Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Release Notes

    Home FortiSandbox 5.0.0 Release Notes
    5.0.0
    5.0.0
    4.4.6
    4.4.5
    4.4.4
    4.4.3
    4.4.2
    4.4.1
    4.4.0
    4.2.7
    4.2.6
    4.2.5
    4.2.4
    4.2.3
    4.2.2
    4.2.1
    4.2.0
    4.0.5
    4.0.4
    4.0.3
    4.0.2
    4.0.1
    4.0.0
    3.2.4
    3.2.3
    3.2.2
    3.2.1
    3.2.0
    3.1.5
    3.1.4
    3.1.3
    3.1.2
    3.1.1
    3.1.0
    3.0.7
    3.0.6
    3.0.5
    3.0.4
    3.0.3
    3.0.2
    3.0.1
    3.0.0

    New features and enhancements

    New features and enhancements

    The following is summary of new features and enhancements in version 5.0.0. For details, see the FortiSandbox5.0.0 Administration Guide in the Fortinet Document Library.

    GUI

    • Introduced a simplified and redesigned VM Settings page to support the Universal VM.
    • Introduced Incident Assist page for SOC monitoring and investigation.
    • Introduced a redesigned Job Detail page to serve as a virtual security analyst.
    • Introduced threat intelligence enrichment via the FortiGuard IOC service.
    • Introduced an Email Management page for undelivered emails via MTA.
    • Introduced VM Interaction on Linux VMs.
    • Introduced a toggle option to hide clean and debug tracer logs on the Job Detail page to focus on suspicious indicators and reduce the unnecessary content.
    • Introduced GUI theme support (e.g. Neutrino and Dark).
    • Enhanced the GUI pages to use the latest web application framework for design standardization and system stability.
    • Enhanced the System Dashboard page to improve content and layout of the services.
    • Enhanced the On Demand File and URL submission page to simplify look and feel which includes several advanced options to control scan flow.

    • Enhanced the VM Association page under Scan Profile to view content of the VM association and easily assign file extensions

    • Enhanced System Settings page improving the Alert Notification and VM External Network Access sections.
    • Enhanced FortiGuard page with proper update status when successful, in-progress or failure.
    • Enhanced design and icons of the tree view for improved visibility and analysis.
    • Added Windows 11 as an option when uploading a Custom VM.
    • Added storage type support of Premium SSD on Custom VM for Azure Cloud.
    • Added an option to mark a job as false-positive or false-negative when submitting to FortiGuard for analysis.
    • Added a compress icon on the search page of jobs extracted from a compress file.
    • Added a download option for Tracer Log on the job detail page for Linux file submissions.

    Security Fabric and Deployment

    • Introduced NetShare Scan on Google Cloud Storage.
    • Introduced NetShare Scan on Microsoft OneDrive and SharePoint.
    • Introduced NetShare scan on Secured FTP (SFTP) site.

    • Introduced nested mode VM deployment on public cloud (AWS/Azure/GCP/OCI).

    • Enhanced sniffer to support Q-in-Q traffic.
    • Upgraded Azure configuration to use the Client-ID instead of email address to conform to the new Azure requirement.
    • Added custom certificate support on MTA/BCC adapter deployment.

    Scan & Engine

    • Introduced a new AI engine (PAIX) to detect more 0-day malware. Supports:
      • Windows-based Executable
      • Android-based Malware on Android OS version 13 and up.
      • Office and PDF based Malware including Phishing and Ransom notes.

    • Introduced application-level behavioral tracking to identify potential indicators before they occur.

    • Introduced optical character recognition (OCR) for processing images and reading text.

    • Introduced new Android VM for scanning APK files.
    • Introduced embedded files extraction in Office and PDF file types.
    • Introduced VM recording in public cloud deployment with nested VMs.
    • Introduced optical character recognition (OCR) for processing images and reading text.
    • Enhanced URL analysis from FortiMail submission to check presence of QR code image.

    • Enhanced the job results aggregation mechanism when handling archive files for better performance.

    • Enhanced behavior to skip dynamic scan on URL submission with High Risk setting due to customized category.
    • Enhanced Scan Profile to support up to 30 passwords for extracting PDF and Office file types.
    • Enhanced NetShare Scan performance.
    • Enhanced caching mechanism of the job results.
    • Added file type support for the following: encoded Visual Basic Script (.vbe), Microsoft Outlook Calendar file (.ics, .vcs), Microsoft Publisher (.pub), Microsoft Visio (.vsdx), Universal Disk Format archive (.udf), and ISO in UDF 2.5.
    • Added file extraction of UTF-8 encoded attachment on MIME-encoded emails.
    • Added password extraction on emails submitted via BCC Adapter.
    • Added support to scan downloaded script file via URL jobs.

