Fortinet black logo

Cookbook

Home FortiMail 6.4.0 Cookbook

Connecting FortiSandbox to FortiMail

6.4.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.3
6.2.0
Copy Link
Copy Doc ID 9538f879-a447-11ea-8b7d-00505692583a:88222
Download PDF

Connecting FortiSandbox to FortiMail

You may connect a physical FortiSandbox unit to the FortiMail unit, or you can purchase the FortiSandbox cloud service, allowing the use of the FortiSandbox antivirus service without owning your own FortiSandbox appliance.

Depending on your FortiCare contract, FortiSandbox cloud provides two types of services:

  • Regular cloud service: You can use one FortiCare account to register multiple FortiMail units.
  • Enhanced cloud service: You can only register one FortiMail unit with one FortiCare account to guarantee dedicated FortiSandbox service and high performance.
Note

Both FortiSandbox regular and enhanced cloud services require a valid FortiCloud license. For more information, see FortiCloud service in the FortiMail Administration Guide.
  1. On FortiMail, go to System > FortiSandbox > FortiSandbox and enable FortiSandbox Inspection.
  2. Set FortiSandbox type to either Appliance, Cloud, or Enhanced Cloud.

    3. If you are connecting to a physical FortiSandbox, or you have an enhanced cloud service subscription, set Server name/IP to the IP address or FQDN (respectively) of the FortiSandbox unit.

  3. Set Notification email to the administrator's email address to be notified of protection activity.
  4. Set Statistics interval to the duration of time in minutes the FortiMail unit should wait before retrieving high level statistics from the FortiSandbox unit.
  5. Under File Scan Settings, enable the various File types you want to submit to the FortiSandbox unit.
  6. Optionally, define any File patterns you would like to submit (for example, *.txt for any text-files), and specify the Maximum file size to upload to FortiSandbox, which may improve performance.
  7. Under URI Scan Settings, define whether All email or Suspicious email should be submitted to the FortiSandbox unit.
  8. Set URI selection to a system-defined URI filter profile from the drop-down menu, or create and assign your own. URI filter profiles use various FortiGuard categories as a filter for catching suspicious email content.
  9. Enable Upload URI on rating error to upload URIs to FortiSandbox for scanning, in cases where the FortiMail unit may not be able to retrieve FortiGuard query results due to network connection failure. Enabling this option may affect the FortiSandbox unit's performance.
  10. Set Number of URIs per email to the total number of URIs that will be scanned per email.
  11. Click Apply.

A statistics report can be viewed anytime by clicking Statistics, showing the various file types submitted, and whether they are considered clean or malicious, and high, medium, or low risk. Statistics can be viewed for This Hour, Today, or This Week.

Previous
Next

Connecting FortiSandbox to FortiMail

You may connect a physical FortiSandbox unit to the FortiMail unit, or you can purchase the FortiSandbox cloud service, allowing the use of the FortiSandbox antivirus service without owning your own FortiSandbox appliance.

Depending on your FortiCare contract, FortiSandbox cloud provides two types of services:

  • Regular cloud service: You can use one FortiCare account to register multiple FortiMail units.
  • Enhanced cloud service: You can only register one FortiMail unit with one FortiCare account to guarantee dedicated FortiSandbox service and high performance.
Note

Both FortiSandbox regular and enhanced cloud services require a valid FortiCloud license. For more information, see FortiCloud service in the FortiMail Administration Guide.
  1. On FortiMail, go to System > FortiSandbox > FortiSandbox and enable FortiSandbox Inspection.
  2. Set FortiSandbox type to either Appliance, Cloud, or Enhanced Cloud.

    3. If you are connecting to a physical FortiSandbox, or you have an enhanced cloud service subscription, set Server name/IP to the IP address or FQDN (respectively) of the FortiSandbox unit.

  3. Set Notification email to the administrator's email address to be notified of protection activity.
  4. Set Statistics interval to the duration of time in minutes the FortiMail unit should wait before retrieving high level statistics from the FortiSandbox unit.
  5. Under File Scan Settings, enable the various File types you want to submit to the FortiSandbox unit.
  6. Optionally, define any File patterns you would like to submit (for example, *.txt for any text-files), and specify the Maximum file size to upload to FortiSandbox, which may improve performance.
  7. Under URI Scan Settings, define whether All email or Suspicious email should be submitted to the FortiSandbox unit.
  8. Set URI selection to a system-defined URI filter profile from the drop-down menu, or create and assign your own. URI filter profiles use various FortiGuard categories as a filter for catching suspicious email content.
  9. Enable Upload URI on rating error to upload URIs to FortiSandbox for scanning, in cases where the FortiMail unit may not be able to retrieve FortiGuard query results due to network connection failure. Enabling this option may affect the FortiSandbox unit's performance.
  10. Set Number of URIs per email to the total number of URIs that will be scanned per email.
  11. Click Apply.

A statistics report can be viewed anytime by clicking Statistics, showing the various file types submitted, and whether they are considered clean or malicious, and high, medium, or low risk. Statistics can be viewed for This Hour, Today, or This Week.

Previous
Next