Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    Home FortiMail 7.2.2 CLI Reference
    7.2.2
    7.6.1
    7.6.0
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.0
    6.0.4
    6.0.3
    6.0.1
    6.0.0

    system fortisandbox

    system fortisandbox

    The FortiSandbox unit is used for automated sample tracking, or sandboxing. You can send suspicious email attachments to FortiSandbox for inspection when you configure antivirus profiles. If the file exhibits risky behavior, or is found to contain a virus, the result will be sent back to FortiMail and a new virus signature is created and added to the FortiGuard antivirus signature database. For more information about FortiSandbox, please visit Fortinet’s web site at https://www.fortinet.com.

    Syntax

    config system fortisandbox

    config file-pattern

    edit <table_value>

    set pattern <string>

    end

    config file-types

    edit {adobe-flash | archive | html | jar | javascript | pdf | msoffice-document | windows-executable}

    set status {enable | disable}

    end

    set admin-email <email_str>

    set bypass-one-time-url {enable | disable}

    set host <hostname_or_ip>

    set max-file-size <integer_value>

    set max-file-size-status {enable | disable}

    set max-uri-per-email

    set scan-mode {scan-and-wait | scan-only}

    set scan-order {antispam-content-sandbox | antispam-sandbox-content | sandbox-antispam-content}

    set scan-result-retention

    set scan-timeout

    set service-type {appliance | cloud | cloud-enhanced}

    set statistics-interval <minutes>

    set status {enable | disable}

    set uri-scan-category

    set uri-scan-email-selection

    set uri-scan-on-rating-error {enable | disable}

    end

    Variable

    Description

    Default

    file-pattern

    Enter the file patterns to upload to FortiSandbox

    <table_value>

    Enter the item number to edit.

    pattern <string>

    Enter the pattern value.

    file-types

    Enter the file types to upload to FortiSandbox for scanning.

    edit <file_types>

    Enter the desired attachment type to include in the FortiSandbox unit’s scanning.

    status {enable | disable}

    Enable or disable the selected file type from the FortiSanbox unit’s scanning.

    admin-email <email_str>

    Enter the administrator’s email address to receive reports and notifications.

    bypass-one-time-url {enable | disable}

    Enable to automatically exempt common one-time URLs, such as password reset URLs, from FortiSandbox scanning.

    enable

    host <hostname_or_ip>

    Enter the host name or IP address of the FortiSandbox.

    max-file-size <integer_value>

    Enter the maximum size in kilobytes for files uploaded to FortiSandbox.

    max-file-size-status {enable | disable}

    Enable or disable the maximum size for files uploaded to FortiSandbox.

    max-uri-per-email

    Maximum number of URIs per email to be scanned. Range between 1-12.

    3

    scan-mode {scan-and-wait | scan-only}

    scan-and-wait means to submit the suspicious email to FortiSandbox and wait for the results.

    scan-only means just to submit the suspicious email without waiting for the results.

    scan-and-wait

    scan-order {antispam-content-sandbox | antispam-sandbox-content | sandbox-antispam-content}

    Set the order of scanners. Sending files to FortiSandbox usually takes more bandwidth and thus it is better to use is as the last resort.

    antispam-content-sandbox

    scan-result-retention

    Scan result retention period in minutes (0 means no retention).

    60

    scan-timeout

    Timeout value before discarding unfinished scan tasks.

    30

    service-type {appliance | cloud | cloud-enhanced}

    Use either FortiSandbox appliance, FortiSandbox regular cloud service, or FortiSandbox enhanced cloud service.

    The enhanced cloud service provides a dedicated service for faster performance.

    appliance

    statistics-interval <minutes>

    Specify how long in minutes FortiMail should wait to retrieve some high level statistics from FortiSandbox. The statistics include how much malware is detected and how many files are clean among all the files submitted.

    Set the value between 1 to 30.

