Define Sandbox Service elements

To use Forcepoint Advanced Malware Detection, you must create a Sandbox Service element that defines the settings for the connection to the cloud sandbox or the local sandbox.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration.
  2. Browse to Other Elements > Engine Properties > Sandbox Services.
  3. Right-click Sandbox Services, then select New Sandbox Service.
  4. In the Name field, enter a unique name.
  5. From the Data Centers drop-down list, select the data center that the firewall contacts to request file reputation scans.
    To use the local sandbox, select Custom.
  6. (Custom only) Enter the host name of the sandbox server in the Host Name field.
    The host name is used to automatically generate the default values in the Server URL and Portal URL fields. You can optionally change the URLs.
  7. (Optional) To be able to view analysis history information in the external portal, enter the account for which the file analysis reports are stored in the external portal in the Portal Username field.
  8. (Custom only) Click Select next to the TLS Profile field, then select a TLS Profile element
  9. Click OK.

Next steps

Connect Forcepoint NGFW to a sandbox service.

Sandbox Service Properties dialog box

Use this dialog box to define Sandbox Service elements.

Option Definition
Name A unique name for the element.
Data Centers Represents the data center that the firewall contacts to request file reputation scans.
  • APAC Data Centers — Represents the APAC data center in Australia.
  • Automatic — Automatically selects the data center that is geographically closest.
  • EU Data Centers — Represents the EMEA data center in the European Union.
  • US Data Centers — Represents the data center in the USA.
  • Custom — Allows you to define custom settings for the local sandbox.
Note: If the data center that the firewall contacts does not match the home data center that is specified in the license, files are forwarded to the home data center for analysis and stored in the home data center.
Host Name The host name of the sandbox server. The host name is used to automatically generate the default values in the Server URL and Portal URL fields.
Server URL

(Optional)

 The URL of the sandbox server. The URL can contain a domain name or an IP address.

If you do not enter a URL, the default value is automatically generated based on the host name.
Portal URL

(Optional)

 The URL of the portal where you can view analysis reports for files that have been analyzed by the sandbox service. The URL can contain a domain name or an IP address.

If you do not enter a URL, the default value is automatically generated based on the host name.

Note: If you change this URL, make sure that the new URL includes the [task_uuid] variable. The value of the variable is automatically resolved based on file filtering log entries.
Portal Username

(Optional)

 The account for which the file analysis reports are stored in the external portal. If you log on to the portal with the same portal user name, you can view the file analysis history stored for the account.
TLS Profile The TLS Profile element that defines the cryptographic suite, the trusted certificate authorities, and other optional settings for the TLS connection to the sandbox service.

To select the TLS Profile, click Select.
Comment

(Optional)

 A comment for your own reference.
Category

(Optional)

 Includes the element in predefined categories. Click Select to select a category.