Remerciez-le!

Remerciez @Admin pour avoir partagé cet document gratuitement, de la manière la plus simple, en partageant sur les réseaux sociaux.

FortiSandbox Student Guide for FortiSandbox 2.0.3 DO NOT REPRINT © FORTINET For

FortiSandbox Student Guide for FortiSandbox 2.0.3 DO NOT REPRINT © FORTINET FortiSandbox Student Guide for FortiSandbox 2.0.3 Last Updated: 9 October 2015 We would like to acknowledge the following major contributors: Michael Liu Fortinet®, FortiGate®, and FortiGuard® are registered trademarks of Fortinet, Inc. in the U.S. and other jurisdictions, and other Fortinet names herein may also be trademarks, registered or otherwise, of Fortinet. All other product or company names may be trademarks of their respective owners. Copyright © 2002 - 2015 Fortinet, Inc. All rights reserved. Contents and terms are subject to change by Fortinet without prior notice. No part of this publication may be reproduced in any form or by any means or used to make any derivative such as translation, transformation, or adaptation without permission from Fortinet, Inc., as stipulated by the United States Copyright Act of 1976. DO NOT REPRINT © FORTINET Table of Contents VIRTUAL LAB BASICS ...................................................................................5 Topology .............................................................................................................................. 5 Logging In ............................................................................................................................ 5 Disconnections/Timeouts .............................................................................................................................9 Transferring Files to the VM ................................................................................................. 9 Using HTML5 Instead of Java .............................................................................................. 9 Screen Resolution ................................................................................................................ 10 International Keyboards ....................................................................................................... 10 Troubleshooting Tips ............................................................................................................ 11 IN-LINE DEPLOYMENT ...................................................................................13 Objectives ............................................................................................................................ 13 Time to Complete ................................................................................................................. 13 Exercise 1: Communication with a FortiGate ....................................................................... 14 Initialize the configuration .............................................................................................................................14 Configure file inspection and submission .....................................................................................................18 Submitting files from FortiGate to FortiSandbox ...........................................................................................20 Exercise 2: Communication with a FortiMail ......................................................................... 26 Initialize the configuration .............................................................................................................................26 Configure attachment inspection and submission ........................................................................................28 Submitting files from FortiMail to FortiSandbox ............................................................................................29 SNIFFER DEPLOYMENT .................................................................................31 Objectives ............................................................................................................................ 31 Time to Complete ................................................................................................................. 31 Exercise 1: Sniffer-based detection ...................................................................................... 32 DO NOT REPRINT © FORTINET OTHER FILE SUBMISSION METHODS..............................................................33 Objectives ............................................................................................................................ 33 Time to Complete ................................................................................................................. 33 Exercise 1: Manual File Submission ..................................................................................... 34 Exercise 2: Scanning File Shares ......................................................................................... 36 Access the file share ....................................................................................................................................36 Configure a network share ...........................................................................................................................37 Configure a quarantine location ....................................................................................................................37 Exercise 3: Inspecting Suspicious URLs .............................................................................. 39 REPORTS .....................................................................................................42 Objectives ............................................................................................................................ 42 Time to Complete ................................................................................................................. 42 Exercise 1: Generating Reports ........................................................................................... 43 DIAGNOSTICS ...............................................................................................44 Objectives ............................................................................................................................ 44 Time to Complete ................................................................................................................. 44 Exercise 1: FortiGate Diagnostics ........................................................................................ 45 Exercise 2: FortiMail Diagnostics ......................................................................................... 47 Exercise 3: FortiSandbox Diagnostics .................................................................................. 49 APPENDIX A: ADDITIONAL RESOURCES ........................................................50 APPENDIX B: PRESENTATION SLIDES ...........................................................51 Module 1: Sandboxing Concepts ......................................................................................... 52 Module 2: Basic Setup ......................................................................................................... 