Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiMail 6.4.1 Administration Guide
    6.4.1
    7.6.1
    7.6.0
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.7
    6.2.0
    6.0.6
    6.0.4
    6.0.3
    6.0.1
    6.0.0

    Using FortiSandbox antivirus inspection

    Using FortiSandbox antivirus inspection

    The FortiSandbox appliance and FortiSandbox cloud service are used for automated sample tracking, or sandboxing. You can send suspicious email attachments to FortiSandbox for inspection when you configure antivirus profiles (see Managing antivirus profiles). If the file exhibits risky behavior, or is found to contain a virus, the result will be sent back to FortiMail and a new virus signature is created and added to the FortiGuard antivirus signature database as well.

    Note

    If email attachments are sent to FortiSandbox, and the "reject" action is configured in the action profile, the actual action will fallback to "system quarantine" if spam or viruses are detected afterward.
    To add a FortiSandbox unit
    1. Go to System > FortiSandbox > FortiSandbox.
    2. Enable the FortiSandbox Inspection and configure the following settings:

    GUI item

    Description

    FortiSandbox type

    If you use an appliance, specify the appliance’s host name or IP address; If you use the cloud service, see FortiCloud service.

    Server name/IP

    Enter the FortiSandbox host name or IP address. The port to use is 514. If you have a firewall in between FortiMail and FortiSandbox, make this port is allowed.

    Notification email

    This is the email address that FortiSandbox will use to send out notifications and reports. If you want to receive such email, enter your email address. For details, see the FortiSandbox documentation.

    Statistics interval

    Specify how long FortiMail should wait to retrieve some high level statistics from FortiSandbox. The default interval is 5 minutes. The statistics include how many malwares are detected and how many files are clean among all the files submitted.

    Scan timeout

    Specify how long FortiMail will wait to get the scan results. If you receive timeouts and want to wait longer for the results, you can increase the timeout.

    Scan result expires in

    Specify how long FortiMail will cache the results.

    File Scan Setting

    File types

    Select what types of attachment files will be uploaded to FortiSandbox for scanning.

    File patterns

    Create your own file pattern that will be uploaded to FortiSandbox, for example, *.txt.

    File size

    Specify the maximum file size to upload to FortiSandbox. You may want to limit the file size to improve performance.

    URL Scan Setting

    Enable

    Enable to scan the URLs to determine if they are malicious or phishing sites.

    Note: If you do not want to send any URLs to FortiSandbox, you can do so by adding them to the URL exempt list. For details, see Configuring the FortiGuard URL filter.

    Email selection

    Specify to scan URLs in all email or the suspicious email only. Suspicious email messages are those received during spam outbreaks.

    URL selection

    Specify to scan all URLs or the unrated URLs only. The unrated URLs are the URLs that are tagged as unrated by the FortiGuard antispam service.

    Upload URL on rating error

    Sometimes, FortiMail may not be able to get results from the FortiGuard queries (for example, ratings errors due to network connection failures). In this case, you can choose whether to upload those URLs to FortiSandbox for scanning. Choosing not to upload those URLs may help improving the FortiSandbox performance.

    Number of URLs per email

    Specify how many URLs will be scanned in one email message.

    FortiCloud service

    If you purchased the FortiCloud service, or FortiSandbox cloud service, you can use the FortiSandbox antivirus service without owning your own FortiSandbox appliances.

    To use the FortiCloud service
    1. Go to Dashboard > Status.
    2. Under License Information, click Activate besides FortiCloud.
    3. In the popup dialog box, enter the email address and password for the FortiCloud account.
    4. Click OK to log on to FortiCloud.

      5. Now the License Information should display as Paid Contract (if you use a demo unit, it displays as Trial License).

    5. Go to System > FortiSandbox > FortiSandbox and select Cloud for FortiSanbox type in the FortiSandbox Setting. Also configure other scan settings (see Using FortiSandbox antivirus inspection).
    6. After you activate FortiCloud and configure the FortiSandbox scan settings, you can access the FortiCloud web portal by going to Dashboard > Status and clicking Launch Portal besides FortiCloud under License Information.

      7. The portal allows you view the FortiMail file submission status and FortiSandbox cloud scan results.

    7. If you upgrade from older releases, a reminder will appear on the dashboard, telling you to activate FortiCloud (that is, to create an FortiCloud account) before you can access the FortiCloud portal.
    License information after upgrading from older releases

    Note

    If you are running FortiMail HA, you must activate FortiCloud service on the primary and secondary units. For active-passive HA, this is to ensure that the secondary unit can continue to use the FortiCloud service in case of HA failover. For config-only HA, this is because all the units need to access the service.

