이야기 > Security' 카테고리의 다른 글

MonitorAPP 웹방화벽 동작 체크 방법  (0) 2021.01.29
Fortinet FortiSandbox Shell mode  (0) 2021.01.20
Juniper SRX 설정 방법 (CLI)  (0) 2021.01.20
Axgate [SSL VPN] Configuration  (5) 2021.01.17
Juniper Firewall Transparent mode config (Example)  (0) 2018.05.08
반응형
SMALL
Example configuration
This example shows the steps for setting up an HA cluster using three FortiSandbox 3000D units.
Step 1 - Prepare the hardware
The following hardware will be required:
l Nine cables for network connections
l Three 1/10 Gbps switches
l Three FortiSandbox 3000D units with proper power connections (units A, B, and C).
The master and primary slaves should be on different power circuits.
Step 2 - Prepare the subnets
Prepare three subnets for your cluster (customize as needed):
l Switch A: 192.168.1.0/24: For system management.
l Gateway address: 192.168.1.1
l External management IP address: 192.168.1.99
l Switch B: 192.168.2.0/24: For internal cluster communications.
Administration Guide
Fortinet, Inc.
116
HA-Cluster URL Package
l Switch C: 192.168.3.0/24: For the outgoing port (port 3) on each unit.
l Gateway address: 192.168.3.1
Step 3 - Setup the physical connections
1. Connect port 1 of each FortiSandbox device to Switch A..
2. Connect port 2 of each FortiSandbox device to Switch B.
3. Connect port 3 of each FortiSandbox device to Switch C.
Step 4 - Configure the master
1. Power on the device (Unit A), and log into the CLI (see Connecting to the Command Line Interface on page 11).
2. Configure the port IP addresses and gateway address with the following commands:
set port1-ip 192.168.1.99/24
set port2-ip 192.168.2.99/24
set port3-ip 192.168.3.99/24
set default-gw 192.168.3.1
3. Configure the device as the master node with the following commands:
hc-settings -s -tM -nMasterA -cTestHCsystem -ppassw0rd -iport2
hc-settings -l
See Appendix A - CLI Reference on page 163 for more information about the CLI commands.
4. Review the cluster status with the following command:
hc-status -l
Other ports on the device can be used for file inputs.
Step 5 - Configure the primary slave
1. Power on the device (Unit B), and log into the CLI.
2. Configure the port IP addresses and gateway address with the following commands:
set port1-ip 192.168.1.100/24
set port2-ip 192.168.2.100/24
set port3-ip 192.168.3.100/24
set default-gw 192.168.3.1
3. Configure the device as the primary slave node with the following commands:
hc-settings -s -tP -nPslaveB -iport2
hc-settings -l
hc-slave -a -s192.168.2.99 -ppassw0rd
4. Review the cluster status with the following command:
hc-status -l
Step 6 - Configure the normal slave
1. Power on the device (Unit C), and log into the CLI.
2. Configure the port IP addresses and gateway address with the following commands:
set port1-ip 192.168.1.101/24
set port2-ip 192.168.2.101/24
set port3-ip 192.168.3.101/24
set default-gw 192.168.3.1
3. Configure the device as a slave node with the following commands:
hc-settings -s -tR -nSlaveC -iport2
hc-settings -l
hc-slave -a -s192.168.2.99 -ppassw0rd
117 Administration Guide
Fortinet, Inc.
URL Package HA-Cluster
4. Review the cluster status with the following command:
hc-status -l
Step 7 - Configure other settings
Configure required settings, such as other static routes if you need to access the HA cluster through a router and
scan profiles for malware detection. All configuration can only be done on the master device.
Step 8 - Finish
The HA cluster can now be treated like a single, extremely powerful standalone FortiSandbox unit.

 

In this example, files are submitted to, and reports and logs are available over IP address 192.168.1.99.

 

 

반응형
LIST
저작자표시 비영리 변경금지

'업무이야기 > Security' 카테고리의 다른 글

Fortigate IPv6 over IPv4 VPN Tunnel  (0) 2018.05.08
FortiGate Service Objects Category별 우선 순위  (0) 2018.05.08
FortiAuthenticator FSSO 설정  (0) 2018.05.08
FortiSandbox VM package  (0) 2018.05.08
Fortigate Custom Application Control  (0) 2018.05.08
반응형
SMALL
1. Install Microsoft Windows VM package 
 
