Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

FortiMail Devices

In FortiMail version 5.2.0 or later, you can configure your FortiMail device to send suspicious files, URLs, and suspicious attachments to FortiSandbox for inspection and analysis. FortiSandbox statistics for total detected and total clean are displayed on FortiMail.

If FortiMail sends over protected domain information, those domain names and jobs counts of them are listed. For each protected domain, the user can set a submission limitation.

If protected domain information is not available, such as files from older versions of FortiMail or outgoing emails, jobs from them will be grouped in Unprotected domain name.

For more information on how to configure FortiMail to send files to FortiSandbox, please refer to the FortiMail Administration Guide available in the Fortinet Document Library.

To edit FortiMail Settings in FortiSandbox:
  1. On your FortiSandbox device, go to Scan Input > Device.

    All FortiMail devices and protected domains will be listed on this page. Since the FortiMail does not explicitly send a list of possible protected domains to FortiSandbox , the FortiSandbox only learns about a domain once it receives a file or URL sent to it. Each of the domains listed on this page will only be displayed after the first file or URL has been received to that specific domain.

  2. Click the FortiMail device name. The Edit Device Settings page opens.
  3. Edit the following settings:

    Device Status

     

     

    Serial Number

    The device serial number.

     

    Alias

    The host name of the FortiMail unit. This is a read-only value.

     

    IP

    The IP address of the FortiMail.

     

    Status

    The status of the device, either connected or disconnected. This field cannot be edited.

     

    Last Modified

    The date and time that the FortiMail settings were last changed.

     

    Last Seen

    The date and time that the FortiMail last connected to the FortiSandbox.

    Permissions

     

     

    Authorized

    Select the checkbox to authorize the FortiMail device. If this field is not checked, files sent from the FortiMail will be dropped. The date and time that the authorization status was changed.

     

    New VDOMs/Domains Inherit Authorization

    Select the checkbox to have protected domains inherit the authorization setting configured at the device level.

    Email Settings

     

     

    Administrator Email

    The email address entered in the Notifier Email field configured on the FortiMail device. You cannot edit this field on the FortiSandbox.

     

    Send Notifications

    Select the checkbox to send notifications. When notifications are enabled, you will receive email notifications when a file inside an email has been detected as potential malware. The email will contain a link to the scan job details page.

    To receive notification emails, you must configure a mail server and enable the Send a notification email to the global email list when malicious files are detected setting in System > Mail Server. Otherwise, a warning icon is displayed.

     

    Send Reports

    Select the checkbox to send job detail PDF reports. To receive reports and define report generation frequency, you must configure System > Mail Server page. Also, the Send scheduled PDF report about an individual VDOM/Domain to its email address in that page should be checked. Otherwise, a warning icon is displayed.

  4. Click OK to save the settings.
To edit Domain settings:
  1. On your FortiSandbox device, go to Scan Input > Device. All FortiMail devices and protected Domains will be listed on this page.
  2. Click the domain name.
  3. Edit the following settings:

    Device Status

     

     

    Domain/VDOM FQDN

    The protected domain name. This field cannot be edited.

     

    Alias

    The value is FortiMail Device Name: Domain name.

     

    IP

    The IP address of the FortiMail . This field cannot be edited.

     

    Status

    The status of the device, either connected or disconnected. This field cannot be edited.

     

    Files/URLs Transmitted

    The total number of files and URLs sent to the domain in the last seven days.

     

    Last Modified

    The date and time that the authorization status was changed. This field cannot be edited.

     

    Last Seen

    The date and time that last file/URL sent to this domain

    Permissions and Policy

     

     

    Authorized

    Select the checkbox to authorize the FortiMail domain.

     

    Submission Limitation

    Limit the FortiMail submission speed regarding to a protected domain. Specify the number of submissions per Hour, Day, or Unlimited. When limitation is reached, FSA will reject files and URLs to this domain.

    Note: This feature is only working for new version FortiMail who can send over domain information.

     

    Send Reach Limit Alert Email

    When checked, an alert email is sent to the domain email address when limitation is reached.

    Email Settings

    If this field is checked, when submission limitation is reached, an alert email will be sent to domain email address.

     

    Email

    Enter the Administrator Email address for the domain, separated by a comma.

     

    Send Notifications

    Select checkbox to send notifications when viruses or malware to this domain is detected.

    To receive notification emails, you must configure a mail server and enable the Send a notification email to the global email list when malicious files are detected setting in System > Mail Server. Otherwise, a warning icon is displayed.

     

    Send Reports

    Select checkbox to send PDF reports of jobs. To receive reports and define report generation frequency, you must configure the System > Mail Server page. Also the Send scheduled PDF report about an individual VDOM/Domain to its email address in that page should be enabled. Otherwise, a warning icon is displayed.

