Name: Fortigate Cloud Sandbox - Free? YEP!
Uploaded: 2024-05-04
Duration: 10.23
Description: Fortigate Cloud Sandbox - Free? YEP!

04.05.2024

Hey what's going on everybody. welcome back uh welcome to a uh. different video than what i normally do. so i work a lot in the nfc stuff i've. been doing some overthe-wire bandit. uh and every now and then when i find. something new and exciting on the. fortinet fortigate. product suites i decided to make a video. on it because i think other people will. find it. interesting like i do so today's. we need to start with a licensed. fortigate this won't work with the trial. machines unfortunately. i know a lot of the cool stuff can be. done with the trial licenses. this is not one of those so keep in mind. as i go through this this is a fully. licensed machine uh. not a trial so the first thing i want to. talk about real quick. is uh if you're not familiar with the. fortinet product suite. fortinet has uh sort of like their top.

Three that's the fortigate which is the. firewall. 4d manager which is your manager. appliance or vm. for a fleet of 40 gates it helps you. centrally manage all the 40 gates. then there's 40 analyzer again it's. either an appliance or it's a. virtual machine and it aggregates all. the logs from your 40 gates and your 40. managers. and both of those are here you know the. 40 manager. nothing uh real crazy without diving. into it they can do some incredible. things. fully featured very powerful devices. each in their own regards. but sometimes either due to cost the. organization can't. afford the additional licensing and and. maintenance for the 40 manager for the. analyzer. or i'm certain that this is out there. there's somebody who has a fortigate in. their home. and they just want some additional. features above and beyond that they're a.

Technologist they like to play around. with things. in this video i'm gonna show you what. the fortigate cloud management. includes what it does and what you can. do with it so that's the cool thing i. figured out this week and i wanted to. pass it along and just throw it out. there in the community and see what. comes back. so i'm going to get into that just a. minute but. let me point something out here so under. security fabric and then settings if you. notice. right now we have nothing ticked on uh. central management comes on by default i. guess i didn't turn that on. and right now we've got uh three types. and 40 cloud is selected and there's the. option to activate it. so it looks like you can activate it. here but i'm going to go back to the. dashboard here because this is probably. how most people do it. click not activated activate it you're.

Going to need an account if you don't. already have one you're going to have to. create one. put it in there and then it's it's. activating right now and it will tell. you. pretty verbose uh if you put the wrong. password in there because i'm an idiot. and i've done that a few times. so now that it's activated you can see. status is activated log retention you're. using the free license let's point that. out make it even more obvious. but if you want to get into the cool. stuff click that click launch portal. that opens this up and flies out. and once you're in here if you have any. experience with the 40 manager or the 40. analyzer. this is where it gets kind of cool you. can get in here and let's start with. management and you can see this. starts to look pretty familiar well. let's just say all admin passwords are.

Empty for those devices. management service has not been enabled. all right let's throw uh. throw some credentials in there and see. what happens. enable management configuration this. device has not been initialized in the. 48 cloud please set central management. all right so it's telling me i need to. go back here and set central management. so security fabric. settings essential management for git. cloud. it looks activated i bet you it just. hasn't sunk up yet so let's give it a. minute here. there we go so i see these status um. the cpu memory popped in there i'm. willing to bet if i try that again. it will work let's try that. sure enough there we go so i was a. little too quick on the. click on the jump there but um. if you're familiar with 40 manager this. is probably starting to look kind of. familiar. uh if you're not then this is similar to.

What you see in the 4d manager. if i was log in there and show you. now this this manager is not managing. that vm so it's not going to be. identical this is managing a physical. device. but you can see here uh roughly similar. you've got some of the same things this. is the. device level settings um so it's not. going to look. like this guy here but if i go over here. policy and objects and then take a look. you can get an idea that hey this is. starting to look kind of familiar again. firewall objects security profiles this. is all 40 manager stuff if i come over. here. we can start to see policy and objects. there's a firewall policies. there's our services there's our address. objects. all of it's starting to look pretty. familiar so this is cool if you were. you know a small organization you can't. put the bill for um.

