Fortinet FortiSandbox 1500G
Next Generation AI Powered Sandbox
Click here to jump to more pricing!
Overview:
FortiSandbox is a high-performance security solution that utilizes AI/machine learning technology to identify and isolate advanced threats in real-time. FortiSandbox inspects files, websites, URLs and network traffic for malicious activity, including zero-day threats, and uses sandboxing technology to analyze suspicious files in a secure virtual environment.
FortiSandbox supports multiple operating systems and file types, and provides reporting capabilities for quick threat identification and response. Suitable for organizations of any size and can be deployed on-premises, in the cloud, or as a hosted service, and integrates natively with 11 Security Fabric products and other tools to evaluate suspicious content.
10 X Effective Throughput
over traditional Sandboxes, allowing for scaling operations without impacting performance
Real-Time Verdicts
Prevent delays and unknown files from entering the network with real-time analysis and filtering
Integration at every stage
Extend zero-day threat protection to NGFWs and other major areas of your infrastructure
Accelerated Threat Investigation
Speed investigation with built-in MITRE ATT&CK® matrix to identify a variety of malware
Platform Evolution
FortiSandbox G Series
Leveraging on our previous F and E models*, FortiSandbox 1500G and 500G provide cutting edge technological advancements performance, real-time sharing of threat intelligence across multiple geographical locations, and integrating Fortinet’s Security Fabric and third party providers.
Performance Optimization
With twice the VM capacity and file processing capabilities, our G Series delivers unparalleled stability, the highest detection accuracy, and best-breed throughput, while offering flexible and cost-effective deployment solutions.
Features Summary:
FortiSandbox is the most flexible threat-analysis appliance available as it offers various deployment options for unique configurations and requirements. Organizations can choose to combine these options.
Security Fabric Integration
FortiSandbox natively integrates with FortiGate, FortiMail, FortiWeb, FortiADC, FortiProxy, FortiClient (ATP agent), Fabric-Ready Partner solutions, and via JSON API or ICAP with third party security vendors. The integration provides suspicious content submission, timely remediation, and reporting capabilities.
This integration extends to other FortiSandbox solutions allowing instantaneous sharing of real-time intelligence. This feature benefits large enterprises that deploy multiple FortiSandbox solutions in different geo-locations. This zero touch automated model is ideal for holistic protection across different borders and time zones.
Threat Mitigation
FortiSandbox uniquely integrates with various products through the Security Fabric platform that automates your breach protection strategy with an incredibly simple setup. Once malicious code is identified, FortiSandbox will return risk ratings and the local intelligence is shared in real time with Fortinet, Fabric-Ready Partners, and third-party security solutions to mitigate and immunize against new advanced threats. The local intelligence can optionally be shared with the FortiGuard Labs, to help protect organizations globally. The diagram following describes the automated mitigation process flow.
- Submit file and URL for analysis from the FortiGate, FortiMail, client or file server.
- Block suspicious file and URL inline on the device or quarantine on the client.
- Share IoCs to the FortiGate devices (optional to FortiGuard) for intelligence sharing.
MITRE ATT&CK-based Reporting and Investigative Tools
FortiSandbox provides a detailed analysis report that maps discovered malware techniques to MITRE ATT&CK framework with built-in powerful investigative tools that allows Security Operations (SecOps) teams to download captured packets, original file, tracer log, malware screenshot. STIX 2.0 compliant IOCs provide rich threat intelligence and actionable insight after files are examined (see image below).
FortiSandbox also allows SecOps teams to optionally record a video or interact with the malware in a simulated environment.
NetShare Scan
The FortiSandbox facilitates scanning of file repositories via CIFs, NFS, AWS S3 Buckets, and Azure Blob. This feature allows system admin and web hosting to sanitize any file sharing. It is the ideal option for enhancing an existing multi-vendor threat protection approach.
HA-Cluster
The FortiSandbox natively supports clustering to expand the throughput capacity of up to 99 worker nodes. The HA feature provides redundancy for uninterrupted critical operation.
Platform as a Service (PaaS)
Hosted FortiSandbox services offer the same Fortinet Security Fabric integration as FortiSandbox appliances. FortiSandbox (PaaS) can easily scale to facilitate current and future business needs without big upfront investments, offering lower operational costs. Fortinet maintains, updates, and operates the platform on your behalf.
