AnsweredHot!Does every Fortigate-User profit on Fortisandbox-AV-pattern?

Author
KPS
Silver Member
  • Total Posts : 91
  • Scores: 1
  • Reward points: 0
  • Joined: 2017/03/08 05:40:39
  • Status: online
2019/07/07 23:12:04 (permalink)
0

Does every Fortigate-User profit on Fortisandbox-AV-pattern?

Hi!
 
The current Fortigates offer the feature "Use FortiSandbox Database" in AV-profiles.
 
Is there any difference on that feature depending on:
- Using FortiSandbox Cloud
- Using FortiSandbox On-Prem
- Non of both?
 
 
--> Are the pattern, that are detected on any "sharing" Fortisandbox directly pushed to the Fortiguard-Updates, are there differences according to the rest of the FortiSandbox-usage?
 
Thank you for your help!
 
KPS
#1
mworlund_FTNT
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/07/24 17:06:14
  • Status: offline
Re: Does every Fortigate-User profit on Fortisandbox-AV-pattern? 2019/08/01 09:04:41 (permalink) ☼ Best Answerby KPS 2019/08/01 22:51:38
0
If you're referring to the database of samples collected from Fortisandboxes around the world then no, it is the same Fortiguard database referenced in the cloud query engine in FortiSandbox.
#2
ede_pfau
Expert Member
  • Total Posts : 6047
  • Scores: 480
  • Reward points: 0
  • Joined: 2004/03/09 01:20:18
  • Location: Heidelberg, Germany
  • Status: offline
Re: Does every Fortigate-User profit on Fortisandbox-AV-pattern? 2019/08/04 07:08:10 (permalink)
0
There are differences, of course.
(disclaimer: as far as I have understood...)
 
1- FSA Cloud
Positive results are added to the regular, worldwide FortiGuard AV database, and thus eventually distributed to your FGT. To minimize delay, enable "push updates".
 
2- FSA on premise
Positive results lead to the creation of an AV signature update which is offered immediately on your local network. Devices have to subscribe to these updates. Optionally, the updates are added to the regular, worldwide FortiGuard AV database.
 
Fortigates in your network may actively submit files to the local FSA, or just participate in the FSA updates. This way, only the main firewalls and FortiMail submit files (to conserve FSA resources) but all Fortinet devices profit from the findings.
 
3- neither FSA Cloud subscription nor on premise
You get the regular FortiGuard AV updates, i.e., the switch is not effective.

Ede

" Kernel panic: Aiee, killing interrupt handler!"
#3
emnoc
Expert Member
  • Total Posts : 5246
  • Scores: 347
  • Reward points: 0
  • Joined: 2008/03/20 13:30:33
  • Location: AUSTIN TX AREA
  • Status: offline
Re: Does every Fortigate-User profit on Fortisandbox-AV-pattern? 2019/08/04 10:54:50 (permalink)
0
I think for virus outbreak fortiguard has to validate the sample submitted b4 they are provided as a globally supplied signature.
 

PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
#4
Jump to:
© 2019 APG vNext Commercial Version 5.5