Fortinet Document Library

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

FortiMail Devices

In FortiMail version 5.2.0 or later, you can configure your FortiMail device to send suspicious files, URLs, and suspicious attachments to FortiSandbox for inspection and analysis. FortiSandbox statistics for total detected and total clean are displayed in FortiMail.

If FortiMail sends over protected domain information, those domain names and jobs counts of them are listed. For each protected domain, the user can set a submission limitation.

If protected domain information is not available, such as files from older versions of FortiMail or outgoing emails, jobs from them will be grouped in Unprotected domain name.

For more information on how to configure FortiMail to send files to FortiSandbox, please refer to the FortiMail Administration Guide available in the Fortinet Document Library.

To edit FortiMail Settings in FortiSandbox:
  1. On your FortiSandbox device, go to Scan Input > Device.

    This page lists all FortiMail devices and protected domains. Since FortiMail does not explicitly send a list of possible protected domains to FortiSandbox, FortiSandbox only knows about a domain after it receives a file or URL. Domains on this page are displayed after the first file or URL is received on that domain.

  2. Click the FortiMail device name to open the Edit Device Settings page.
  3. Edit the following settings and then click OK.

    Device Status

     

     

    Serial Number

    The device serial number.

     

    Alias

    The host name of the FortiMail unit. This is a read-only value.

     

    IP

    The IP address of the FortiMail.

     

    Status

    The status of the device, either connected or disconnected. This field cannot be edited.

     

    Last Modified

    The date and time that the FortiMail settings were last changed.

     

    Last Seen

    The date and time that the FortiMail last connected to the FortiSandbox.

    Permissions

     

     

    Authorized

    Select the checkbox to authorize the FortiMail device. If this field is not checked, files sent from the FortiMail will be dropped. The date and time that the authorization status was changed.

     

    New VDOMs/Domains Inherit Authorization

    Select the checkbox to have protected domains inherit the authorization setting configured at the device level.

    Email Settings

     

     

    Administrator Email

    The email address entered in the Notifier Email field configured on the FortiMail device. You cannot edit this field on the FortiSandbox.

     

    Send Notifications

    Select the checkbox to send notifications. When notifications are enabled, you will receive email notifications when a file inside an email has been detected as potential malware. The email will contain a link to the scan job details page.

    To receive notification emails, you must configure a mail server and enable Send a notification email to the Device/Domain/Vdom email list when Files/URLs with selected rating are detected in System > Mail Server. Otherwise, a warning icon is displayed.

     

    Send PDF Reports

    Select the checkbox to send job detail PDF reports. To receive reports and define report generation frequency, you must configure System > Mail Server page. Also, the Send scheduled PDF report about an individual VDOM/Domain to its email address in that page should be checked. Otherwise, a warning icon is displayed.

To edit Domain settings:
  1. On your FortiSandbox device, go to Scan Input > Device.

    This page lists all FortiMail devices and protected Domains.

  2. Click the domain name.
  3. Edit the following settings and then click OK.

    Device Status

     

     

    Domain/VDOM FQDN

    The protected domain name. This field cannot be edited.

     

    Alias

    The value is FortiMail Device Name: Domain name.

     

    IP

    The IP address of the FortiMail . This field cannot be edited.

     

    Status

    The status of the device, either connected or disconnected. This field cannot be edited.

     

    Files/URLs Transmitted

    The total number of files and URLs sent to the domain in the last seven days.

     

    Last Modified

    The date and time that the authorization status was changed. This field cannot be edited.

     

    Last Seen

    The date and time that last file/URL sent to this domain

    Permissions and Policy

     

     

    Authorized

    Select the checkbox to authorize the FortiMail domain.

     

    Submission Limitation

    Limit the FortiMail submission speed regarding to a protected domain. Specify the number of submissions per Hour, Day, or Unlimited. When limitation is reached, FSA will reject files and URLs to this domain.

    Note: This feature is only working for new version FortiMail who can send over domain information.

    Email Settings

    If this field is checked, when submission limitation is reached, an alert email will be sent to domain email address.