Real Time Anti-Phishing
The FortiSandbox v4.4 provides protection against zero-day phishing. The URLs extracted from emails and embedded from documents are processed in the FortiGuard cloud. The web pages are downloaded in real-time and analyze using patented technologies to determine any phishing signs.
Features Summary
Advanced Threat Protection
- Inline blocking to detect and protect against Zero-day Malware including ransomware
- Real-time identification of Zero-day Phishing sites including spam and malware-hosted sites
- AI-powered static code analysis identifying possible threats within non-running code
- Deep learning powered VM-Less emulation of Windows executable codes (PEXBox)
- Network threat detection in sniffer mode. Identify botnet activities and network attacks, malicious URL visits
- Sandbox Community Cloud for shared analysis within the worldwide community of FortiSandbox deployments
Systems Integration Support
- File and URL submission by Security Fabric devices
- Integrated mode with FortiGate. HTTP, SMTP, POP3, IMAP, MAPI, FTP, IM, and their equivalent SSL-encrypted versions
- Integrated mode with FortiMail. SMTP, POP3, IMAP
- Integrated mode with FortiClient EMS. HTTP, FTP, SMB
- Integrated mode with FortiWeb. HTTP
- Sniffer mode. HTTP, FTP, POP3, IMAP, SMTP, SMB
- Proxy inspection via ICAP
- MTA/BCC mode via SMTP
- NetShare Scan mode via CIFs, NFS, AWS S3, and Azure Blob
- JSON API to automate the process of uploading samples and downloading actionable malware indicators to remediate
- Dynamic Threat Intelligence DB update of malicious file checksum and URL
- Remote and secured logging with FortiAnalyzer, FortiSIEM, CEF servers and syslog servers
Deployment
- File submission from integrated device(s)
- Sniffer mode deployment with TCP RST support to reset client’s connection with the suspicious server
- Network Share Scan with large file support (e.g., ISO images, network shared folders, SMB/ NFS, AWS S3, and Azure Blob)
- Proxy adapter submission with multi-tenancy support
- Port monitoring for fail-over in a cluster
- OT deployment with supported services: BACnet, HTTP, IPMI, Modbus, S7comm, SNMP, TFTP
- High-availability with Primary and Secondary nodes for redundancy
- Clustering up to 99 worker nodes for higher throughput
- Air-gapped networks support
- Aggregate interface support for increased bandwidth and redundancy
- Isolated administrative traffic from VM image traffic
Advanced Scan (Static AI Scan) Features
- Integrated with the full FortiGuard Antivirus database of heuristic and checksum signatures
- Intelligent adaptive scan profile that optimizes sandbox resources based on submissions
- Parallel scan to run multiple distinct VM types simultaneously
- Extracts URLs embedded in QR Code
- Scan URLs embedded inside document files
- Integrate option for third partyYara rules
- Cloud query for latest known Malware and clean files
- Scan URLs from submitted emails and files
- Files checksum whitelist and blacklist option
- Rating Engine Plus that leverages the latest FortiGuard ML rating
- VM scan ratio for efficient utilization of VMs
Monitoring and Report
- Configuration via GUI and CLI
- Multiple administrator accounts supporting full or view only access
- Radius authentication for administrators
- Single Sign-On via SAML
- Cluster management page for administering the HA and cluster nodes
- Centralized search page allowing administrators to build customized search conditions
- Upload any license from a single convenient page
- Self-Check widget for configurations, connectivity, and services
- VM status monitoring
- Automatic engine and signature updates
- Automatic check for new VM image availability
- System health check alerting system
- NTP via FortiGuard support
- Backup, restore, and revision of system configuration
- Consolidated CLI for troubleshooting
