Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiSandbox 4.2.4 Administration Guide
    4.2.4
    5.0.0
    4.4.6
    4.4.5
    4.4.4
    4.4.3
    4.4.2
    4.4.1
    4.4.0
    4.2.7
    4.2.6
    4.2.5
    4.2.4
    4.2.3
    4.2.2
    4.2.1
    4.2.0
    4.0.5
    4.0.4
    4.0.3
    4.0.2
    4.0.1
    4.0.0
    3.2.4
    3.2.3
    3.2.2
    3.2.1
    3.2.0
    3.1.5
    3.1.4
    3.1.3
    3.1.2
    3.1.1
    3.1.0
    3.0.7
    3.0.6

    Supported Devices

    Supported Devices

    FortiSandbox supports the following devices:

    FortiGate

    FortiSandbox can perform additional analysis on files that have been AV scanned by FortiGate. You can configure FortiGate to send all files or only suspicious files passing through the AV scan.

    FortiGate can retrieve scan results and details from FortiSandbox, and also receive antivirus and web filtering signatures to supplement the current signature database.

    When FortiGate learns from FortiSandbox that a terminal is infected, the administrator can push instruction for self-quarantine on a registered FortiClient host.

    FortiMail

    You can configure FortiMail to send suspicious, high risk files and suspicious attachments to FortiSandbox. FortiSandbox can perform additional analysis on files that have been scanned by your FortiMail email gateway.

    Suspicious email attachments include:

    • Suspicious files detected by heuristic scan of the AV engine.
    • Executable files and executable files embedded in archive files.
    • Type 6 hashes (binary hashes) of spam email detected by FortiGuard AntiSpam service.

    FortiMail can send suspicious URLs in the email body to FortiSandbox for URL scans and then block suspicious emails based on the scan result.

    FortiWeb

    You can use a file upload restriction policy to submit uploaded files to FortiSandbox for evaluation. If FortiSandbox determines that the file is malicious, FortiWeb performs the following tasks:

    • Generate an attack log message that contains the result, for example, messages with the Alert action.
    • For 10 minutes after it receives the FortiSandbox results, take the action specified by the file upload restriction policy. During this time, it does not re-submit the file to FortiSandbox, for example, messages with the Alert_Deny action.

    FortiClient EMS

    You can configure a FortiSandbox IP address in an endpoint profile. FortiClient EMS attempts to submit an authorization request to FortiSandbox. FortiSandbox administrators can authorize it and set limitations about submission speed. Subsequently, all FortiClient endpoints managed by FortiClient EMS are considered authorized by the same FortiSandbox and follow the submission speed limit.

    FortiClient

    FortiSandbox can accept files from FortiClient to perform additional analysis while FortiClient holds the files until the scan results are received. FortiClient can also receive additional antivirus signatures from FortiSandbox, generated from scan results, to supplement current signatures.
    Previous
    Next

    Supported Devices

    Supported Devices

    FortiSandbox supports the following devices:

    FortiGate

    FortiSandbox can perform additional analysis on files that have been AV scanned by FortiGate. You can configure FortiGate to send all files or only suspicious files passing through the AV scan.

    FortiGate can retrieve scan results and details from FortiSandbox, and also receive antivirus and web filtering signatures to supplement the current signature database.

    When FortiGate learns from FortiSandbox that a terminal is infected, the administrator can push instruction for self-quarantine on a registered FortiClient host.

    FortiMail

    You can configure FortiMail to send suspicious, high risk files and suspicious attachments to FortiSandbox. FortiSandbox can perform additional analysis on files that have been scanned by your FortiMail email gateway.

    Suspicious email attachments include:

    • Suspicious files detected by heuristic scan of the AV engine.
    • Executable files and executable files embedded in archive files.
    • Type 6 hashes (binary hashes) of spam email detected by FortiGuard AntiSpam service.

    FortiMail can send suspicious URLs in the email body to FortiSandbox for URL scans and then block suspicious emails based on the scan result.

    FortiWeb

    You can use a file upload restriction policy to submit uploaded files to FortiSandbox for evaluation. If FortiSandbox determines that the file is malicious, FortiWeb performs the following tasks:

    • Generate an attack log message that contains the result, for example, messages with the Alert action.
    • For 10 minutes after it receives the FortiSandbox results, take the action specified by the file upload restriction policy. During this time, it does not re-submit the file to FortiSandbox, for example, messages with the Alert_Deny action.

    FortiClient EMS

    You can configure a FortiSandbox IP address in an endpoint profile. FortiClient EMS attempts to submit an authorization request to FortiSandbox. FortiSandbox administrators can authorize it and set limitations about submission speed. Subsequently, all FortiClient endpoints managed by FortiClient EMS are considered authorized by the same FortiSandbox and follow the submission speed limit.

    FortiClient

    FortiSandbox can accept files from FortiClient to perform additional analysis while FortiClient holds the files until the scan results are received. FortiClient can also receive additional antivirus signatures from FortiSandbox, generated from scan results, to supplement current signatures.
    Previous
    Next