If the unit is not does not have Microsoft Windows VM package installed, they can be installed manually. 
To manually download the package: 
1. FSA-1000D, FSA-3000D, and FSA-VM models: 
Download the package from ftp://fsavm.fortinet.net/general/image/2.0.0/2015022118_vm.pkg.7z 
Users can also try or purchase, download and install extra Android, Windows 8.1 and Windows 10 image 
packages. These packages can be downloaded from: 
Android: Download the package from ftp://fsavm.fortinet.net/images/v2.00/AndroidVM.pkg.7z 
Windows 8.1: Download the package from ftp://fsavm.fortinet.net/images/v2.00/WIN81VM.pkg.7z 
Windows 10:Download the package from ftp://fsavm.fortinet.net/images/v2.00/WIN10VM.pkg.7z 
MD5 File: Download the package from ftp://fsavm.fortinet.net/images/v2.00/md5.txt 
2. Put the package on a host that supports file copy with the SCP or FTP command. The FortiSandbox must be able 
to access the SCP or FTP server. 
3. In a console window, enter the following command string to download and install the package: 
fw-upgrade -v -s<SCP/FTP server IP address> -u<user name> -p<password> -t<ftp|scp> -f<file path> 
 
2. Install the Microsoft Office license file 
 
1. If the unit has no Office license file installed, download the Microsoft Office license file from the Fortinet 
Customer Service & Support portal. 
2. Log into the FortiSandbox and go to System > Dashboard . In the System Information widget, click the Upload 
License link next to Microsoft Office. The Microsoft Office License Upload page is displayed. Browse to the 
license file on the management computer and select the Submit button. The system will reboot. 
3. The Microsoft Office license must be activated against the Microsoft activation server. This is done automatically 
after a system reboot. To ensure the activation is successful, port3 must be able to access the Internet and the 
DNS servers should be able to resolve the Microsoft activation servers. 
 
3. Install Windows 8.1 or Windows 10 license files 
 
1. If user purchases Windows 8.1 or Windows 10 support, download the Windows license file from the Fortinet 
Customer Service & Support portal 
2. Log into FortiSandbox and go to System > Dashboard. In the System Information widget, click the Upload 
License link next to Windows VM field. The Microsoft VM License Upload page is displayed. Browse to the 
license file on the management computer and click the Submit button. The system will reboot. 
3. The Microsoft Windows license must be activated against the Microsoft activation server. This is done 
automatically after a system reboot. To ensure the activation is successful, port3 must be able to access the 
Internet and the DNS servers should be able to resolve the Microsoft activation servers. Network configurations for 

 

port3 can be configure on the Scan Policy > General page. 

 

 

반응형
LIST
저작자표시 비영리 변경금지

'업무이야기 > Security' 카테고리의 다른 글

FortiSandbox Cluster  (0) 2018.05.08
FortiAuthenticator FSSO 설정  (0) 2018.05.08
Fortigate Custom Application Control  (0) 2018.05.08
Fortigate SSLVPN Host Check  (0) 2018.05.08
FortiAnalyzer SQL database delete and rebuild  (0) 2018.05.08
반응형
SMALL
FortiSandbox Flow
 
Static Scan:
- Rule matched : Suspicious(High/Medium/Low) -> End
- Rule did not match : Clean -> Goto AV Scan
 
AV Scan:
- Signature matched : Malicious -> End
- Signature did not match : Clean -> Goto Cloud Query
 
Cloud Query:
- Hash matched with Suspicious : Suspicious(High/Medium/Low) -> End
- Hash matched with Clean : Clean -> End
- Hash did not match : Clean -> End(if not supporting VM Scan for the file) or Goto VM Scan(if supporting VM Scan for the file)
 
VM Scan:
- Suspicous behavior was detected  : Suspicious(High/Medium/Low) -> End
- Suspicous behavior was not detected : Clean -> End

 

- Other : Unknown -> End

 

 

 

반응형
LIST
저작자표시 비영리 변경금지

'업무이야기 > Security' 카테고리의 다른 글

Fortigate IP Macbindging  (0) 2018.05.08
Fortinet Open Ports Diagram  (0) 2018.05.08
FortiSandbox Flow  (0) 2017.08.08
FortiSandbox Clustering Setting  (0) 2017.08.08
FortiSandbox Custom VM  (0) 2017.08.08
반응형
SMALL
FortiSandbox Flow
 
Static Scan:
- Rule matched : Suspicious(High/Medium/Low) -> End
- Rule did not match : Clean -> Goto AV Scan
 
AV Scan:
- Signature matched : Malicious -> End
- Signature did not match : Clean -> Goto Cloud Query
 
Cloud Query:
- Hash matched with Suspicious : Suspicious(High/Medium/Low) -> End
- Hash matched with Clean : Clean -> End
- Hash did not match : Clean -> End(if not supporting VM Scan for the file) or Goto VM Scan(if supporting VM Scan for the file)
 
VM Scan:
- Suspicous behavior was detected  : Suspicious(High/Medium/Low) -> End
- Suspicous behavior was not detected : Clean -> End
- Other : Unknown -> End

 

 

 

반응형
LIST
저작자표시 비영리 변경금지

'업무이야기 > Security' 카테고리의 다른 글

Fortinet Open Ports Diagram  (0) 2018.05.08
FortiSandbox diagram  (0) 2018.05.08
FortiSandbox Clustering Setting  (0) 2017.08.08
FortiSandbox Custom VM  (0) 2017.08.08
Fortinet euc-kr 한글 지원 설정  (0) 2015.12.28
반응형
SMALL
FortiSandbox Clustering Setting
 

Step 1 - Configure the master
1. Configure the port IP addresses and gateway address with the following commands:
set port1-ip 192.168.1.99/24
set port2-ip 192.168.2.99/24
set port3-ip 192.168.3.99/24
set default-gw 192.168.1.1

2. Configure the device as the master node and its cluster fail-over IP for Port1 with the following commands:
hc-settings -sc -tM -nMasterA -cTestHCsystem -ppassw0rd -iport2
hc-settings -si -iport1 -a192.168.1.98/24
See Appendix A - CLI Reference on page 1 for more information about the CLI commands.

