Connecting FortiSandbox to FortiMail
- On FortiMail, go to System > FortiSandbox > FortiSandbox and enable FortiSandbox Inspection.
- Set FortiSandbox type to either Appliance or Cloud. If you are connecting to a physical FortiSandbox, set Server name/IP to the FQDN or IP address of the FortiSandbox unit.
- Set Notification email to the administrator's email address to be notified of protection activity.
- Set Statistics interval to the duration of time in minutes the FortiMail unit should wait before retrieving high level statistics from the FortiSandbox unit.
- Under File Scan Settings, enable the various File types you want to submit to the FortiSandbox unit.
- Optionally, define any File patterns you would like to submit (for example,
*.txtfor any text-files), and specify the Maximum file size to upload to FortiSandbox, which may improve performance.
- Under URI Scan Settings, define whether All email or Suspicious email should be submitted to the FortiSandbox unit.
- Set URI selection to a system-defined URI filter profile from the drop-down menu, or create and assign your own. URI filter profiles use various FortiGuard categories as a filter for catching suspicious email content.
- Enable Upload URI on rating error to upload URIs to FortiSandbox for scanning, in cases where the FortiMail unit may not be able to retrieve FortiGuard query results due to network connection failure. Enabling this option may affect the FortiSandbox unit's performance.
- Set Number of URIs per email to the total number of URIs that will be scanned per email.
- Click Apply.
A statistics report can be viewed anytime by clicking Statistics, showing the various file types submitted, and whether they are considered clean or malicious, and high, medium, or low risk. Statistics can be viewed for This Hour, Today, or This Week.