Security Orchestration Boot Camp How to get things Done. Day 1: Secure SD-WAN Day 2: Modern Application Protection Day 3:Enterprise Email Solutions By:- Hassan Mustafa Technical Consultant Ingram Micro- Pakistan Agenda Ingram Micro & Fortinet Legacy WAN Networks Fortinet Secure SD-WAN Complete End Point Security Advance Analysis & Reporting Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 2 THE GLOBAL LEADER in technology and supply chain services WITH AN EXTENSIVE ARRAY OF RESOURCES to drive market and customer growth WHILE BRINGING UNIQUE INSIGHTS that enable businesses to … Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. Realize the Promise of Technology™ Realize the Promise of Technology™ 3 Global Leader in Technology and Supply Chain Services $50B REVENUE #64 ON FORTUNE 100 200K+ CUSTOMERS & 1,700+ VENDORS SALES IN 160 COUNTRIES 500M SHIP UNITS/YEAR 52 OPERATIONS IN COUNTRIES WITH 30K+ ASSOCIATES 16.2M+ Sq. Ft. ACROSS 155 LOGISTICS CENTERS AND 44 SERVICE CENTERS 1 OUT OF 3 MOBILE DEVICES IN THE US DELIVER ITAD SERVICES TO 30 OF THE FORTUNE 100 All information as of fiscal year 2016 Why Ingram in Pakistan? 250+ Partner Pool throughout Pakistan •Service Providers / Enterprise / Public Sector / Commercial / SMB Geographical Coverage •Office in Karachi covering the country landscape •Office in North Region by 2019 (Planned) Investment in Business •Credit Facility •Programs & Promotions •Technical resources/Enabling & Upgrading Channel Dedicated Team •Dedicated Team for all BU’s (20 + team members) •Opportunity Classification •Cross Selling Compliance Registered Office •Ingram Compliance •Vendor Compliance •Tax & Regulatory Compliance •Subsidiary of Ingram Micro Inc. •Registered with tax authorities Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 5 FOUNDED 200 0 IPO 2009 $ 1B REVENUE 30%+ GROWTH HQ SUNNYVALE, CA 100+ OFFICES WORLDWIDE 4,500+ EMPLOYEES OVER MILLION 2.4DEVICES SHIPPED # 1 UNIT SHARE WORLDWIDE In Network Security (IDC) MARKET LEADING TECHNOLOGY 285,000+ CUSTOMERS Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 278 PATENTS 236 PENDING 6 Cybersecurity is expanding to become Digital Security Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 7 Modern Business & ICT Models Lack of Visibility into Cloud & P2P application for QoS - Limited to Port & Protocol with PBR Lack of Application Aware Load Balancing & Intelligent Path Aware Dynamic Failover No Centralized Zero Touch Provision & Automation among all branches High cost of MPLS Links (DPLC/IPLC) & Backhauled Internet Traffic- Branches usually don't carry security Solution Enforcement of policies & protection of remote End Points & digital assets Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. SD WAN Challenges 8 Modern World Green SaaS IoT Google’s 13 data centers use 0.01% of global power On average, companies have 10+ applications running via the Cloud 35B devices, mostly headless attaching to the network 5G Wireless SDN/NFV IaaS Analytics Software-defined everything. SD WAN Security still the No.1 inhibitor Big Data FUTURE Social 100G Bandwidth ever increasing Virtualization 80% of data center apps are virtualized Internet 2 Mobile No control of endpoints (BYOD) Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 100 Gbps and UHDTV Bandwidth Wi-Fi speeds rival LANs. 100G networks here 9 Threats (and Technologies To Counter Them) Constantly Evolve Machine to Machine Attacks Integrated Fabric Advanced Threat Protection Advanced Targeted Attacks Performance Degradation Malicious Apps Application Control IP Reputation Botnets Malicious Sites URL Filtering Spam Secure Email Gateway Intrusion & Worms Vulnerability Management Antimalware Layer 5-7: Layer 3-4: 1980s Hardware Theft Generation 2 CONTENT Intrusion Prevention Exploits Viruses & Spyware Generation 3 INFRASTRUCTURE Generation 1 CONNECTION Firewall Layer 1-2: Physical Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. Today 10 Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 11 Enhanced Protection Across the Entire Attack Surface MANAGEMENT WINDOWS SECURITY MAC METER SANDBOX ANALYTICS MOBILE PUBLIC CASB IoT PRIVATE Network SWITCH EMAIL ACCESS POINTS API’s Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. WAF 12 Benefits Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 13 Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 14 Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 15 Security Life Cycle Management - NIST CYBERSECURITY FRAMEWORK 1 Identify ie. Topology View 2 Protect ie. Access Control 3 Detect ie. IPS, AV 4 Respond ie. Mitigate 5 Recover ie. Topology View Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 16 SD-WAN Functionality Integrated with Threat Protection and SSL Inspection Security