Define Sandbox Service elements

To use Forcepoint Advanced Malware Detection, you must create a Sandbox Service element that defines the settings for the connection to the cloud sandbox or the local sandbox.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration.
  2. Browse to Other Elements > Engine Properties > Sandbox Services.
  3. Right-click Sandbox Services, then select New Sandbox Service.
  4. In the Name field, enter a unique name.
  5. From the Data Centers drop-down list, select the data center that the engine contacts to request file reputation scans.
    To use a local sandbox, select the applicable local sandbox option from the Data Centers drop-down list.
  6. (Local Sandbox only) Enter the host name of the sandbox server in the Host Name field.
    The host name is used to automatically generate the default values in the Server URL and Portal URL fields. You can optionally change the URLs.
  7. (Local Sandbox only) Click Select next to the TLS Profile field, then select a TLS Profile element
  8. Click OK.

Next steps

Connect Secure SD-WAN to a sandbox service.

Sandbox Service Properties dialog box

Use this dialog box to define Sandbox Service elements.

Option Definition
Name A unique name for the element.
Data Centers Represents the data center that the engine contacts to request file reputation scans.
  • Automatic — Automatically selects the data center that is geographically closest.
  • EU Data Centers — Represents the EMEA data center in the European Union.
  • Forcepoint AMDP Automatic data center — Automatically selects the AMDP data center that is geographically closest.
  • Forcepoint AMDP Europe data center — Represents the AMDP data center in the European Union.
  • Forcepoint AMDP North America data center — Represents the AMDP data center in the USA.
  • US Data Centers — Represents the data center in the USA.
  • Local Sandbox – Advanced Malware Detection & Protection — Allows you to define custom settings for the Local Sandbox - Advanced Malware Detection & Protection.
  • Local Sandbox – Advanced Malware Detection — Allows you to define custom settings for the Local Sandbox - Advanced Malware Detection. — Allows you to define custom settings for the local sandbox.
Note: If the data center that the engine contacts does not match the home data center that is specified in the license, files are forwarded to the home data center for analysis and stored in the home data center. This only applies to the Cloud Sandbox - Advanced Malware Detection.
Host Name The host name of the sandbox server. The host name is used to automatically generate the default values in the Server URL and Portal URL fields.
Server URL

(Optional)

The URL of the sandbox server. The URL can contain a domain name or an IP address.

If you do not enter a URL, the default value is automatically generated based on the host name.

Portal URL

(Optional)

The URL of the portal where you can view analysis reports for files that have been analyzed by the sandbox service. The URL can contain a domain name or an IP address.

If you do not enter a URL, the default value is automatically generated based on the host name.

Note: If you change this URL, make sure that the new URL includes the [task_uuid] variable. The value of the variable is automatically resolved based on file filtering log entries. This only applies to the Cloud Sandbox - Advanced Malware Detection.
Portal Username

(Optional)

The account for which the file analysis reports are stored in the external portal. If you log on to the portal with the same portal user name, you can view the file analysis history stored for the account.
Note: This only applies to the Cloud Sandbox - Advanced Malware Detection.
API URL The URL that the SMC uses to query the sandbox service API to generate permanent links to sandbox analysis reports. We recommend that you use the default value.
API Key The API Key is used to authenticate the API calls from the engine to the local sandbox AMDP server.
Note: This is only applicable to the Local Sandbox – Advanced Malware Detection & Protection.
License Key

(Optional)

The license key for the connection to the sandbox server.

This license key is used globally for all Secure SD-WAN Engines for which Forcepoint Advanced Malware Detection is enabled. You can override this setting for individual Secure SD-WAN Engines in the Engine Editor.

If you do not enter the license key in the properties of the Sandbox Service element, you must enter the license key in the Engine Editor for each Secure SD-WAN Engine for which Forcepoint Advanced Malware Detection is enabled.

Note: The license defines the home data center where files are analyzed. Enter the key and license token for the data center that you want to use as the home data center.
CAUTION:
The license keys and license tokens allow access to confidential analysis reports. Handle the license key and license token securely.
License Token

(Optional)

The license token for the connection to the sandbox server.

This license token is used globally for all Secure SD-WAN Engines for which Forcepoint Advanced Malware Detection is enabled. You can override this setting for individual Secure SD-WAN Engines in the Engine Editor.

If you do not enter the license token in the properties of the Sandbox Service element, you must enter the license token in the Engine Editor for each Secure SD-WAN Engine for which Forcepoint Advanced Malware Detection is enabled.

TLS Profile The TLS Profile element that defines the cryptographic suite, the trusted certificate authorities, and other optional settings for the TLS connection to the sandbox service.

To select the TLS Profile, click Select.

Comment

(Optional)

A comment for your own reference.
Category

(Optional)

Includes the element in predefined categories. Click Select to select a category.