     

    Email

    Enter the Administrator Email address for the domain, separated by a comma.

     

    Send Notifications

    Select checkbox to send notifications when viruses or malware to this domain is detected.

    To receive notification emails, you must configure a mail server and enable Send a notification email to the Device/Domain/Vdom email list when Files/URLs with selected rating are detected in System > Mail Server. Otherwise, a warning icon is displayed.

     

    Send Reports

    Select checkbox to send PDF reports of jobs. To receive reports and define report generation frequency, you must configure the System > Mail Server page. Also the Send scheduled PDF report about an individual VDOM/Domain to its email address in that page should be enabled. Otherwise, a warning icon is displayed.

     

    Send Reach Limit Alert Email

    When checked, an alert email is sent to the domain email address when limitation is reached.

Upload suspicious attachments to FortiSandbox

For information on how to configure FortiMail to send files to FortiSandbox, see the FortiMail Administration Guide in Fortinet Document Library.

Device and VDOM/Domain level notifications

When enabling Send notifications in the Edit Device Settings or Edit VDOM/Domain Settings page, you receive an email every time a file from your environment is detected as potential malware.

Device and VDOM/Domain level PDF reports

When enabling Send PDF reports in Edit Device Settings or Edit VDOM/Domain Settings, you receive a PDF report by email as defined in System > Mail Server. This FortiSandbox Summary Reports PDF lists statistics of scan jobs in the defined time period in System > Mail Server and includes the following information:

  • Scanning Statistics: A table listing the number of files processed by FortiSandbox and a breakdown of files by rating.
  • Scanning Statistics by Type: A table listing the file type, rating and event count.
  • Scanning Activity: A table and graph listing the number of clean, suspicious, and malicious files processed by FortiSandbox per day.
  • Top Targeted Hosts: A list of the top targeted hosts.
  • Top Malware Files: A list of the top malware programs detected by FortiSandbox.
  • Top Infectious URLs: A list of the top infectious URLs detected by FortiSandbox.
  • Top Callback Domains: A list of the top call back domains detected by FortiSandbox.

FortiMail Devices

In FortiMail version 5.2.0 or later, you can configure your FortiMail device to send suspicious files, URLs, and suspicious attachments to FortiSandbox for inspection and analysis. FortiSandbox statistics for total detected and total clean are displayed in FortiMail.

If FortiMail sends over protected domain information, those domain names and jobs counts of them are listed. For each protected domain, the user can set a submission limitation.

If protected domain information is not available, such as files from older versions of FortiMail or outgoing emails, jobs from them will be grouped in Unprotected domain name.

For more information on how to configure FortiMail to send files to FortiSandbox, please refer to the FortiMail Administration Guide available in the Fortinet Document Library.

To edit FortiMail Settings in FortiSandbox:
  1. On your FortiSandbox device, go to Scan Input > Device.

    This page lists all FortiMail devices and protected domains. Since FortiMail does not explicitly send a list of possible protected domains to FortiSandbox, FortiSandbox only knows about a domain after it receives a file or URL. Domains on this page are displayed after the first file or URL is received on that domain.

  2. Click the FortiMail device name to open the Edit Device Settings page.
  3. Edit the following settings and then click OK.

    Device Status

     

     

    Serial Number

    The device serial number.

     

    Alias

    The host name of the FortiMail unit. This is a read-only value.

     

    IP

    The IP address of the FortiMail.

     

    Status

    The status of the device, either connected or disconnected. This field cannot be edited.

     

    Last Modified

    The date and time that the FortiMail settings were last changed.

     

    Last Seen

    The date and time that the FortiMail last connected to the FortiSandbox.

    Permissions

     

     

    Authorized

    Select the checkbox to authorize the FortiMail device. If this field is not checked, files sent from the FortiMail will be dropped. The date and time that the authorization status was changed.

     

    New VDOMs/Domains Inherit Authorization

    Select the checkbox to have protected domains inherit the authorization setting configured at the device level.

    Email Settings

     

     

    Administrator Email

    The email address entered in the Notifier Email field configured on the FortiMail device. You cannot edit this field on the FortiSandbox.

