FortiMail Devices
You can configure FortiMail to send suspicious files, URLs, and suspicious attachments to FortiSandbox for inspection and analysis. FortiSandbox statistics for total detected and total clean are displayed in FortiMail.
If FortiMail sends protected domain information, the domain names and jobs counts from them are listed. For each protected domain, you can set a submission limitation. If protected domain information is not available, such as files from older versions of FortiMail or outgoing emails, jobs from them are grouped in the Unprotected domain name.
For information on how to configure FortiMail to send files to FortiSandbox, see the FortiMail Administration Guide in the Fortinet Document Library.
To edit FortiMail Settings in FortiSandbox:
- On your FortiSandbox device, go to Security Fabric > Device.
This page lists all devices and protected domains. Since FortiMail does not explicitly send a list of possible protected domains to FortiSandbox, FortiSandbox only knows about a domain after it receives a file or URL. Domains on this page are displayed after the first file or URL is received on that domain.
- Click the FortiMail device name to open the Edit Device Settings page.
- Edit the following settings and then click OK.
Device Status
Serial Number
Device serial number.
Hostname
FortiMail host name.
IP
Status
Status of the device.
Last Modified
Date and time the FortiMail settings were last changed.
Last Seen
Date and time the FortiMail last connected to FortiSandbox.
Permissions & Policy
Authorized
Enable to authorize the FortiMail device. If disabled, files sent from FortiMail are dropped.
New VDOMs/Domains Inherit Authorization
Enable to have new protected domains inherit the authorization setting configured at the device level.
Email Settings
Administrator Email
Email address in Notifier email in FortiMail.
Send Notifications
Enable to send notifications. When enabled, you receive email notifications when a file inside an email is detected as potential malware. The email contains a link to the scan job details page.
To receive notification emails, configure a mail server in System > Mail Server and enable Send a notification email to the Device/Domain/Vdom email list when Files/URLs with selected rating are detected. Otherwise, a warning icon is displays.
Send PDF Reports
Enable to send PDF reports of job detail.
To receive reports and define report generation frequency, configure a mail server in System > Mail Server and enable Send scheduled PDF report about an individual VDOM/Domain to its email address. Otherwise, a warning icon is displays.
To edit Domain settings:
- On your FortiSandbox device, go to Security Fabric > Device.
- Click the domain name.
- Edit the following settings and then click OK.
Upload suspicious attachments to FortiSandbox
For information on how to configure FortiMail to send files to FortiSandbox, see the FortiMail Administration Guide in Fortinet Document Library.
Device and VDOM/Domain level notifications
If you enable Send notifications in the Edit Device Settings or Edit VDOM/Domain Settings page, you receive an email every time a file from your environment is detected as potential malware.
Device and VDOM/Domain level PDF reports
If you enable Send PDF reports in Edit Device Settings or Edit VDOM/Domain Settings, you receive a PDF report by email as defined in System > Mail Server. This FortiSandbox Summary Reports PDF lists statistics of scan jobs in the time period in System > Mail Server and includes the following information:
- Scan Statistics: The number of files processed by FortiSandbox and a breakdown of files by rating.
- Scan Statistics by Type: The file type, rating, and event count.
- Scanning Activity: A table and graph listing the number of clean, suspicious, and malicious files processed by FortiSandbox per day.
- Top Targeted Hosts: The top targeted hosts.
- Top Malware Files: The top malware programs detected by FortiSandbox.
- Top Infectious URLs: The top infectious URLs detected by FortiSandbox.
- Top Callback Domains: The top callback domains detected by FortiSandbox.