Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiSandbox 3.1.0 Administration Guide
    3.1.0
    5.0.0
    4.4.6
    4.4.5
    4.4.4
    4.4.3
    4.4.2
    4.4.1
    4.4.0
    4.2.7
    4.2.6
    4.2.5
    4.2.4
    4.2.3
    4.2.2
    4.2.1
    4.2.0
    4.0.5
    4.0.4
    4.0.3
    4.0.2
    4.0.1
    4.0.0
    3.2.4
    3.2.3
    3.2.2
    3.2.1
    3.2.0
    3.1.5
    3.1.4
    3.1.3
    3.1.2
    3.1.1
    3.1.0
    3.0.7
    3.0.6

    Appendix B - FortiCloud Sandbox

    Appendix B - FortiCloud Sandbox

    In addition to physical and virtual deployments, FortiSandbox is also available as a cloud-based advanced threat protection service, integrated with FortiGate, FortiMail, and FortiWeb, called FortiCloud Sandbox. FortiCloud Sandbox requires an active FortiCloud account for use with FortiGate, FortiMail, and FortiWeb. Below, you can see a comparison of the features, deployments, and capabilities of the FortiCloud Sandboxing service compared to a physical or virtual deployment set up on-premises (FortiSandbox Appliance).

    Deployment

    Deployment options

    FortiSandbox Appliance

    FortiCloud Sandbox

    FortiGate integration

    Yes

    Yes

    FortiMail and FortiWeb integration

    Yes

    Yes

    Fabric integration (FortiClient, FortiWeb, FortiADC, FortiManager, FortiAnalyzer, FortiSIEM)

    Yes

    Multiple appliance options (500F, 1000D, 1000F, 2000E, 3000E, and FSA-VM)

    Yes

    On-site deployment (centralized or distributed)

    Yes

    Third-party products NetworkShare integration (CarbonBlack, BBC Mode, ICAP Client, API)

    Yes

    Detection

    Detection capabilities

    FortiSandbox Appliance

    FortiCloud Sandbox

    Device input (FortiGate, FortiMail, FortiWeb, FortiClient, and others)

    Yes

    Yes

    File based detection

    Yes

    Yes

    On-demand scanning - manual upload of suspicious files

    Yes

    Yes

    URL detection - host traffic to malicious sites

    Yes

    Yes*

    Adapters for third-party products

    Yes

    API input (REST API)

    Yes

    BotNet detection via sniffer

    Yes

    Network attack detection via sniffer

    Yes

    Network share input (file share scanning CIFS and NFS)

    Yes

    On-demand scanning - manual upload of URL list

    Yes

    Sniffer input via TAP or Mirror/Span port

    Yes

    URL detection - ICAP client integration

    Yes

    URL detection - REST API integration for web scanning

    Yes

    *Available with FortiCloud 3.1.x onwards.

    File type and protocol support

    Profiling, file type, and protocol support

    FortiSandbox Appliance

    FortiCloud Sandbox

    A/V and CPRL pre-filter support for all file types regardless of operating system

    Yes

    Yes

    Archived - .tar, .gz, .tar.g, .tgz, .zip, .bz2, .tar.bz2, .bz, .tar.Z, .cab, .rar, .and arj

    Yes

    Yes

    Executable - .exe, .dll, PDF, Windows Office, and Javascript

    Yes

    Yes

    FortiGate integrated - HTTP, SMTP, POP3, IMAP, MAPI, FTP, SMB, IM and SSL and encrypted equivalent

    Yes

    Yes

    Media - .avi, .mpeg, .mp3, and .mp4

    Yes

    Yes

    Share threat intelligence among distributed installations

    Yes

    Yes

    Virtual machine sandboxing

    Yes

    Yes

    FortiMail integrated - SMTP, POP3, and IMAP

    Yes

    Yes*

    Ability to fine tune the scanning environment

    Yes

    Scan user-defined file types

    Yes

    Utilize customized virtual machines

    Yes

    *FortiMail integration supported from version 5.3.x onwards.

    Alerting, reporting and monitoring

    Alerting, reporting, monitoring and logging

    FortiSandbox Appliance

    FortiCloud Sandbox

    Filter by rating (Malicious, Suspicious - Low, Medium, High Risk, Clean)

    Yes

    Yes

    On-demand summary and threat detail reporting by date range

    Yes

    Yes

    FortiAnalyzer integration

    Yes

    Yes *

    Syslog to remote log server

    Yes

    Yes *

    At-a-glance view submission by device (easily see if one site is submitting more than others)

    Yes

    Common event format to remote log server

    Yes

    Consolidated or separate views of input by device, network, sniffer, or on-demand submission

    Yes

    Detailed alerting with source, destination, protocol, file name and forensic/incident response info

    Yes

    Filtering and search capabilities - granular drill down and export to detailed report in .PDF format

    Yes

    Scheduled summary and threat detail reporting delivered via email

    Yes

    File submission summary web view

    Yes

    Limited daily canned report

    Yes

    Separate views for each device (not reportable or monitored in aggregate)

    Yes

    Summary email alerting with source, destination, protocol, and file name

    Yes

    *Available through FortiGate.