99 Module 3: In-line deployment ............................................................................................... 144 Module 4: Sniffer Deployment .............................................................................................. 162 DO NOT REPRINT © FORTINET Module 5: Other File Submission Methods and URL Scanning ............................................ 175 Module 6: Logs and Reports ................................................................................................ 192 Module 7: Troubleshooting ................................................................................................... 226 DO NOT REPRINT © FORTINET  Virtual Lab Basics Virtual Lab Basics In this class, you will use a virtual lab for hands-on exercises. This section explains how to connect to the lab and its virtual machines. It also shows the topology of the virtual machines in the lab. Note: If your trainer asks you to use a different lab, such as devices physically located in your classroom, please ignore this section. This applies only to the virtual lab accessed through the Internet. If you do not know which lab to use, please ask your trainer. Topology Logging In 1. Run the System Checker. This will fully verify both:  compatibility with the virtual lab environment's software, and  that your computer can connect It can also diagnose problems with your Java Virtual Machine, firewall, or web proxy. FortiSandbox Student Guide 5 DO NOT REPRINT © FORTINET  Virtual Lab Basics Use the URL for your location. North America/South America: https://remotelabs.training.fortinet.com/training/syscheck/?location=NAM-West Europe/Middle East/Africa: https://remotelabs.training.fortinet.com/training/syscheck/?location=Europe Asia/Pacific: https://remotelabs.training.fortinet.com/training/syscheck/?location=APAC If a security confirmation dialog appears, click Run. If your computer successfully connects to the virtual lab, the result messages for the browser and network checks will each display a check mark icon. Continue to the next step. If a browser test fails, this will affect your ability to access the virtual lab environment. If a network test fails, this will affect the usability of the virtual lab environment. For solutions, either click the Support Knowledge Base link or ask your trainer. 2. With the user name and password from your trainer, log into the URL for the virtual lab. Either: FortiSandbox Student Guide 6 DO NOT REPRINT © FORTINET  Virtual Lab Basics https://remotelabs.training.fortinet.com/ https://virtual.mclabs.com/ 3. If prompted, select the time zone for your location, then click Update. This ensures that your class schedule is accurate. 4. Click Enter Lab. A list of virtual machines that exist in your virtual lab should appear. From this page, you can access the console of any of your virtual devices by either:  clicking on the device’s square, or FortiSandbox Student Guide 7 DO NOT REPRINT © FORTINET  Virtual Lab Basics  selecting System > Open. 5. Click Windows to open a connection to that server. A new window should open within a few seconds. (Depending on your account’s preferences, the window may be a Java applet. If this fails, you may need change browser settings to allow Java to run on this web site. You also may need to review and accept an SSL certificate.) Depending on the virtual machine, the applet provides access to either the GUI or a text-based CLI. Connections to Windows machines will use a Remote Desktop-like GUI. The applet should FortiSandbox Student Guide 8 DO NOT REPRINT © FORTINET  Virtual Lab Basics automatically log in, then display the Windows desktop. For most lab exercises, you will connect to this VM. Disconnections/Timeouts If your computer’s connection with the virtual machine times out or if you are accidentally disconnected, to regain access, return to the initial window/tab that contains your session’s list of VMs and open the VM again. If your session frequently times out or does not connect, ask your instructor. Transferring Files to the VM When using the Java applet to connect to a VM, you can drag-and-drop files from your computer to the VM. For example, if you have a FortiGate configuration file that you want to upload to your lab VM, you could create it on your computer, then drag it into the Java application window that is connected to the Windows VM. Usually the destination folder is C:\Uploads. Alternatively, if you store files in a cloud service such as Dropbox or SugarSync, you can use the web browser to download them to your VM instead. Using HTML5 Instead of Java When you open a VM, your browser may download and use a Java application to connect to the virtual lab’s VM. This means that Java must be installed, updated, and enabled in your browser. Alternatively, you can use HTML5 instead. Click the Settings button, then select Use Java Client. Click Save & Disconnect, then log in again. (To use this preference, your browser must allow cookies.) FortiSandbox Student Guide 9 DO NOT REPRINT © FORTINET  Virtual Lab Basics When connecting to a VM, your browser should then open a display in a new window or tab. Screen Resolution Some Fortinet devices' user interfaces require a minimum screen size. In the Java client, to configure the screen resolution, click the arrow at the top of the window. In the HTML 5 client, to configure screen resolution, open the System menu. International Keyboards If characters in your language don’t display correctly, keyboard mappings may not be correct. FortiSandbox Student Guide 10 DO NOT REPRINT © FORTINET  Virtual Lab Basics To solve this in the HTML 5 client, open the Keyboard menu at the top of the window. Choose to either display an on-screen keyboard, or send text from your computer to the VM's clipboard. To solve this in the Java client, copy and paste between your computer and the Java applet. This sends special characters or combinations using the keyboard icon at the top of the applet window. Troubleshooting Tips  If the HTML 5 client does not work, try the Java client instead. Remembering this preference requires that your browser allow cookies.  Do not connect to the virtual lab environment through a low-bandwidth or high-latency connection, including VPN tunnels or wireless such as 3G or Wi-Fi. For best performance, use a stable broadband connection such as a LAN.  Do not disable or block Java applets. On Mac OS X since early 2014, to improve security, Java has been disabled by default. In your browser, you must allow Java for this web site. On Windows, if the Java applet is allowed and successfully downloads, but does not appear to launch, you can open the Java console while troubleshooting. To do this, open the Control Panel, click Java, and change the Java console setting to be Show console. Network firewalls can also block Java executables. Note: JavaScript is not the same as Java.. FortiSandbox Student Guide 11 DO NOT REPRINT © FORTINET  Virtual Lab Basics  Prepare your computer's settings: o Disable screen savers o Change the power saving scheme so that your computer is always on, and does not go to sleep or hibernate  If disconnected unexpectedly uploads/Sante/ fortisandbox-student-guide-online.pdf