    • Added trusted-vendor check on archive files.

    • Added skip options on NetShare Scan to reduce load for unchanged files.
    • Added customized rating support for application crashing on dynamic scan.

    System & Security

    • Enhanced disk usage of jobs to higher retention capacity.
    • Enhanced database system for improved scalability and reliability.
    • Enhanced HA-Cluster communication between nodes by using SSL certificates.
    • Upgraded software suite of the FortiSandbox OS.
    • Upgraded SDK for AWS and Azure public cloud to support newer regions.

    • Updated remote access password to the unit's serial number on the interactive mode for public cloud customized VM.

    • Updated device connection default crypto setting from TLS 1.2 to TLS 1.3.
    • Added Availability Zone support for Nested VM on Azure cloud.
    • Added automatic conversion of file system to support newer optional VMs for performance compatibility.
    • Added HTTP CONNECT and SOCKS5 proxy support for cloud VM.
    • Added HTTP CONNECT proxy support for the VM network access.
    • Added limit of 32 entries on ICAP profiles.

    Logging & Reporting

    • Introduced AI-based Threat Summary using the collected indicators and results.
    • Introduced a toggle option to hide debug tracer logs to reduce the unnecessary content on the generated PDF report.
    • Enhanced the cover page of the Job Detail PDF report with five designs.
    • Added Kernel logging to system event for Kernel panic, segmentation fault and out of memory.
    • Added daemon logging to system event for tracking and diagnosis of unexpected restart.
    • Added engine versions on the reports for all scanned jobs.
    • Added engine versions on Job Detail page and report when no captured behavior.
    • Added serial number when submitting files to the Sandbox community server.
    • Added From and To fields on emails submitted via BCC Adapter.
    • Added a log when a VM rescan happens including job id and the reason.
    • Added support for sharing FortiSandbox Indicators of Compromise (IOC) through STIX/TAXII packages and servers.

    CLI and API

    • Enhanced the debug output of HA-Cluster on tac-report CLI command.
    • Enhanced the debug output of Web Category override settings on tac-report CLI command.
    • Enhanced the debug output of proxy connection on the test-network CLI command.
    • Added memory and cpu parameters on the vm-customized CLI command.
    • Added database status on status CLI command.
    • Added file system type on the debug CLIs command.
    Previous
    Next

    New features and enhancements

    New features and enhancements

    The following is summary of new features and enhancements in version 5.0.0. For details, see the FortiSandbox5.0.0 Administration Guide in the Fortinet Document Library.

    GUI

    • Introduced a simplified and redesigned VM Settings page to support the Universal VM.
    • Introduced Incident Assist page for SOC monitoring and investigation.
    • Introduced a redesigned Job Detail page to serve as a virtual security analyst.
    • Introduced threat intelligence enrichment via the FortiGuard IOC service.
    • Introduced an Email Management page for undelivered emails via MTA.
    • Introduced VM Interaction on Linux VMs.
    • Introduced a toggle option to hide clean and debug tracer logs on the Job Detail page to focus on suspicious indicators and reduce the unnecessary content.
    • Introduced GUI theme support (e.g. Neutrino and Dark).
    • Enhanced the GUI pages to use the latest web application framework for design standardization and system stability.
    • Enhanced the System Dashboard page to improve content and layout of the services.
    • Enhanced the On Demand File and URL submission page to simplify look and feel which includes several advanced options to control scan flow.

    • Enhanced the VM Association page under Scan Profile to view content of the VM association and easily assign file extensions

    • Enhanced System Settings page improving the Alert Notification and VM External Network Access sections.
    • Enhanced FortiGuard page with proper update status when successful, in-progress or failure.
    • Enhanced design and icons of the tree view for improved visibility and analysis.
    • Added Windows 11 as an option when uploading a Custom VM.
    • Added storage type support of Premium SSD on Custom VM for Azure Cloud.
    • Added an option to mark a job as false-positive or false-negative when submitting to FortiGuard for analysis.
    • Added a compress icon on the search page of jobs extracted from a compress file.
    • Added a download option for Tracer Log on the job detail page for Linux file submissions.