    Forensic, auditing, and third-party tools

    Forensic, auditing, and third-party tools

    FortiSandbox Appliance

    FortiCloud Sandbox

    Forensic/incident response information

    Yes

    Yes

    Source and destination IP address for tracking IOC

    Yes

    Yes

    Export suspicious files for further analysis or inspection by third-party applications

    Yes

    PCAP, TracerLog, and screen captures

    Yes

    Previous
    Next

    Appendix B - FortiCloud Sandbox

    Appendix B - FortiCloud Sandbox

    In addition to physical and virtual deployments, FortiSandbox is also available as a cloud-based advanced threat protection service, integrated with FortiGate, FortiMail, and FortiWeb, called FortiCloud Sandbox. FortiCloud Sandbox requires an active FortiCloud account for use with FortiGate, FortiMail, and FortiWeb. Below, you can see a comparison of the features, deployments, and capabilities of the FortiCloud Sandboxing service compared to a physical or virtual deployment set up on-premises (FortiSandbox Appliance).

    Deployment

    Deployment options

    FortiSandbox Appliance

    FortiCloud Sandbox

    FortiGate integration

    Yes

    Yes

    FortiMail and FortiWeb integration

    Yes

    Yes

    Fabric integration (FortiClient, FortiWeb, FortiADC, FortiManager, FortiAnalyzer, FortiSIEM)

    Yes

    Multiple appliance options (500F, 1000D, 1000F, 2000E, 3000E, and FSA-VM)

    Yes

    On-site deployment (centralized or distributed)

    Yes

    Third-party products NetworkShare integration (CarbonBlack, BBC Mode, ICAP Client, API)

    Yes

    Detection

    Detection capabilities

    FortiSandbox Appliance

    FortiCloud Sandbox

    Device input (FortiGate, FortiMail, FortiWeb, FortiClient, and others)

    Yes

    Yes

    File based detection

    Yes

    Yes

    On-demand scanning - manual upload of suspicious files

    Yes

    Yes

    URL detection - host traffic to malicious sites

    Yes

    Yes*

    Adapters for third-party products

    Yes

    API input (REST API)

    Yes

    BotNet detection via sniffer

    Yes

    Network attack detection via sniffer

    Yes

    Network share input (file share scanning CIFS and NFS)

    Yes

    On-demand scanning - manual upload of URL list

    Yes

    Sniffer input via TAP or Mirror/Span port

    Yes

    URL detection - ICAP client integration

    Yes

    URL detection - REST API integration for web scanning

    Yes

    *Available with FortiCloud 3.1.x onwards.

    File type and protocol support

    Profiling, file type, and protocol support

    FortiSandbox Appliance

    FortiCloud Sandbox

    A/V and CPRL pre-filter support for all file types regardless of operating system

    Yes

    Yes

    Archived - .tar, .gz, .tar.g, .tgz, .zip, .bz2, .tar.bz2, .bz, .tar.Z, .cab, .rar, .and arj

    Yes

    Yes

    Executable - .exe, .dll, PDF, Windows Office, and Javascript

    Yes

    Yes

    FortiGate integrated - HTTP, SMTP, POP3, IMAP, MAPI, FTP, SMB, IM and SSL and encrypted equivalent

    Yes

    Yes

    Media - .avi, .mpeg, .mp3, and .mp4

    Yes

    Yes

    Share threat intelligence among distributed installations

    Yes

    Yes

    Virtual machine sandboxing

    Yes

    Yes

    FortiMail integrated - SMTP, POP3, and IMAP

    Yes

    Yes*

    Ability to fine tune the scanning environment

    Yes

    Scan user-defined file types

    Yes

    Utilize customized virtual machines

    Yes

    *FortiMail integration supported from version 5.3.x onwards.

    Alerting, reporting and monitoring

    Alerting, reporting, monitoring and logging

    FortiSandbox Appliance

    FortiCloud Sandbox

    Filter by rating (Malicious, Suspicious - Low, Medium, High Risk, Clean)

    Yes

    Yes

    On-demand summary and threat detail reporting by date range

    Yes

    Yes

    FortiAnalyzer integration

    Yes

    Yes *

    Syslog to remote log server

    Yes

    Yes *

    At-a-glance view submission by device (easily see if one site is submitting more than others)

    Yes

    Common event format to remote log server

    Yes

    Consolidated or separate views of input by device, network, sniffer, or on-demand submission

    Yes

    Detailed alerting with source, destination, protocol, file name and forensic/incident response info

    Yes

    Filtering and search capabilities - granular drill down and export to detailed report in .PDF format

    Yes

    Scheduled summary and threat detail reporting delivered via email

    Yes

    File submission summary web view

    Yes

    Limited daily canned report

    Yes

    Separate views for each device (not reportable or monitored in aggregate)

    Yes

    Summary email alerting with source, destination, protocol, and file name

    Yes

    *Available through FortiGate.

    Forensic, auditing, and third-party tools

    Forensic, auditing, and third-party tools

    FortiSandbox Appliance

    FortiCloud Sandbox

    Forensic/incident response information

    Yes

    Yes

    Source and destination IP address for tracking IOC

    Yes

    Yes

    Export suspicious files for further analysis or inspection by third-party applications

    Yes

    PCAP, TracerLog, and screen captures

    Yes

    Previous
    Next