- Option to auto-submit suspicious files to cloud service for manual analysis and signature creation
- Option on NetShare scan mode to prioritize and forward files to a third-party scanning for further scanning
Sandboxing (Dynamic AI Scan) Support
- AI-powered behavioral analysis constantly learning new malware and ransomware techniques
- Concurrent Sandbox instances
- OS type supported: Windows 11/10/8.1/7, macOS, Linux, Android, and ICS systems
- Customizable VMs for Windows and Linux OS
- Configurable internet browser supporting Internet Explorer, Microsoft Edge, Google Chrome, and Mozilla Firefox
- Sandbox interactive mode
- Video-recording of malware interaction
- Anti-evasion detection techniques
- API Obfuscation
- Bare-metal Detection
- Command and Control
- Direct System Calls
- Execution Delay
- Memory Only Payload
- Process Hollowing/Injection
- Runtime Encryption/Packing
- System Fingerprinting
- Time Bomb
- User Files Check
- User Interaction Check
- VM/Sandbox Detection
- Callback detection. Malicious URL visit, botnet C&C communication, and attacker traffic from activated malware
- Downloadable captured packets, tracer logs, and screenshots
- User-defined extensions
- File Types Support
- Windows Executables: .bat, .cab, .cmd, .dll, .exe, .js, .msi, .ps1, .vbs, wsf
- Microsoft Office: .doc, .docm, .docx, .dot, .dotm, .dotx, .iqy, .one, .pot, .potm, .potx, .ppt, .pptm, .pptx, .ppam, .pps, .ppsm, .ppsx, .pub, .rtf, .sldm, .sldx, .xlam, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, xltx
- Document/Email files: .eml, .pdf, .rl
- Android files: .apk
- Linux files: .elf
- MacOS files: .app, .dmg, Mach-O
- Web files: .htm, html, .lnk, WEBLink
- Compress files: .7z, .ace, .arj, .bz2, .gz, .iso, .jar, .kgb, .lzh, .rar, .swf, .tar, .tgz, .upx, .xz, .z, .zip
* a real time IoC check for emerging threats (known good and bad) within the FortiGuard intelligence community
Specifications:
FSA-VM | FSA-500G | FSA-1500G | FSA-3000F | |
---|---|---|---|---|
System Information | ||||
Form | Virtual Machine | 1RU Appliance | 1RU Appliance | 2RU Appliance |
Network Interfaces | 4 | 4x GE RJ45 ports | 4x GE RJ45 ports, 2x 10 GE SFP+ slots |
4x GE RJ45 ports, 2x 10 GE SFP+ slots |
Storage Capacity | 200 GB (min) | 1x 960 GB | 2x 960 GB RAID1 | 4x 2 TB RAID-10 |
Hot Swappable | No | Yes | Yes | |
Trusted Platform Module (TPM) | Yes | Yes | No | |
Dimensions and Power | ||||
Height x Width x Length (inches) | 1.73 x 17.24 x 14.96 | 1.73 x 17.24 x 24.02 | 3.5 x 17.2 x 23.7 | |
Height x Width x Length (mm) | 44 x 438 x 380 | 44 x 438 x 610 | 88 x 438 x 601 | |
Weight | 11.42 lbs (5.18 kg) | 24.92 lbs (11.30 kg) | 44 lbs (20 kg) | |
Form Factor | 1 RU | 1 RU | 2 RU | |
Power Supplies | 1x PSU | 2x Redundant PSU (Hot-Swappable) |
2x Redundant PSU (Hot-Swappable) |
|
Power Supply (AC/DC) | 100–240V AC, 50/60 Hz | 100–240V AC, 50/60 Hz | 100–240V AC, 50/60 Hz | |
Maximum Current | 100V/6A, 240V/3A | 100V/7.5A, 240V/3.9A | 100V/10A, 240V/5A | |
Power Consumption (Average / Maximum) | 71.8 / 87.8 W | 238.1 W / 291.06 W | 418.3 W / 511.3 W | |
Heat Dissipation | 333.63 BTU/h | 1027.22 BTU/h | 1778.61 BTU/h | |
Forced Airflow | Front to Back | Front to Back | Front to Back | |
Environment | ||||
Humidity | 10%–90% non-condensing | 10%–90% non-condensing | 10%–90% non-condensing | |
Operation Temperature Range | 32–104°F (0–40°C) | 50–95°F (10– 35°C | 32–104°F (0– 40°C) | |
Storage Temperature Range | -4–158°F (-20–70°C) | -40 –158°F (-40–70°C | -40–158°F (-40–70°C) | |
Compliance | ||||
Certifications | FCC Part 15 Class A, RCM, VCCI, CE, BSMI, KC, UL/cUL, CB, GOST | |||
Additional Services | ||||
24 x 7 Support | Yes |
1 FortiSandbox pre-filtering is powered by FortiGuard Intelligence.
2 Measured based on real-world web and email traffic when both pre-filter and dynamic analysis are working consecutively.