    Security Fabric and Deployment

    • Introduced NetShare Scan on Google Cloud Storage.
    • Introduced NetShare Scan on Microsoft OneDrive and SharePoint.
    • Introduced NetShare scan on Secured FTP (SFTP) site.

    • Introduced nested mode VM deployment on public cloud (AWS/Azure/GCP/OCI).

    • Enhanced sniffer to support Q-in-Q traffic.
    • Upgraded Azure configuration to use the Client-ID instead of email address to conform to the new Azure requirement.
    • Added custom certificate support on MTA/BCC adapter deployment.

    Scan & Engine

    • Introduced a new AI engine (PAIX) to detect more 0-day malware. Supports:
      • Windows-based Executable
      • Android-based Malware on Android OS version 13 and up.
      • Office and PDF based Malware including Phishing and Ransom notes.

    • Introduced application-level behavioral tracking to identify potential indicators before they occur.

    • Introduced optical character recognition (OCR) for processing images and reading text.

    • Introduced new Android VM for scanning APK files.
    • Introduced embedded files extraction in Office and PDF file types.
    • Introduced VM recording in public cloud deployment with nested VMs.
    • Introduced optical character recognition (OCR) for processing images and reading text.
    • Enhanced URL analysis from FortiMail submission to check presence of QR code image.

    • Enhanced the job results aggregation mechanism when handling archive files for better performance.

    • Enhanced behavior to skip dynamic scan on URL submission with High Risk setting due to customized category.
    • Enhanced Scan Profile to support up to 30 passwords for extracting PDF and Office file types.
    • Enhanced NetShare Scan performance.
    • Enhanced caching mechanism of the job results.
    • Added file type support for the following: encoded Visual Basic Script (.vbe), Microsoft Outlook Calendar file (.ics, .vcs), Microsoft Publisher (.pub), Microsoft Visio (.vsdx), Universal Disk Format archive (.udf), and ISO in UDF 2.5.
    • Added file extraction of UTF-8 encoded attachment on MIME-encoded emails.
    • Added password extraction on emails submitted via BCC Adapter.
    • Added support to scan downloaded script file via URL jobs.

    • Added trusted-vendor check on archive files.

    • Added skip options on NetShare Scan to reduce load for unchanged files.
    • Added customized rating support for application crashing on dynamic scan.

    System & Security

    • Enhanced disk usage of jobs to higher retention capacity.
    • Enhanced database system for improved scalability and reliability.
    • Enhanced HA-Cluster communication between nodes by using SSL certificates.
    • Upgraded software suite of the FortiSandbox OS.
    • Upgraded SDK for AWS and Azure public cloud to support newer regions.

    • Updated remote access password to the unit's serial number on the interactive mode for public cloud customized VM.

    • Updated device connection default crypto setting from TLS 1.2 to TLS 1.3.
    • Added Availability Zone support for Nested VM on Azure cloud.
    • Added automatic conversion of file system to support newer optional VMs for performance compatibility.
    • Added HTTP CONNECT and SOCKS5 proxy support for cloud VM.
    • Added HTTP CONNECT proxy support for the VM network access.
    • Added limit of 32 entries on ICAP profiles.

    Logging & Reporting

    • Introduced AI-based Threat Summary using the collected indicators and results.
    • Introduced a toggle option to hide debug tracer logs to reduce the unnecessary content on the generated PDF report.
    • Enhanced the cover page of the Job Detail PDF report with five designs.
    • Added Kernel logging to system event for Kernel panic, segmentation fault and out of memory.
    • Added daemon logging to system event for tracking and diagnosis of unexpected restart.
    • Added engine versions on the reports for all scanned jobs.
    • Added engine versions on Job Detail page and report when no captured behavior.
    • Added serial number when submitting files to the Sandbox community server.
    • Added From and To fields on emails submitted via BCC Adapter.
    • Added a log when a VM rescan happens including job id and the reason.
    • Added support for sharing FortiSandbox Indicators of Compromise (IOC) through STIX/TAXII packages and servers.

    CLI and API

    • Enhanced the debug output of HA-Cluster on tac-report CLI command.
    • Enhanced the debug output of Web Category override settings on tac-report CLI command.
    • Enhanced the debug output of proxy connection on the test-network CLI command.
    • Added memory and cpu parameters on the vm-customized CLI command.
    • Added database status on status CLI command.
    • Added file system type on the debug CLIs command.
    Previous
    Next