Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

System commands

Command

Description

reboot

Reboot the FortiSandbox. All sessions will be terminated. The unit goes offline and there is a delay while it restarts.

config-reset

Reset the FortiSandbox configuration to factory default settings. Job data is kept.

For installed VM images, their clone numbers and Scan Profile settings are set back to default.

factory-reset

Reset the FortiSandbox configuration to factory default settings. All data is deleted.

For installed VM images, only Default VMs are kept and their clone number and Scan Profile settings are set back to default.

shutdown

Shutdown the FortiSandbox.

status

Display the FortiSandbox firmware version, serial number, system time, disk usage, disk inode usage, image status check, Microsoft Windows VM status, VM network access configuration, and RAID information.

sandbox-engines

Display FortiSandbox FortiGuard component versions including the Tracer Engine, Rating Engine, Traffic Sniffer, Botnet Signature Database, IPS Signature Database, and Android engine versions.

vm-license

List embedded Windows Product key information.

vm-status

Show VM system status and their license situation.

If there is an issue with a VM, an error message displays information to help troubleshoot the problem.

vm-reset

Activate and initialize a VM image again, in case it is necessary to rebuild a VM image.

Optionally, specify a VM name with -n <VM name>, or all VMs are reset.

fw-upgrade

Upgrade or re-install the FortiSandbox firmware via Secure Copy (SCP) or File Transfer Protocol (FTP) server.

For details, see fw-upgrade.

reset-widgets

Reset the GUI widgets.

cleandb

Clean up the internal database and job information. This command erases all stored data and reboots the device.

This command only works on devices that are in standalone mode.

log-purge

Delete all system logs.

pending-jobs

Show the status of or delete pending jobs.

For details, see pending-jobs.

device-authorization

Configure new client device authorization .

For details, see device-authorization.

iptables

Enable/disable IP tables.

For details, see iptables.

usg-license

Convert the unit to be USG licensed.

For details, see usg-license.

hc-settings

Configure the unit as a HA-Cluster mode unit.

For details, see hc-settings.

hc-status

List the status of HA-Cluster units.

hc-worker

Add/update/remove a worker unit to/from an HA-Cluster. This command can only be run on a worker unit.

hc-primary

Enable/disable the malware detection features on the primary unit.

Use -s<percent> to turn on file scan and set the percentage of the scanning capacity to be used. If no number is entered, 50% will be used.

restore-sysconf

Restore system configuration from remote server.

For details, see restore-sysconf.

backup-sysconf

Upload system configuration backup to remote server.

For details, see backup-sysconf.

resize-hd

After changing the virtual hard disk size on the hypervisor, execute this command to make the change recognizable to the firmware.

This command is only available for FSA_VM-Base and FSAVM00 models.

confirm-id

Set confirm ID for Microsoft Windows or Office activation.

For details, see confirm-id.

vm-customized

Install customized VM.

For details, see vm-customized.

sandboxing-cache

Enable/disable sandboxing result check.

For details, see sandboxing-cache.

sandboxing-prefilter

Enable/disable sandboxing prefilter for file types.

For details, see sandboxing-prefilter.

sandboxing-embeddedurl

Enable/disable sandboxing embedded urls in PDF or OFFICE documents.

For details, see sandboxing-embeddedurl.

sandboxing-rse

Enable/disable/view Rating Service Endpoint API.

For details, see sandboxing-rse.

sandboxing-adaptive

Enable/disable adaptive scan.

For details, see sandboxing-adaptive.

sandboxing-parallel

Enable/disable parallel scan.

For details, see sandboxing-parallel.

sandboxing-ratio

Set VM scan ratio.

For details, see sandboxing-ratio.

sandboxing-pexbox

Turn the PE emulator on or off.

For details, see sandboxing-pexbox.

filesize-limit

Set the maximum single file size and the maximum child file size to scan.

For details, see filesize-limit.

remote-auth-timeout

Set the timeout for remote authentication.

For details, see remote-auth-timeout.

log-dropped

Enable/disable the log file drop event.

For details, see log-dropped.

vm-internet

Allow Virtual Machines to access external network through outgoing port3 and set gateway for port3.

For details, see vm-internet.

cm-status

List the status of units joining the Global Threat Information Network.

fsck-storage

Check the file system on the hard disk and repair it if it's not clean. System reboots immediately.

raid-rebuild

Rebuild raid after a new HD replaces a bad one. This option is only available on hardware models.

For details, see raid-rebuild.

reset-sandbox-engine

Reset the tracer/rating engine back to firmware default.

For details, see reset-sandbox-engine.

set-maintainer

Enable/disable the maintainer account.

For details, see set-maintainer.

set-tlsver

Set the allowed TLS version for HTTPS service.

For details, see set-tlsver.

fortimail-expired

Enable/disable expired timeout option for FortiMail files.

For details, see fortimail-expired.

oftpd-con-mode

Enable/disable conserve mode of OFTPD.

For details, see oftpd-con-mode.

device-lenc

Enable/disable OFTPD supporting FortiGate-LENC devices.

For details, see device-lenc.

upload-settings

Configure data upload settings to community cloud.

For details, see upload-settings.

ai-mode

Enable/disable using AI logic to do job's behavior analysis.

For details, see ai-mode.

set-cfg-backup-key

Set your own passphrase that openSSL uses to encrypt or decrypt a configuration backup file.

prescan-config

Configure support for large files of up to 10GB in VM.

For details, see prescan-config.

reset-scan-profile

Reset the scan flow settings to firmware default values.