Destination Transport Management DC SaaS Internet IaaS VPN MPLS Broad band LTE ▪ Centralized Management ▪ Orchestration (Service Chaining) ▪ Zero-touch Deployment ▪ ▪ ▪ ▪ Link Load Balancing and Health Monitoring Dynamic SaaS Application Database IPSec VPN Tunneling Prioritized Business Applications (Traffic Shaping) ▪ Security Processor-powered Appliance ▪ Hybrid Appliance ▪ Virtual Machine Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 17 Single Pane of Glass with New NOC Functionality FortiManager FortiAnalyzer ▪ Unified Management & Analytics/Reporting in Appliance, Virtual Machine and Cloud format FortiGuard ▪ Management of Endpoint, Access Points and Switching added Device Manager VPN Manager FortiAP Manager FortiView FortiSwitch Manager Log View FortiClient Manager Event Management ▪ Upgrades to VPN Manager (Topology View), FortiView, Event Management and Reporting Reports Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 18 Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 19 Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 20 Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 21 FortiWeb Web Application Firewall with Dual AI-based Machine Learning Engines Acceleration and Performance Application Protection Multi-core processor technology combined with hardware-based SSL tools deliver blazing fast protected WAF throughput. Protection from the OWASP Top Ten application attacks including Cross Site Scripting and SQL Injection. AI-based Machine Learning Threat Detection Dual-layer machine learning engines are employed to detect application request anomalies and determine if they are threats Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 23 Correlated threat detection with AI-based behavioral scanning Up to 20 Gbps protected WAF throughput Enhanced protection with Fortinet Security Fabric integration Visual analytics tools for advanced threat insights Third-party integration and virtual patching FortiWeb uses application-learningbased behavioral threat detection, which enables it to minimize false positives by ensuring that only true attacks are blocked rather than every single anomaly. Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 24 FortiWeb can reduce total cost of ownership (TCO) per protected connection by as much as 30%. Highlights Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 25 FortiWAF Excels at Signature Detection Engine Analyzing Protocol Antivirus the Source Validation Engine Scalability & Performan ce Solution Integrity Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 26 Deep Integration into the Fortinet Security Fabric and ThirdParty Scanners Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 27 Features Web Security Application Delivery • AI-based Machine Learning • Automatic profiling (white list) • Web server and application signatures (black list) • IP Reputation • IP Geolocation • HTTP RFC compliance • Native support for HTTP/2 • OpenAPI 3.0 verification • WebSocket protection and signature enforcement • Man in the Brower (MiTB) protection • Layer 7 server load balancing • URL Rewriting • Content Routing • HTTPS/SSL Offloading • HTTP Compression • Caching • OWASP Top 10 • Cross Site Scripting • SQL Injection • Cross Site Request Forgery Application Attack Protection • Session Hijacking • Built-in Vulnerability Scanner • Third-party scanner integration (virtual patching) Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate withoutwith Ingram Micro's written • File upload scanning AV andexpress sandbox permission. 28 FortiWeb Web Application Firewall Ensures Compliance with PCI 6.6 FortiWeb is the only WAF that provides a Vulnerability Scanner module within the web application firewall that completes a comprehensive solution for PCI DSS requirement 6.6 allowing organizations to scan their applications, find existing vulnerabilities and protect them in real time from the same platform. The following is a list of features provided by FortiWeb to help achieve PCI 6.6 compliance: Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 29 Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 30 Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 31 End Point Security FortiAuthenticator & FortiClient Endpoint Security Gaps 44% surveyed clients noted endpoint threats bypassed their EPP solutions 2 Lack of efficacy 75% “acceptable endpoint security tools must plug into a broader security architecture rather than operate in an endpoint security vacuum.” 