3 Measured based on real-world email traffic when both pre-filter and dynamic analysis are working consecutively.
* 2(FSA-500F)/2(FSA-1000F)/4(FSA-2000E)/8(FSA-3000E) Windows VM licenses included with hardware, remaining are sold
as an upgrade license.
FortiGate | FortiClient | FortiMail | FortiWeb | FortiADC | FortiProxy | ||
---|---|---|---|---|---|---|---|
FSA Appliance and VM | File Submission | *FortiOS V5.0.4+ | FortiClient for Windows OS V5.4+ | FortiMail OS V5.1+ | FortiWeb OS V5.4+ | FortiADC OS V5.0+ | FortiProxy OS V1.0+ |
File Status Feedback | *FortiOS V5.0.4+ | FortiClient for Windows OS V5.4+ | FortiMail OS V5.1+ | FortiWeb OS V5.4+ | FortiADC OS V5.0+ | FortiProxy OS V1.0+ | |
File Detailed Report | *FortiOS V5.4+ | FortiClient for Windows OS V5.4+ | FortiMail OS V5.1+ | – | FortiADC OS V5.0+ | FortiProxy OS V1.0+ | |
Dynamic Threat DB Update | *FortiOS V5.4+ | FortiClient for Windows OS V5.4+ | FortiMail OS V5.3+ | FortiWeb OS V5.4+ | FortiADC OS V5.0+ | FortiProxy OS V1.0+ | |
FortiSandbox Cloud | File Submission | *FortiOS V5.2.3+ | – | FortiMail OS V5.3+ | FortiWeb OS 5.5.3+ | – | FortiProxy OS V1.0+ |
File Status Feedback | *FortiOS V5.2.3+ | – | FortiMail OS V5.3+ | FortiWeb OS 5.5.3+ | – | FortiProxy OS V1.0+ | |
File Detailed Report | *FortiOS V5.2.3+ | – | – | – | – | FortiProxy OS V1.0+ | |
Dynamic Threat DB Update | *FortiOS V5.4+ | – | FortiMail OS V5.3+ | FortiWeb OS 5.5.3+ | – | FortiProxy OS V1.0+ |
*some models may require CLI configuration
Documentation:
Download the FortiSandbox Data Sheet (PDF).
Pricing Notes:
- All prices displayed are Ex-VAT. 20% VAT is added during the checkout process.
- Hardware plus 24x7 FortiCare, FortiGuard Threat Intelligence and Custom VM Bundle (maximum allowed Custom VMs)
Hardware Unit, 24x7 FortiCare Support, Advanced Hardware Replacement (NBD), Firmware and General Upgrades (FortiSandbox engine), FortiGuard AV, IPS, Web Filtering, File Query plus subscription for maximum allowed custom sandbox VMs. Does not include Windows or MS Office licenses i.e. BYOL - Hardware plus 24x7 FortiCare, FortiGuard Threat Intelligence and Licensed VM Bundle (maximum allowed Licensed VM)
Hardware Unit, 24x7 FortiCare Support, Advanced Hardware Replacement (NBD), Firmware and General Upgrades (FortiSandbox engine), FortiGuard AV, IPS, Web Filtering, File Query plus maximum allowed Licensed Sandbox VMs including the necessary Windows and MS Office licenses - 24x7 FortiCare plus FortiGuard Threat Intelligence
24x7 FortiCare Support, Advanced Hardware Replacement (NBD), Firmware and General Upgrades (FortiSandbox engine), and FortiGuard AV, IPS, Web Filtering, File Query - 24x7 FortiCare, FortiGuard Threat Intelligence and Custom VM Bundle (maximum allowed Custom VMs)
24x7 FortiCare Support, Advanced Hardware Replacement (NBD), Firmware and General Upgrades (FortiSandbox engine), FortiGuard AV, IPS, Web Filtering, File Query plus subscription for maximum allowed custom sandbox VMs. Does not include Windows or MS Office licenses i.e. BYOL - Prices are for one year of Premium RMA support. Usual discounts can be applied.
- Annual contracts only. No multi-year SKUs are available for these services.
- Contact Fortinet Renewals team for upgrade quotations for existing FortiCare contracts.
- Pricing and product availability subject to change without notice.