     

    Send Notifications

    Select the checkbox to send notifications. When notifications are enabled, you will receive email notifications when a file inside an email has been detected as potential malware. The email will contain a link to the scan job details page.

    To receive notification emails, you must configure a mail server and enable Send a notification email to the Device/Domain/Vdom email list when Files/URLs with selected rating are detected in System > Mail Server. Otherwise, a warning icon is displayed.

     

    Send PDF Reports

    Select the checkbox to send job detail PDF reports. To receive reports and define report generation frequency, you must configure System > Mail Server page. Also, the Send scheduled PDF report about an individual VDOM/Domain to its email address in that page should be checked. Otherwise, a warning icon is displayed.

To edit Domain settings:
  1. On your FortiSandbox device, go to Scan Input > Device.

    This page lists all FortiMail devices and protected Domains.

  2. Click the domain name.
  3. Edit the following settings and then click OK.

    Device Status

     

     

    Domain/VDOM FQDN

    The protected domain name. This field cannot be edited.

     

    Alias

    The value is FortiMail Device Name: Domain name.

     

    IP

    The IP address of the FortiMail . This field cannot be edited.

     

    Status

    The status of the device, either connected or disconnected. This field cannot be edited.

     

    Files/URLs Transmitted

    The total number of files and URLs sent to the domain in the last seven days.

     

    Last Modified

    The date and time that the authorization status was changed. This field cannot be edited.

     

    Last Seen

    The date and time that last file/URL sent to this domain

    Permissions and Policy

     

     

    Authorized

    Select the checkbox to authorize the FortiMail domain.

     

    Submission Limitation

    Limit the FortiMail submission speed regarding to a protected domain. Specify the number of submissions per Hour, Day, or Unlimited. When limitation is reached, FSA will reject files and URLs to this domain.

    Note: This feature is only working for new version FortiMail who can send over domain information.

    Email Settings

    If this field is checked, when submission limitation is reached, an alert email will be sent to domain email address.

     

    Email

    Enter the Administrator Email address for the domain, separated by a comma.

     

    Send Notifications

    Select checkbox to send notifications when viruses or malware to this domain is detected.

    To receive notification emails, you must configure a mail server and enable Send a notification email to the Device/Domain/Vdom email list when Files/URLs with selected rating are detected in System > Mail Server. Otherwise, a warning icon is displayed.

     

    Send Reports

    Select checkbox to send PDF reports of jobs. To receive reports and define report generation frequency, you must configure the System > Mail Server page. Also the Send scheduled PDF report about an individual VDOM/Domain to its email address in that page should be enabled. Otherwise, a warning icon is displayed.

     

    Send Reach Limit Alert Email

    When checked, an alert email is sent to the domain email address when limitation is reached.

Upload suspicious attachments to FortiSandbox

For information on how to configure FortiMail to send files to FortiSandbox, see the FortiMail Administration Guide in Fortinet Document Library.

Device and VDOM/Domain level notifications

When enabling Send notifications in the Edit Device Settings or Edit VDOM/Domain Settings page, you receive an email every time a file from your environment is detected as potential malware.

Device and VDOM/Domain level PDF reports

When enabling Send PDF reports in Edit Device Settings or Edit VDOM/Domain Settings, you receive a PDF report by email as defined in System > Mail Server. This FortiSandbox Summary Reports PDF lists statistics of scan jobs in the defined time period in System > Mail Server and includes the following information:

  • Scanning Statistics: A table listing the number of files processed by FortiSandbox and a breakdown of files by rating.
  • Scanning Statistics by Type: A table listing the file type, rating and event count.
  • Scanning Activity: A table and graph listing the number of clean, suspicious, and malicious files processed by FortiSandbox per day.
  • Top Targeted Hosts: A list of the top targeted hosts.
  • Top Malware Files: A list of the top malware programs detected by FortiSandbox.
  • Top Infectious URLs: A list of the top infectious URLs detected by FortiSandbox.
  • Top Callback Domains: A list of the top call back domains detected by FortiSandbox.