1 Needs a holistic approach Sources: 1. ESG Enterprise Adoption of Next-generation Endpoint Security, 2016 2. Gartner Endpoint Protection Platform Report, 2016 Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written 3. Ponemon Institute The Cost of Insecure Endpoints, 2017 permission. IT security practitioners reported that out of date or unpatched software is the most common endpoint security gap3 Unpatched vulnerabilities 33 01 02 03 04 Endpoint security market is estimated to reach 5 Billion in 2020, a compound annual growth rate (CAGR) of 4.4%1 44% companies surveyed admitted to have one or more of their endpoints compromised in the past 24 months2 “99% of the vulnerabilities exploited by the end of 2020 will continue to be ones known by security and IT professionals at the time of the incident.”3 63% of companies can not monitor off network endpoints and over half of organizations can not determine compliance for their endpoint devices4 State of the Endpoint Security Market Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 34 The Need to Reduce Security Incidents at the Endpoint DOWNTIME Threats evolve rapidly motivated by robust cybercriminal eco-system BREACHES Security disparity/lack of coordinated response with Best of Breed approach REGULATORY PENALTIES Response must be coordinated with Few staff and Many products Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. BRAND INTEGRITY 35 FortiClient Reviews: NSS Labs and Gartner Recommended NSS Labs 2017 AEP Test: Gartner EPP MQ 2018 (NEW!): Niche NSS Labs Advanced Endpoint Protection Comparative Report Security Value Map, February, 2017 Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 36 Fortinet Palo Alto Networks Cisco Checkpoint Sophos Endpoint Protection (EPP, EDR, NG AV) EPP NG AV EDR+AV EPP, EDR – Separate agents EPP Endpoint Protection integrated with Network Security P X P P-EPP agent P Endpoint Integrated Sandbox P P P P-EDR agent X Endpoint Protection integrated VPN P X X P-EPP agent X Compatible with with 3rd Party endpoint solutions P X X P X Competitive Comparison Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 37 FortiClient Leads with Fabric Integration and Security Effectiveness Our Differentiation INTEGRATION • Network (Fabric), Sandbox, Secure Access and Fabric Alliance integration EFFECTIVENESS • NSS 100% detection and prevention of blended threats (packaged exploit & executable)1 MODULAR ANDLIGHTWEIGHT • Flexible choices - Fabric, VPN, ATP, Antimalware suite $ LOW TCO • 15% lower TCO compared to average of protected agent2 Proprietary informationEndpoint of Ingram Micro Inc. — Do Test not distribute duplicate without 1 NSS Labs Advanced Protection Report,orFebruary, 2017Ingram Micro's express written 38 permission. 2 NSS Labs Advanced Endpoint Protection Comparative Report Security Value Map, February, 2017; TCO includes management and logging systems Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 3 FortiMail Complete Secure Email Gateway Advance Threat Kill Chain Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 41 Email Remains the #1 Attack Vector 49% of malware was installed via email attachment1 Notes/Sources: 1. Verizon 2018 Data Breach Report. April 2018. 2. Fortinet Threat Intelligence Newsletters, 2018. 3. FBI. IC3. 2017 Internet Crime Report. May 2018. 4. Gartner Market Guide for Secure Email Gateways, 2017. $675m 34,148 Unique malware variants in 3Q18, an average of ~380 every day of the quarter estimated cost of business email compromise, from 15,670 incidents in 2017 Advanced threats easily bypass the signature-based prevention mechanisms an SEG has traditionally used. 42 Email Security is… Shift From Reactive to Proactive Security Products and services that inspect corporate email for unwanted (spam) and malicious (phishing, malware, imposter) messages as well as inappropriate or sensitive content. FortiMail Secure Email Gateway Appliance Hosted Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 43 Virtual Machine Cloud Features provides a single solution to protect against inbound attacks – including advanced malware -as well as outbound threats and data loss with a wide range of top-rated security capabilities Antispam Antiphishing Anti-malware Sandboxing Data leakage prevention (DLP) Identity based encryption (IBE) Message archiving FortiMail Email Authentication: SPF, DKIM and DMARC Adult Image Analysis Banned Words Preventing Email Spoofing Protecting Against Email Impersonation Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 44 Antispam Techniques Greylist scanning Sender reputation DNSBL scanning Safe list word scanning SURBL scanning Banned word scanning Bayesian scanning Block/safe lists The FortiMail family of secure email appliances provide an effective barrier against the ever-rising volume of spam, maximum protection against sophisticated threats Heuristic scanning PDF scanning Image spam scanning 4 Deploys as Primary or Supplemental Filtering On-premise • • • • • Antispam Adult Image Analysis