For 40 manager you wanted some sort of. centralized way to manage a small amount. of devices this looks like. it would be a great first stop on your. way to. growing into a 40 manager if you can't. foot the bill if you can't get. management buyin whatever it is. now the same thing goes for this. analysis tab this is a lot like the. 4d analyzer you have a log view you have. event management you have reporting. it comes with a few reports now 40. analyzer comes with a ton of reports. uh it looks like you know as you would. expect this is like the freemium version. of those two suites uh or product. platform so. everything's stripped back a little bit. but it's still pretty dang cool for what. you get here. now the coolest part i thought of all. this and everyone's gonna say the. coolest part is this or that or whatever.

I'm a security engineer by trade and. background so when i seen that this. included. a 40 sandbox i was kind of curious. now there are some limitations around. this. you can configure firewall policy here. let me go back in here. let's reload that sandbox. oh yeah that's right so if you notice. here if you go to settings security. fabric. settings sandbox inspection uh. you know well what server what what do i. put in here. great question by default i don't know. why this is. there's some gui configurations that are. not available here you have to go to the. command line and turn them on. before you can use the fortigate cloud. sandbox so i'll show you that right now. so go ahead and hit that fly open there. we're going to do config sys global. then we're going to do set gui. 40 sandbox i think yeah 40 sandbox cloud.

And we're going to. tag that with enable and we're going to. end that to write it to memory and save. it. we're going to execute 40 clouds sandbox. whoa. slow down there 40 cloud sandbox region. this is specifying the region that you. want to. send your files to uh you don't want to. you know if you're in north america you. probably don't want to send them to. europe. if you're in europe you don't want to. send them to asia. we'll hit enter there we have uh europe. global in japan and us i'm gonna go. ahead and select three for the u.s. it confirms cool all right so i'm going. to close that. i'm gonna go back over here reload this. and there you go now you see we have. 40 sandbox type and we have this 40. sandbox cloud option. and here it looks like we can change our. region if we wanted to. but at this point we could go into i'm.

Not going to but we could go in here. we could make a firewall policy and in. here. we could tell it to send any suspicious. files. to the 40 sandbox cloud now the cool. part is is you don't have to do any of. that to send files. to the 40 sandbox cloud if you are. running a small team. a small security team and you've. instructed users to forward. um fishy looking emails literally you. know. fishy p h i s hy that that sort of thing. and they sometimes. include attachments and right now you're. saying well what do i do with those do i. send them to virustotal. uh what's our internal policy say what. are we allowed to do. with fortigate and the 48 cloud sandbox. you now have the ability to take those. files. and you can send them up here if you. wanted to after all those configuration. steps are done there. you can then upload and it says uh.

You're limited to 10. uploads in a 24 hour period you know. for most small security teams that's. plenty. you probably don't see that many if you. see more than 10. suspicious files that are unique and you. have to upload them in a 24hour period. you've got bigger problems so that's. kind of cool you can send something up. here you know i'll just. grab that throw it in there and let's. see. tells you it's waiting for processing. that's the other thing to keep in mind. you know it's free so you got to set. your expectations accordingly but. this is a best effort service meaning. as you send files in or as things. are are happening you're thrown into a. queue you're thrown into a line. and you're going to wait and i know the. default weight or the default timeout. for a lot of services that rely on the. sandbox for 30 minutes.

I don't know if that still exists with. these ondemand records or on demand. file submissions like this. or uh i'd have to imagine it'd have to. be the same 30minute window. with the the fortigate if it were to. send a uh. potentially malicious file up to the 48. cloud. sandbox waiting for a verdict to come. back on that file. if it does time out um then you don't. get a verdict you don't know what it was. so just keep that in mind set your. expectations accordingly. but uh you know i thought this was. pretty neat and i've been rambling for. almost 10 minutes now. and i didn't even cover half of what's. in here not even 10 of what's in here. so let me know in the comments below if. you thought this was pretty cool and you. want to see more you want to kind of. explore this and and move around and see. what you can do in this.

let me know again my name is chris ram. with infosec for humans. and if you like what i'm doing here. subscribe to my channel make sure you. hit that bell to get notified. as my videos are released. you