System commands

Command

Description

reboot

Reboot the FortiSandbox. All sessions will be terminated. The unit goes offline and there is a delay while it restarts.

config-reset

Reset the FortiSandbox configuration to factory default settings. Job data is kept.

For installed VM images, their clone numbers and Scan Profile settings are set back to default.

factory-reset

Reset the FortiSandbox configuration to factory default settings. All data is deleted.

For installed VM images, only Default VMs are kept and their clone number and Scan Profile settings are set back to default.

shutdown

Shutdown the FortiSandbox.

status

Display the FortiSandbox firmware version, serial number, system time, disk usage, disk inode usage, image status check, Microsoft Windows VM status, VM network access configuration, and RAID information.

sandbox-engines

Display FortiSandbox FortiGuard component versions including the Tracer Engine, Rating Engine, Traffic Sniffer, Botnet Signature Database, IPS Signature Database, and Android engine versions.

vm-license

List embedded Windows Product key information.

vm-status

Show VM system status and their license situation.

If there is an issue with a VM, an error message displays information to help troubleshoot the problem.

vm-reset

Activate and initialize a VM image again, in case it is necessary to rebuild a VM image.

Optionally, specify a VM name with -n <VM name>, or all VMs are reset.

fw-upgrade

Upgrade or re-install the FortiSandbox firmware via Secure Copy (SCP) or File Transfer Protocol (FTP) server.

For details, see fw-upgrade.

reset-widgets

Reset the GUI widgets.

cleandb

Clean up the internal database and job information. This command erases all stored data and reboots the device.

This command only works on devices that are in standalone mode.

log-purge

Delete all system logs.

pending-jobs

Show the status of or delete pending jobs.

For details, see pending-jobs.

device-authorization

Configure new client device authorization .

For details, see device-authorization.

iptables

Enable/disable IP tables.

For details, see iptables.

usg-license

Convert the unit to be USG licensed.

For details, see usg-license.

hc-settings

Configure the unit as a HA-Cluster mode unit.

For details, see hc-settings.

hc-status

List the status of HA-Cluster units.

hc-worker

Add/update/remove a worker unit to/from an HA-Cluster. This command can only be run on a worker unit.

hc-primary

Enable/disable the malware detection features on the primary unit.

Use -s<percent> to turn on file scan and set the percentage of the scanning capacity to be used. If no number is entered, 50% will be used.

restore-sysconf

Restore system configuration from remote server.

For details, see restore-sysconf.

backup-sysconf

Upload system configuration backup to remote server.

For details, see backup-sysconf.

resize-hd

After changing the virtual hard disk size on the hypervisor, execute this command to make the change recognizable to the firmware.

This command is only available for FSA_VM-Base and FSAVM00 models.

confirm-id

Set confirm ID for Microsoft Windows or Office activation.

For details, see confirm-id.

vm-customized

Install customized VM.

For details, see vm-customized.

sandboxing-cache

Enable/disable sandboxing result check.

For details, see sandboxing-cache.

sandboxing-prefilter

Enable/disable sandboxing prefilter for file types.

For details, see sandboxing-prefilter.

sandboxing-embeddedurl

Enable/disable sandboxing embedded urls in PDF or OFFICE documents.

For details, see sandboxing-embeddedurl.

sandboxing-rse

Enable/disable/view Rating Service Endpoint API.

For details, see sandboxing-rse.

sandboxing-adaptive

Enable/disable adaptive scan.

For details, see sandboxing-adaptive.

sandboxing-parallel

Enable/disable parallel scan.

For details, see sandboxing-parallel.

sandboxing-ratio

Set VM scan ratio.

For details, see sandboxing-ratio.

sandboxing-pexbox

Turn the PE emulator on or off.

For details, see sandboxing-pexbox.

filesize-limit

Set the maximum single file size and the maximum child file size to scan.

For details, see filesize-limit.

remote-auth-timeout

Set the timeout for remote authentication.

For details, see remote-auth-timeout.

log-dropped

Enable/disable the log file drop event.

For details, see log-dropped.

vm-internet

Allow Virtual Machines to access external network through outgoing port3 and set gateway for port3.

For details, see vm-internet.

cm-status

List the status of units joining the Global Threat Information Network.

fsck-storage

Check the file system on the hard disk and repair it if it's not clean. System reboots immediately.

raid-rebuild

Rebuild raid after a new HD replaces a bad one. This option is only available on hardware models.

For details, see raid-rebuild.

reset-sandbox-engine

Reset the tracer/rating engine back to firmware default.

For details, see reset-sandbox-engine.

set-maintainer

Enable/disable the maintainer account.

For details, see set-maintainer.

set-tlsver

Set the allowed TLS version for HTTPS service.

For details, see set-tlsver.

fortimail-expired

Enable/disable expired timeout option for FortiMail files.

For details, see fortimail-expired.

oftpd-con-mode

Enable/disable conserve mode of OFTPD.

For details, see oftpd-con-mode.

device-lenc

Enable/disable OFTPD supporting FortiGate-LENC devices.

For details, see device-lenc.

upload-settings

Configure data upload settings to community cloud.

For details, see upload-settings.

ai-mode

Enable/disable using AI logic to do job's behavior analysis.

For details, see ai-mode.

set-cfg-backup-key

Set your own passphrase that openSSL uses to encrypt or decrypt a configuration backup file.

prescan-config

Configure support for large files of up to 10GB in VM.

For details, see prescan-config.

reset-scan-profile

Reset the scan flow settings to firmware default values.