Antimalware Virus Outbreak Optional Sandboxing FortiGuard Mail Server FortiMail IoC Distribution • IPs • File Hashes FortiSandbox Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 46 A Complete Set of Security Services Enterprise ATP Bundle Base Bundle Antispam Service • Sender IP ratings • Embedded URL ratings • Content-based hashes for spam and phishing campaigns • Separate “newsletter” identifiers Antivirus Service • One-to-many signatures • Heuristic rules • Emulation • Decrypting/ Unpacking • Patented content pattern recognition language (CPRL) Outbreak Prevention FortiSandbox Cloud Content Disarm and Reconstruction • Pre-signature intelligence • FortiSandbox hosted by Fortinet • Removes high risk active content • Covers emerging spam and malware campaigns • Includes prefiltering, emulation and full instrumented analysis • Supports Microsoft Office and Adobe • Leverages new sandbox and other intelligence • Subscription-based • No separate sandbox required Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. • Can be applied by user, group or policy • Original documents can be retained and restored Click Protect • Dynamic reputation query • Determines rating at the time of user click • Identifies recently compromised sites changed shortly after campaigns are launched 47 Impersonation Analysis • Identifies spoofed email • Dynamically builds protections for common email addresses • Complements sender authentication Sophisticated Email Attacks Compromising Systems Challenges ▪ Ransomware via email can impact productivity and potentially operations ▪ Phishing can steal credentials that can lead to a larger breach ▪ Imposter-email can result in major financial losses FortiGuard Solution FortiMail Secure Email Gateway with FortiSandbox Advanced Threat Detection ▪ Advanced antimalware techniques like content disarm and impersonation analysis ▪ Ability to hold messages for sandbox rating ▪ Consistently top-rated effectiveness Benefits ▪ Block ransomware to maintain productivity ▪ Stopinformation advanced malware avoid breaches Proprietary of Ingram Micro Inc.to — Do not distribute or duplicate without Ingram Micro's express written permission. ▪ Prevent the mistaken transfer of funds 48 Increasing Spam Volumes, Declining Security Effectiveness Challenges ▪ Installed solution slows mail delivery ▪ Users receive unwanted or offensive email ▪ Known malware is reaching users FortiGuard Solution FortiMail Secure Email Gateway ▪ Multi-layer antispam technologies ▪ Powerful AV engine leveraging patented content pattern recognition language (CPRL) ▪ Consistently top-rated effectiveness Benefits ▪ Eliminates spam, starting at the connection layer ▪ Improves end user productivity ▪ Blocks known malware before delivery Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 49 Protect Office 365/Cloud-based Email Challenges ▪ Lost control of email security when moving email infrastructure to the cloud ▪ Delivered spam and viruses may increase ▪ Setting data protection policies can be complicated Solution FortiMail Cloud Secure Email Gateway with FortiSandbox Cloud ▪ Fully hosted SEG and Sandbox solution ▪ Consistently top-rated effectiveness ▪ Integrated DLP, Email Encryption and Archiving Benefits ▪ Zero-touch deployment and ongoing maintenance ▪ Shield users from unwanted and malicious email Proprietary information Ingram Micro — Do not distribute or duplicate without Ingram Micro's express written ▪ Prevent dataof theft andInc. loss permission. 50 Key Benefits of Fortinet Email Security Consolidate Email Security Components Comply with Data Privacy Regulations Improve Security Effectiveness Protect Microsoft Office 365/Cloud Email Address Ransomware, Advanced Threats Tip: Look for email security solutions that offer insight beyond the initial email attack, creating intelligence about the supporting cyber-criminal infrastructure through the attack life cycle and automatically sharing that threat intelligence across the attack surface Maintain business uptime Improve end user productivity Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. Prevent incidents and data loss 51 Why did Customer purchase this product or service? Create internal/operational efficiencies Drive innovation Cost management Improve business process outcomes Improve compliance & risk management Product functionality and performance Product roadmap and future vision Strong services expertise Overall cost Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 5 As a Result, All Form Factors Are Top Rated ICSA Labs 1Q18 ATD-Email Testing: Certified SE Labs 4Q18 Email Security Services Testing: AAA Rating Leveraging your SEG for more Proactive Security FortiSandbox Identify previously unknown threats Return file and URL