Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    CLI Reference

    7.6.4
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.0
    6.0.4
    6.0.3
    6.0.1
    6.0.0

    system fortisandbox

    system fortisandbox

    A FortiSandbox unit can be used for automated sample tracking and analysis, also called sandboxing, of files that could contain zero-day exploits. You can send suspicious email attachments to FortiSandbox for inspection by selecting it in antivirus profiles. If the file exhibits risky behavior, or contains a virus, the result will be returned to FortiMail and a new virus signature is created and added to the FortiGuard Antivirus signature database.

    Syntax

    config system fortisandbox

    set status {enable | disable}

    set service-type {appliance | cloud | cloud-enhanced}

    set host <fortisandbox_fqdn>

    set region {Global | US | Europe | Japan}

    set admin-email <email_str>

    set statistics-interval <minutes_int>

    set scan-timeout <seconds_int>

    set scan-result-retention <minutes_int>

    config file-patterns

    edit <number_index>

    set pattern "<filename_pattern>"

    end

    config file-types

    edit {adobe-flash | archive | html | jar | javascript | pdf | msoffice-document | windows-executable}

    set status {enable | disable}

    end

    set max-file-size-status {enable | disable}

    set max-file-size <KB_int>

    set url-scan-category {all | default | phishing | unrated | <url-category-profile_name>}

    set url-scan-on-rating-error {enable | disable}

    set bypass-one-time-url {enable | disable}

    set max-url-per-email <limit_int>

    set scan-order {antispam-content-sandbox | antispam-sandbox-content | sandbox-antispam-content}

    end

    Variable

    Description

    Default

    <number_index>

    Enter the index number of the file pattern.

    pattern "<filename_pattern>"

    Enter a custom file type pattern, such as *.txt, that you want to submit to FortiSandbox.

    edit {adobe-flash | archive | html | jar | javascript | pdf | msoffice-document | windows-executable}

    Select a predefined attachment type.

    admin-email <email_str>

    Enter an administrator’s email address to receive reports and notifications about FortiSandbox submissions.

    bypass-one-time-url {enable | disable}

    Enable to automatically exempt common one-time URLs, such as password reset URLs, that are in the personal or business category and are a predefined or custom filter pattern from FortiSandbox submission.

    enable

    host <fortisandbox_fqdn>

    Enter the FQDN or IP address of the FortiSandbox.

    This setting is available only if service-type {appliance | cloud | cloud-enhanced} is appliance.

    max-file-size <KB_int>

    Enter the maximum size in kilobytes for files uploaded to FortiSandbox.

    1024

    max-file-size-status {enable | disable}

    Enable or disable the maximum size for files uploaded to FortiSandbox.

    disable

    max-url-per-email <limit_int>

    Maximum number of URLs per email to be scanned.

    If service-type {appliance | cloud | cloud-enhanced} is appliance, the valid range is 1-100. Otherwise the valid range is 1-12.

    3

    region {Global | US | Europe | Japan}

    Select which regional data center to connect to for FortiSandbox Cloud service.

    This setting is applies only if service-type {appliance | cloud | cloud-enhanced} is cloud.

    Global

    scan-order {antispam-content-sandbox | antispam-sandbox-content | sandbox-antispam-content}

    Select the order of scans.

    Sending files to FortiSandbox usually takes more bandwidth and thus it is better to use is as the last resort. Content scans often take more resources than antispam scans, and are not necessary if an email is spam, and thus usually should be prioritized after antispam.

    antispam-content-sandbox

    scan-result-retention <minutes_int>

    Select the TTL for the scan result cache in minutes. Valid values are from 0 to 1440 (0 disables retention).

    60

    scan-timeout <seconds_int>

    Enter how long FortiMail will wait to get the scan results. If you receive timeouts and want to wait longer for the results, you can increase the timeout. Valid values are from 6 to 360.

    30

    service-type {appliance | cloud | cloud-enhanced}

    Select to use either a FortiSandbox appliance, FortiSandbox Cloud regular service, or FortiSandbox Cloud enhanced service. The enhanced cloud service provides dedicated service for faster performance.

    appliance

    statistics-interval <minutes_int>

    Enter how frequently in minutes FortiMail will get some basic statistics from FortiSandbox. The statistics include how much malware is detected and how many files are clean. Valid values are from 0 to 30 (0 disables fetching statistics).

    5

    status {enable | disable}

    Enable or disable the usage of the FortiSandbox unit.

    disable

    status {enable | disable}

    Enable or disable submitting the file type to FortiSandbox.

    enable

    url-scan-category {all | default | phishing | unrated | <url-category-profile_name>}

    Select which URL rating category (either predefined by FortiGuard or a custom category group that you have configured) to submit to FortiSandbox.

    unrated

    url-scan-on-rating-error {enable | disable}

    Sometimes FortiGuard Web Filtering URL rating queries may fail (for example, ratings errors due to network connection failures). Enable this setting if you want FortiMail to upload those URLs to FortiSandbox as a backup method to get a rating result.

    disable

    Related topics

    profile content

    system fortiguard url-protection

    file content-disarm-reconstruct

    statistics

    system mailqueue

    Previous
    Next

    system fortisandbox

    system fortisandbox

    A FortiSandbox unit can be used for automated sample tracking and analysis, also called sandboxing, of files that could contain zero-day exploits. You can send suspicious email attachments to FortiSandbox for inspection by selecting it in antivirus profiles. If the file exhibits risky behavior, or contains a virus, the result will be returned to FortiMail and a new virus signature is created and added to the FortiGuard Antivirus signature database.

