Define Sandbox Service elements

To use Forcepoint Advanced Malware Detection, you must create a Sandbox Service element that defines the settings for the connection to the cloud sandbox or the local sandbox.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration.
  2. Browse to Other Elements > Engine Properties > Sandbox Services.
  3. Right-click Sandbox Services, then select New Sandbox Service.
  4. In the Name field, enter a unique name.
  5. From the Data Centers drop-down list, select the data center that the firewall contacts to request file reputation scans.
    To use the local sandbox, select Custom.
  6. (Custom only) Enter the host name of the sandbox server in the Host Name field.
    The host name is used to automatically generate the default values in the Server URL and Portal URL fields. You can optionally change the URLs.
  7. (Custom only) Click Select next to the TLS Profile field, then select a TLS Profile element
  8. Click OK.

Next steps

Connect Engine to a sandbox service.

Sandbox Service Properties dialog box

Use this dialog box to define Sandbox Service elements.

Option Definition
Name A unique name for the element.
Data Centers Represents the data center that the firewall contacts to request file reputation scans.
  • Automatic — Automatically selects the data center that is geographically closest.
  • EU Data Centers — Represents the EMEA data center in the European Union.
  • US Data Centers — Represents the data center in the USA.
  • Custom — Allows you to define custom settings for the local sandbox.
Note: If the data center that the firewall contacts does not match the home data center that is specified in the license, files are forwarded to the home data center for analysis and stored in the home data center.
Host Name The host name of the sandbox server. The host name is used to automatically generate the default values in the Server URL and Portal URL fields.
Server URL

(Optional)

The URL of the sandbox server. The URL can contain a domain name or an IP address.

If you do not enter a URL, the default value is automatically generated based on the host name.

Portal URL

(Optional)

The URL of the portal where you can view analysis reports for files that have been analyzed by the sandbox service. The URL can contain a domain name or an IP address.

If you do not enter a URL, the default value is automatically generated based on the host name.

Note: If you change this URL, make sure that the new URL includes the [task_uuid] variable. The value of the variable is automatically resolved based on file filtering log entries.
Portal Username

(Optional)

The account for which the file analysis reports are stored in the external portal. If you log on to the portal with the same portal user name, you can view the file analysis history stored for the account.
API URL The URL that the Secure SD-WAN Manager uses to query the sandbox service API to generate permanent links to sandbox analysis reports. We recommend that you use the default value.
License Key

(Optional)

The license key for the connection to the sandbox server.

This license key is used globally for all Engines for which Forcepoint Advanced Malware Detection is enabled. You can override this setting for individual Engines in the Engine Editor.

If you do not enter the license key in the properties of the Sandbox Service element, you must enter the license key in the Engine Editor for each Engine for which Forcepoint Advanced Malware Detection is enabled.

Note: The license defines the home data center where files are analyzed. Enter the key and license token for the data center that you want to use as the home data center.
CAUTION:
The license keys and license tokens allow access to confidential analysis reports. Handle the license key and license token securely.
License Token

(Optional)

The license token for the connection to the sandbox server.

This license token is used globally for all Engines for which Forcepoint Advanced Malware Detection is enabled. You can override this setting for individual Engines in the Engine Editor.

If you do not enter the license token in the properties of the Sandbox Service element, you must enter the license token in the Engine Editor for each Engine Engine for which Forcepoint Advanced Malware Detection is enabled.

TLS Profile The TLS Profile element that defines the cryptographic suite, the trusted certificate authorities, and other optional settings for the TLS connection to the sandbox service.

To select the TLS Profile, click Select.

Comment

(Optional)

A comment for your own reference.
Category

(Optional)

Includes the element in predefined categories. Click Select to select a category.