ratings to FortiMail FortiMail Ratings Returned FortiGate, FortiClient, Fabric-Ready Partners Receive IoCs related to attacks starting with email Increase overall security posture HTTP Traffic Aggregate and correlate security logs from email, network, endpoint and more Provide a single, enterprise-wide view of the security posture IoCs to Block IoCs to Block Mail Server FortiAnalyzer FortiSandbox Files for Inspection FortiAnalyzer FortiClient Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. Fabric Ready Endpoint Partners 54 FortiGate Qualification Questions What would it mean for your organization and team if you could cut your Cybersecurity risk by ½? What is your most important information and what are the measures in place to protect it? 49% of installed malware was delivered by email (Verizon 2018 DBIR) One spear phishing campaign stole 31 TB of data that cost $3.4bn to procure. What measures do you have in place to address the very latest, advanced attacks? Have you moved to Microsoft Office 365 or Google G-suite? Outsourcing email infrastructure makes perfect sense, but Gartner notes that “Most multiproduct vendors in this market, distracted by other products in a broader portfolio, had allowed development of their SEGs to wane.” (Gartner 2017 SEG Market Guide.) To address Business Email Compromise? 92% of attack start with email and fortunately, you can take time to sandbox and block. (Verizon 2018 DBIR) Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 55 Competitive Comparison Fortinet Cisco ProofPoint Microsoft Barracuda Only Fortinet offers an independently tested and top rated solution for all deployment use cases Ironport goes through no independent testing and is the most common SEG we supplement or replace Proofpoint measures their own effectiveness but participates in no independent testing Exchange Online Protection is only offered as SaaS and goes through no independent testing While cheap and easy, Barracuda participates in no independent testing and is only found in medium customers Limited, disconnected components Email and network only Independently Top-rated Security Integrated Data Protection Intelligence Sharing for Proative Security Expensive extra charge Expensive extra charge Little integration, 12+ consoles Point product Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 56 FortiSandbox Fast and Effective Protection Against Advanced Threats Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 58 FortiSandbox Includes: Critical protection against advanced and emerging threats Broad integration with Fortinet and third-party security solutions to help protect an organization's dynamic attack surface Automated sharing of threat intelligence in real time to disrupt attacks early in the cycle without human intervention Flexible form factors to help support various industry requirements Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 59 Business Impact of Ransomeware Ransomware infected 30K to 50K devices monthly $850Mwas paid out to Ransomware attacks in 2016 63%of organizations experienced business-threatening downtime Ransomware is underreported. Fewer than 1 in 4 report the attack 34% of companies lost money 97% of phishing emails now deliver ransomware. The cost in system downtime and the inability to access information due to ransomware attacks equates to billions of dollars today, a number that could rise into the tens of billions as ransomware hacktivists go after IoT device Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 60 Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 61 Operation Center Threats by Topology Threats by Hosts Threats by Files Threats by Devices Event Calendar File Scan Search URL Scan Search Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 62 Integrating FortiSandbox into FortiMail Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. Connecting FortiSandbox Profile and Policy Creation Supported File Types 63 Important Tips FortiSandbox treats Port1 as reserved for device management, and Port3 be reserved for the Windows VM to communicate with the outside network. The other ports are used for file input and communication among cluster nodes. In Cluster mode, FortiSandbox uses TCP ports 2015 and 2018 for cluster internal communication. If the unit works as a Collector to receive threat information from other units, it uses TCP port 2443 When Fortinet ships FortiSandbox, the default Windows guest VM image is activated. After a RMA or new Windows VM installation, the Windows VM license will be in an unactivated state and need reactivation. Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission. 64 Thank You For any queries, please reach out to us at: pk.Ingrammicro.com hassan.mustafa@Ingrammicro.com