    Syntax

    config system fortisandbox

    set status {enable | disable}

    set service-type {appliance | cloud | cloud-enhanced}

    set host <fortisandbox_fqdn>

    set region {Global | US | Europe | Japan}

    set admin-email <email_str>

    set statistics-interval <minutes_int>

    set scan-timeout <seconds_int>

    set scan-result-retention <minutes_int>

    config file-patterns

    edit <number_index>

    set pattern "<filename_pattern>"

    end

    config file-types

    edit {adobe-flash | archive | html | jar | javascript | pdf | msoffice-document | windows-executable}

    set status {enable | disable}

    end

    set max-file-size-status {enable | disable}

    set max-file-size <KB_int>

    set url-scan-category {all | default | phishing | unrated | <url-category-profile_name>}

    set url-scan-on-rating-error {enable | disable}

    set bypass-one-time-url {enable | disable}

    set max-url-per-email <limit_int>

    set scan-order {antispam-content-sandbox | antispam-sandbox-content | sandbox-antispam-content}

    end

    Variable

    Description

    Default

    <number_index>

    Enter the index number of the file pattern.

    pattern "<filename_pattern>"

    Enter a custom file type pattern, such as *.txt, that you want to submit to FortiSandbox.

    edit {adobe-flash | archive | html | jar | javascript | pdf | msoffice-document | windows-executable}

    Select a predefined attachment type.

    admin-email <email_str>

    Enter an administrator’s email address to receive reports and notifications about FortiSandbox submissions.

    bypass-one-time-url {enable | disable}

    Enable to automatically exempt common one-time URLs, such as password reset URLs, that are in the personal or business category and are a predefined or custom filter pattern from FortiSandbox submission.

    enable

    host <fortisandbox_fqdn>

    Enter the FQDN or IP address of the FortiSandbox.

    This setting is available only if service-type {appliance | cloud | cloud-enhanced} is appliance.

    max-file-size <KB_int>

    Enter the maximum size in kilobytes for files uploaded to FortiSandbox.

    1024

    max-file-size-status {enable | disable}

    Enable or disable the maximum size for files uploaded to FortiSandbox.

    disable

    max-url-per-email <limit_int>

    Maximum number of URLs per email to be scanned.

    If service-type {appliance | cloud | cloud-enhanced} is appliance, the valid range is 1-100. Otherwise the valid range is 1-12.

    3

    region {Global | US | Europe | Japan}

    Select which regional data center to connect to for FortiSandbox Cloud service.

    This setting is applies only if service-type {appliance | cloud | cloud-enhanced} is cloud.

    Global

    scan-order {antispam-content-sandbox | antispam-sandbox-content | sandbox-antispam-content}

    Select the order of scans.

    Sending files to FortiSandbox usually takes more bandwidth and thus it is better to use is as the last resort. Content scans often take more resources than antispam scans, and are not necessary if an email is spam, and thus usually should be prioritized after antispam.

    antispam-content-sandbox

    scan-result-retention <minutes_int>

    Select the TTL for the scan result cache in minutes. Valid values are from 0 to 1440 (0 disables retention).

    60

    scan-timeout <seconds_int>

    Enter how long FortiMail will wait to get the scan results. If you receive timeouts and want to wait longer for the results, you can increase the timeout. Valid values are from 6 to 360.

    30

    service-type {appliance | cloud | cloud-enhanced}

    Select to use either a FortiSandbox appliance, FortiSandbox Cloud regular service, or FortiSandbox Cloud enhanced service. The enhanced cloud service provides dedicated service for faster performance.

    appliance

    statistics-interval <minutes_int>

    Enter how frequently in minutes FortiMail will get some basic statistics from FortiSandbox. The statistics include how much malware is detected and how many files are clean. Valid values are from 0 to 30 (0 disables fetching statistics).

    5

    status {enable | disable}

    Enable or disable the usage of the FortiSandbox unit.

    disable

    status {enable | disable}

    Enable or disable submitting the file type to FortiSandbox.

    enable

    url-scan-category {all | default | phishing | unrated | <url-category-profile_name>}

    Select which URL rating category (either predefined by FortiGuard or a custom category group that you have configured) to submit to FortiSandbox.

    unrated

    url-scan-on-rating-error {enable | disable}

    Sometimes FortiGuard Web Filtering URL rating queries may fail (for example, ratings errors due to network connection failures). Enable this setting if you want FortiMail to upload those URLs to FortiSandbox as a backup method to get a rating result.

    disable

    Related topics

    profile content

    system fortiguard url-protection

    file content-disarm-reconstruct

    statistics

    system mailqueue

    Previous
    Next