3. Review the cluster status with the following command:
hc-status -l
Other ports on the device can be used for file inputs.

Step 2 - Configure the primary slave
1. Configure the port IP addresses and gateway address with the following commands:
set port1-ip 192.168.1.100/24
set port2-ip 192.168.2.100/24
set port3-ip 192.168.3.100/24
set default-gw 192.168.1.1

2. Configure the device as the primary slave node with the following commands:
hc-settings -s -tP -nPslaveB -iport2
hc-settings -l
hc-slave -a -s192.168.2.99 -ppassw0rd

3. Review the cluster status with the following command:
hc-status -l

Step 3 - Configure the normal slave
1. Configure the port IP addresses and gateway address with the following commands:
set port1-ip 192.168.1.101/24
set port2-ip 192.168.2.101/24
set port3-ip 192.168.3.101/24
set default-gw 192.168.1.1

2. Configure the device as a slave node with the following commands:
hc-settings -s -tR -nSlaveC -iport2
hc-settings -l
hc-slave -a -s192.168.2.99 -ppassw0rd

3. Review the cluster status with the following command:
hc-status -l

 

 

반응형
LIST
저작자표시 비영리 변경금지

'업무이야기 > Security' 카테고리의 다른 글

FortiSandbox diagram  (0) 2018.05.08
FortiSandbox Flow  (0) 2017.08.08
FortiSandbox Custom VM  (0) 2017.08.08
Fortinet euc-kr 한글 지원 설정  (0) 2015.12.28
Fortigate Port Restricted  (0) 2015.12.28
반응형
SMALL
FortiSandbox Custom VM
 

아래한글 지원 custom VM 입니다.

http://fsavm.fortinet.net/WIN7X86VM_HWP.pkg.7z 
파일을받아서 FTP 서버에올려놓고아래처럼 fw-upgrade 로올려야합니다.
>fw-upgrade -l -v -tftp -s192.168.200.100 -uadmin -padmin -f/VM/WIN7X86VM_HWP.pkg.7z

기본 패키지 업로드
>fw-upgrade -l -v -tftp -sfsavm.fortinet.net -uanonymous -f/general/image/2.0.0/2015022118_vm.pkg.7z

ftp://fsavm.fortinet.net/general/image/2.0.0/2015022118_vm.pkg.7z


커스텀 패키지 업로드
> vm-customized -cn -tftp -s10.10.11.111 -uadmin -padmin1 -f/V5Win7EntSP1x64.vdi -oWindows7_64 -vCustHWP7

> vm-customized -cn -tftp -s192.168.234.223 -unicstech -pnics00 -f/V5Win7ProSP1x86/V5Win7ProSP1x86.vdi -k344ADE788168B08581349D71C8299AFA -voWindows7 -vnCustHWP

메타 파일 업로드
> vm-customized -cf -tftp -s10.10.11.111 -uadmin -padmin1 -f/metafile.txt -vCustWin7-32
--2016-09-29 17:33:09--  ftp://10.10.11.111/metafile.txt
=> '/drive0/tmp/customizedvm.meta.tmp'
Connecting to 10.10.11.111:21... connected.
Logging in as admin ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done. ==> CWD not needed.
==> SIZE metafile.txt ... 108
==> PASV ... done. ==> RETR metafile.txt ... done.
Length: 108 (unauthoritative)

metafile.txt 100%[=============================================================================>] 108 --.-KB/s in 0.002s  

2016-09-29 17:33:09 (43.7 KB/s) - '/drive0/tmp/customizedvm.meta.tmp' saved [108]



메타파일
파일명 : metafile.txt
HWP NEO Viewer
Visual C++ Redistributor 2013
.NET Framework 4.0
Adobe Flash Player 22.0
Alzip 10.5

 

 

반응형
LIST
저작자표시 비영리 변경금지

'업무이야기 > Security' 카테고리의 다른 글

FortiSandbox Flow  (0) 2017.08.08
FortiSandbox Clustering Setting  (0) 2017.08.08
Fortinet euc-kr 한글 지원 설정  (0) 2015.12.28
Fortigate Port Restricted  (0) 2015.12.28
Spam test  (0) 2015.12.28

+ Recent posts

티스토리툴바