If email attachments are sent to FortiSandbox, and the "reject" action is configured in the action profile, the actual action will fallback to "system quarantine" if spam or viruses are detected afterwards. |
GUI item | Description |
FortiSandbox type | If you use an appliance, specify the appliance’s host name or IP address; If you use the cloud service, make sure you have a valid contract. To register for FortiSandbox Cloud service 1. Go to Monitor > System Status. 2. Click Log In besides FortiCloud under License Information. 3. Enter the contract license. Note: If you are running FortiMail HA, you must register all the master and slave units. For active-passive HA, this is to ensure that the slave unit can continue to use the FortiCloud service in case of HA failover. For config-only HA, this is because all the units need to access the service. |
Server name/IP | Enter the FortiSandbox host name or IP address. The port to use is 514. If you have a firewall in between FortiMail and FortiSandbox, make this port is allowed. |
Test Connection | Click Test Connection to make sure the connection is successful. If the connection fails, check the network connection. |
Notification email | This is the email address that FortiSandbox will use to send out notifications and reports. If you want to receive such email, enter your email address. For details, see the FortiSandbox documentation. |
Statistics interval | Specify how long FortiMail should wait to retrieve some high level statistics from FortiSandbox. The default interval is 5 minutes. The statistics include how many malwares are detected and how many files are clean among all the files submitted. |
Scan timeout | Specify how long FortiMail will wait to get the results. |
Scan result expires in | Specify how long FortiMail will cache the results. |
Scan mode | Submit and wait for result means to submit email and wait for scan results from FortiSandbox. Submit only means just to submit email to FortiSandbox and deliver it without waiting for scan results. |
File Scan Settings | |
File types | Select what types of attachment files will be uploaded to FortiSandbox for scanning. |
File patterns | Create your own file pattern that will be uploaded to FortiSandbox, for example, *.txt. |
File size | Specify the maximum file size to upload to FortiSandbox. You may want to limit the file size to improve performance. |
URI Scan Settings | |
Enable | Enable to scan the URIs to determine if they are malicious or phishing sites. Note: If you do not want to send any URIs to FortiSandbox, you can do so by adding them to the URL exempt list. For details, see “Configuring the URL exempt list”. |
Email selection | Specify to scan URIs in all email or the suspicious email only. Suspicious email messages are those received during spam outbreaks. |
URI selection | Specify to scan all URIs or the unrated URIs only. The unrated URIs are the URIs that are tagged as unrated by the FortiGuard antispam service. Sometimes, FortiMail may not be able to get results from the FortiGuard queries (for example, ratings errors due to network connection failures). In this case, you can choose whether to upload those URIs to FortiSandbox for scanning. Choosing not to upload those URIs may help improving the FortiSandbox performance. |
Number of URIs per email | Specify how many URIs will be scanned in one email message. |