Integrate file reputation services and sandboxes

Integrating Secure SD-WAN with file reputation services and sandboxes improves the malware detection coverage of Secure SD-WAN when you use file filtering.

Engine Editor > Add-Ons > File Reputation

Use this branch to enable file reputation services for file filtering.

Option	Definition
File Reputation Service	Select the file reputation service to use. None — Disables file reputation services. Global Threat Intelligence (GTI) — Enables the use of McAfee GTI file reputation services for file filtering.

Option	Definition
When File Reputation Service is Global Threat Intelligence (GTI)
HTTP Proxies (Optional)	When specified, requests are sent through an HTTP proxy instead of the engine accessing the external network directly. Click Add to add an element to the list, or Remove to remove the selected element. Note: You can only use one HTTP proxy for the connection to the McAfee Global Threat Intelligence file reputation service. If you select more than one HTTP proxy, the additional HTTP proxies are ignored.

Option

Definition

When File Reputation Service is Global Threat Intelligence (GTI)

HTTP Proxies

(Optional)

When specified, requests are sent through an HTTP proxy instead of the engine accessing the external network directly. Click Add to add an element to the list, or Remove to remove the selected element.

Note: You can only use one HTTP proxy for the connection to the McAfee Global Threat Intelligence file reputation service. If you select more than one HTTP proxy, the additional HTTP proxies are ignored.

Engine Editor > Add-Ons > Sandbox

Use this branch to select and configure sandbox servers for Secure SD-WAN Engines.

Option	Definition
Sandbox Type	Specifies which type of sandbox the Secure SD-WAN Engine uses for sandbox file reputation scans. None — The Secure SD-WAN Engine does not use a sandbox. Cloud Sandbox - Advanced Malware Detection & Protection — The engine uses the Advanced Malware Detection & Protection cloud service for sandbox analysis and file reputation scan. Note: This is a licensed service which requires a subscription to use. Local Sandbox - Advanced Malware Detection & Protection — The engine uses the Advanced Malware Detection & Protection cloud service for sandbox analysis and file reputation scan. Note: This is a licensed service which requires a local AMDP server to use. Cloud Sandbox - Advanced Malware Detection — The engine uses the cloud sandbox for Forcepoint Advanced Malware Detection. Local Sandbox - Advanced Malware Detection — The engine uses the local sandbox for Forcepoint Advanced Malware Detection. Note: To use the local sandbox for Forcepoint Advanced Malware Detection, you must have a Forcepoint Advanced Malware Detection appliance.

Option

Definition

Sandbox Type

Specifies which type of sandbox the Secure SD-WAN Engine uses for sandbox file reputation scans.

None — The Secure SD-WAN Engine does not use a sandbox.
Cloud Sandbox - Advanced Malware Detection & Protection — The engine uses the Advanced Malware Detection & Protection cloud service for sandbox analysis and file reputation scan.
Note: This is a licensed service which requires a subscription to use.
Local Sandbox - Advanced Malware Detection & Protection — The engine uses the Advanced Malware Detection & Protection cloud service for sandbox analysis and file reputation scan.
Note: This is a licensed service which requires a local AMDP server to use.
Cloud Sandbox - Advanced Malware Detection — The engine uses the cloud sandbox for Forcepoint Advanced Malware Detection.
Local Sandbox - Advanced Malware Detection — The engine uses the local sandbox for Forcepoint Advanced Malware Detection.
Note: To use the local sandbox for Forcepoint Advanced Malware Detection, you must have a Forcepoint Advanced Malware Detection appliance.

Option	Definition
When Sandbox Type is Cloud Sandbox - Advanced Malware Detection & Protection
Sandbox Service	Specifies the sandbox service that the engine contacts to request a file reputation with the file hash (SHA256), and if not found, sends the file for sandbox analysis. Click Select to select an element.
HTTP Proxies (Optional)	When specified, requests are sent through an HTTP proxy instead of the engine accessing the external network directly. Add — Allows you to add an HTTP Proxy to the list. Remove — Removes the selected HTTP Proxy from the list.

Option

Definition

When Sandbox Type is Cloud Sandbox - Advanced Malware Detection & Protection

Sandbox Service

Specifies the sandbox service that the engine contacts to request a file reputation with the file hash (SHA256), and if not found, sends the file for sandbox analysis. Click Select to select an element.

HTTP Proxies

(Optional)

When specified, requests are sent through an HTTP proxy instead of the engine accessing the external network directly.

Add — Allows you to add an HTTP Proxy to the list.

Remove — Removes the selected HTTP Proxy from the list.

Option	Definition
When Sandbox Type is Cloud Sandbox - Advanced Malware Detection
License Key (Optional)	The license key for the connection to the sandbox server. If you have not entered a license key in the properties of the Sandbox Service element, you must enter a license key here. If you have entered a license key in the properties of the Sandbox Service element, you can optionally enter a license key here to override the global setting. Note: The license defines the home data center where files are analyzed. Enter the key and license token for the data center that you want to use as the home data center. CAUTION: The license keys and license tokens allow access to confidential analysis reports. Handle the license key and license token securely.
License Token (Optional)	The license token for the connection to the sandbox server. If you have not entered a license token in the properties of the Sandbox Service element, you must enter a license key here. If you have entered a license token in the properties of the Sandbox Service element, you can optionally enter a license token here to override the global setting.
Sandbox Service	Specifies the sandbox service that the engine contacts to request file reputation scans. Click Select to select an element.
HTTP Proxies (Optional)	When specified, requests are sent through an HTTP proxy instead of the engine accessing the external network directly. Add — Allows you to add an HTTP Proxy to the list. Remove — Removes the selected HTTP Proxy from the list.

Option	Definition
When Sandbox Type is Local Sandbox - Advanced Malware Detection & Protection
Sandbox Service	Specifies the sandbox service that the engine contacts to request file reputation scans. Click Select to select an element.
HTTP Proxies (Optional)	When specified, requests are sent through an HTTP proxy instead of the engine accessing the external network directly. Add — Allows you to add an HTTP Proxy to the list. Remove — Removes the selected HTTP Proxy from the list.

Option

Definition

When Sandbox Type is Local Sandbox - Advanced Malware Detection & Protection

Sandbox Service

Specifies the sandbox service that the engine contacts to request file reputation scans. Click Select to select an element.

HTTP Proxies

(Optional)

When specified, requests are sent through an HTTP proxy instead of the engine accessing the external network directly.

Add — Allows you to add an HTTP Proxy to the list.

Remove — Removes the selected HTTP Proxy from the list.

Option	Definition
When Sandbox Type is Local Sandbox - Advanced Malware Detection
License Key (Optional)	The license key for the connection to the sandbox server. If you have not entered a license key in the properties of the Sandbox Service element, you must enter a license key here. If you have entered a license key in the properties of the Sandbox Service element, you can optionally enter a license key here to override the global setting.
License Token (Optional)	The license token for the connection to the sandbox server. If you have not entered a license token in the properties of the Sandbox Service element, you must enter a license key here. If you have entered a license token in the properties of the Sandbox Service element, you can optionally enter a license token here to override the global setting.
Sandbox Service	Specifies the sandbox service that the engine contacts to request file reputation scans. Click Select to select an element.
HTTP Proxies (Optional)	When specified, requests are sent through an HTTP proxy instead of the engine accessing the external network directly. Add — Allows you to add an HTTP Proxy to the list. Remove — Removes the selected HTTP Proxy from the list.