    5

    status {enable | disable}

    Either enable or disable the usage of the unit.

    disable

    uri-scan-category

    Category of the URI to be scanned:

    • Security-Risk
    • all
    • default
    • phishing
    • unrated

    unrated

    uri-scan-email-selection

    Selection of email for URI scan.

    uri-scan-on-rating-error {enable | disable}

    Sometimes, FortiMail may not be able to get results from the FortiGuard queries (for example, ratings errors due to network connection failures). In this case, you can choose whether to upload the those URIs to FortiSandbox for scanning. Choosing not to upload those URIs may help improving the FortiSandbox performance.

    disable
    Previous
    Next

    system fortisandbox

    system fortisandbox

    The FortiSandbox unit is used for automated sample tracking, or sandboxing. You can send suspicious email attachments to FortiSandbox for inspection when you configure antivirus profiles. If the file exhibits risky behavior, or is found to contain a virus, the result will be sent back to FortiMail and a new virus signature is created and added to the FortiGuard antivirus signature database. For more information about FortiSandbox, please visit Fortinet’s web site at https://www.fortinet.com.

    Syntax

    config system fortisandbox

    config file-pattern

    edit <table_value>

    set pattern <string>

    end

    config file-types

    edit {adobe-flash | archive | html | jar | javascript | pdf | msoffice-document | windows-executable}

    set status {enable | disable}

    end

    set admin-email <email_str>

    set bypass-one-time-url {enable | disable}

    set host <hostname_or_ip>

    set max-file-size <integer_value>

    set max-file-size-status {enable | disable}

    set max-uri-per-email

    set scan-mode {scan-and-wait | scan-only}

    set scan-order {antispam-content-sandbox | antispam-sandbox-content | sandbox-antispam-content}

    set scan-result-retention

    set scan-timeout

    set service-type {appliance | cloud | cloud-enhanced}

    set statistics-interval <minutes>

    set status {enable | disable}

    set uri-scan-category

    set uri-scan-email-selection

    set uri-scan-on-rating-error {enable | disable}

    end

    Variable

    Description

    Default

    file-pattern

    Enter the file patterns to upload to FortiSandbox

    <table_value>

    Enter the item number to edit.

    pattern <string>

    Enter the pattern value.

    file-types

    Enter the file types to upload to FortiSandbox for scanning.

    edit <file_types>

    Enter the desired attachment type to include in the FortiSandbox unit’s scanning.

    status {enable | disable}

    Enable or disable the selected file type from the FortiSanbox unit’s scanning.

    admin-email <email_str>

    Enter the administrator’s email address to receive reports and notifications.

    bypass-one-time-url {enable | disable}

    Enable to automatically exempt common one-time URLs, such as password reset URLs, from FortiSandbox scanning.

    enable

    host <hostname_or_ip>

    Enter the host name or IP address of the FortiSandbox.

    max-file-size <integer_value>

    Enter the maximum size in kilobytes for files uploaded to FortiSandbox.

    max-file-size-status {enable | disable}

    Enable or disable the maximum size for files uploaded to FortiSandbox.

    max-uri-per-email

    Maximum number of URIs per email to be scanned. Range between 1-12.

    3

    scan-mode {scan-and-wait | scan-only}

    scan-and-wait means to submit the suspicious email to FortiSandbox and wait for the results.

    scan-only means just to submit the suspicious email without waiting for the results.

    scan-and-wait

    scan-order {antispam-content-sandbox | antispam-sandbox-content | sandbox-antispam-content}

    Set the order of scanners. Sending files to FortiSandbox usually takes more bandwidth and thus it is better to use is as the last resort.

    antispam-content-sandbox

    scan-result-retention

    Scan result retention period in minutes (0 means no retention).

    60

    scan-timeout

    Timeout value before discarding unfinished scan tasks.

    30

    service-type {appliance | cloud | cloud-enhanced}

    Use either FortiSandbox appliance, FortiSandbox regular cloud service, or FortiSandbox enhanced cloud service.

    The enhanced cloud service provides a dedicated service for faster performance.

    appliance

    statistics-interval <minutes>

    Specify how long in minutes FortiMail should wait to retrieve some high level statistics from FortiSandbox. The statistics include how much malware is detected and how many files are clean among all the files submitted.

    Set the value between 1 to 30.

    5

    status {enable | disable}

    Either enable or disable the usage of the unit.

    disable

    uri-scan-category

    Category of the URI to be scanned:

    • Security-Risk
    • all
    • default
    • phishing
    • unrated

    unrated

    uri-scan-email-selection

    Selection of email for URI scan.

    uri-scan-on-rating-error {enable | disable}

    Sometimes, FortiMail may not be able to get results from the FortiGuard queries (for example, ratings errors due to network connection failures). In this case, you can choose whether to upload the those URIs to FortiSandbox for scanning. Choosing not to upload those URIs may help improving the FortiSandbox performance.

    disable
    Previous
    Next