    See also

    Viewing the mailbox backup/restoration status

    Backing up and restoring the mailboxes

    Configuring mailbox backups

    Previous
    Next

    Using FortiSandbox antivirus inspection

    Using FortiSandbox antivirus inspection

    The FortiSandbox appliance and FortiSandbox cloud service are used for automated sample tracking, or sandboxing. You can send suspicious email attachments to FortiSandbox for inspection when you configure antivirus profiles (see Managing antivirus profiles). If the file exhibits risky behavior, or is found to contain a virus, the result will be sent back to FortiMail and a new virus signature is created and added to the FortiGuard antivirus signature database as well.

    Note

    If email attachments are sent to FortiSandbox, and the "reject" action is configured in the action profile, the actual action will fallback to "system quarantine" if spam or viruses are detected afterward.
    To add a FortiSandbox unit
    1. Go to System > FortiSandbox > FortiSandbox.
    2. Enable the FortiSandbox Inspection and configure the following settings:

    GUI item

    Description

    FortiSandbox type

    If you use an appliance, specify the appliance’s host name or IP address; If you use the cloud service, see FortiCloud service.

    Server name/IP

    Enter the FortiSandbox host name or IP address. The port to use is 514. If you have a firewall in between FortiMail and FortiSandbox, make this port is allowed.

    Notification email

    This is the email address that FortiSandbox will use to send out notifications and reports. If you want to receive such email, enter your email address. For details, see the FortiSandbox documentation.

    Statistics interval

    Specify how long FortiMail should wait to retrieve some high level statistics from FortiSandbox. The default interval is 5 minutes. The statistics include how many malwares are detected and how many files are clean among all the files submitted.

    Scan timeout

    Specify how long FortiMail will wait to get the scan results. If you receive timeouts and want to wait longer for the results, you can increase the timeout.

    Scan result expires in

    Specify how long FortiMail will cache the results.

    File Scan Setting

    File types

    Select what types of attachment files will be uploaded to FortiSandbox for scanning.

    File patterns

    Create your own file pattern that will be uploaded to FortiSandbox, for example, *.txt.

    File size

    Specify the maximum file size to upload to FortiSandbox. You may want to limit the file size to improve performance.

    URL Scan Setting

    Enable

    Enable to scan the URLs to determine if they are malicious or phishing sites.

    Note: If you do not want to send any URLs to FortiSandbox, you can do so by adding them to the URL exempt list. For details, see Configuring the FortiGuard URL filter.

    Email selection

    Specify to scan URLs in all email or the suspicious email only. Suspicious email messages are those received during spam outbreaks.

    URL selection

    Specify to scan all URLs or the unrated URLs only. The unrated URLs are the URLs that are tagged as unrated by the FortiGuard antispam service.

    Upload URL on rating error

    Sometimes, FortiMail may not be able to get results from the FortiGuard queries (for example, ratings errors due to network connection failures). In this case, you can choose whether to upload those URLs to FortiSandbox for scanning. Choosing not to upload those URLs may help improving the FortiSandbox performance.

    Number of URLs per email

    Specify how many URLs will be scanned in one email message.

    FortiCloud service

    If you purchased the FortiCloud service, or FortiSandbox cloud service, you can use the FortiSandbox antivirus service without owning your own FortiSandbox appliances.

    To use the FortiCloud service
    1. Go to Dashboard > Status.
    2. Under License Information, click Activate besides FortiCloud.
    3. In the popup dialog box, enter the email address and password for the FortiCloud account.
    4. Click OK to log on to FortiCloud.

      5. Now the License Information should display as Paid Contract (if you use a demo unit, it displays as Trial License).

    5. Go to System > FortiSandbox > FortiSandbox and select Cloud for FortiSanbox type in the FortiSandbox Setting. Also configure other scan settings (see Using FortiSandbox antivirus inspection).
    6. After you activate FortiCloud and configure the FortiSandbox scan settings, you can access the FortiCloud web portal by going to Dashboard > Status and clicking Launch Portal besides FortiCloud under License Information.

      7. The portal allows you view the FortiMail file submission status and FortiSandbox cloud scan results.

    7. If you upgrade from older releases, a reminder will appear on the dashboard, telling you to activate FortiCloud (that is, to create an FortiCloud account) before you can access the FortiCloud portal.
    License information after upgrading from older releases

    Note

    If you are running FortiMail HA, you must activate FortiCloud service on the primary and secondary units. For active-passive HA, this is to ensure that the secondary unit can continue to use the FortiCloud service in case of HA failover. For config-only HA, this is because all the units need to access the service.

    See also

    Viewing the mailbox backup/restoration status

    Backing up and restoring the mailboxes

    Configuring mailbox backups

    Previous
    Next