  4. Click OK to save the settings.
Upload suspicious attachments to FortiSandbox

For more information on how to configure FortiMail e to send files to FortiSandbox, please refer to the FortiMail Administration Guide available on the Fortinet Document Library.

Device and VDOM/Domain level notifications

When enabling Send notifications in the Edit Device Settings or Edit VDOM/Domain Settings page, you will receive an email every time a file from your environment has been detected as potential malware.

Device and VDOM/Domain level PDF reports

When enabling Send PDF reports in the Edit Device Settings or Edit VDOM/Domain Settings page, you will receive a PDF report by email at defined moment in Config > Mail Server page. This email will contain a FortiSandbox Summary Reports PDF. The report lists statistics of scan jobs from the defined previous time period configured from the System > Mail Server page. This report contains the following information:

  • Scanning Statistics: A table listing the number of files processed by FortiSandbox and a breakdown of files by rating.
  • Scanning Statistics by Type: A table listing the file type, rating and event count.
  • Scanning Activity: A table and graph listing the number of clean, suspicious, and malicious files processed by FortiSandbox per day.
  • Top Targeted Hosts: A list of the top targeted hosts.
  • Top Malware Files: A list of the top malware programs detected by FortiSandbox.
  • Top Infectious URLs: A list of the top infectious URLs detected by FortiSandbox.
  • Top Callback Domains: A list of the top call back domains detected by FortiSandbox.

FortiMail Devices

In FortiMail version 5.2.0 or later, you can configure your FortiMail device to send suspicious files, URLs, and suspicious attachments to FortiSandbox for inspection and analysis. FortiSandbox statistics for total detected and total clean are displayed on FortiMail.

If FortiMail sends over protected domain information, those domain names and jobs counts of them are listed. For each protected domain, the user can set a submission limitation.

If protected domain information is not available, such as files from older versions of FortiMail or outgoing emails, jobs from them will be grouped in Unprotected domain name.

For more information on how to configure FortiMail to send files to FortiSandbox, please refer to the FortiMail Administration Guide available in the Fortinet Document Library.

To edit FortiMail Settings in FortiSandbox:
  1. On your FortiSandbox device, go to Scan Input > Device.

    All FortiMail devices and protected domains will be listed on this page. Since the FortiMail does not explicitly send a list of possible protected domains to FortiSandbox , the FortiSandbox only learns about a domain once it receives a file or URL sent to it. Each of the domains listed on this page will only be displayed after the first file or URL has been received to that specific domain.

  2. Click the FortiMail device name. The Edit Device Settings page opens.
  3. Edit the following settings:

    Device Status

     

     

    Serial Number

    The device serial number.

     

    Alias

    The host name of the FortiMail unit. This is a read-only value.

     

    IP

    The IP address of the FortiMail.

     

    Status

    The status of the device, either connected or disconnected. This field cannot be edited.

     

    Last Modified

    The date and time that the FortiMail settings were last changed.

     

    Last Seen

    The date and time that the FortiMail last connected to the FortiSandbox.

    Permissions

     

     

    Authorized

    Select the checkbox to authorize the FortiMail device. If this field is not checked, files sent from the FortiMail will be dropped. The date and time that the authorization status was changed.

     

    New VDOMs/Domains Inherit Authorization

    Select the checkbox to have protected domains inherit the authorization setting configured at the device level.

    Email Settings

     

     

    Administrator Email

    The email address entered in the Notifier Email field configured on the FortiMail device. You cannot edit this field on the FortiSandbox.

     

    Send Notifications

    Select the checkbox to send notifications. When notifications are enabled, you will receive email notifications when a file inside an email has been detected as potential malware. The email will contain a link to the scan job details page.

    To receive notification emails, you must configure a mail server and enable the Send a notification email to the global email list when malicious files are detected setting in System > Mail Server. Otherwise, a warning icon is displayed.

     

    Send Reports

    Select the checkbox to send job detail PDF reports. To receive reports and define report generation frequency, you must configure System > Mail Server page. Also, the Send scheduled PDF report about an individual VDOM/Domain to its email address in that page should be checked. Otherwise, a warning icon is displayed.

  4. Click OK to save the settings.
To edit Domain settings:
  1. On your FortiSandbox device, go to Scan Input > Device. All FortiMail devices and protected Domains will be listed on this page.
  2. Click the domain name.
  3. Edit the following settings:

    Device Status

     

     

    Domain/VDOM FQDN

    The protected domain name. This field cannot be edited.

     

    Alias

    The value is FortiMail Device Name: Domain name.

     

    IP

    The IP address of the FortiMail . This field cannot be edited.

     

    Status

    The status of the device, either connected or disconnected. This field cannot be edited.

     

    Files/URLs Transmitted

    The total number of files and URLs sent to the domain in the last seven days.

     

    Last Modified

    The date and time that the authorization status was changed. This field cannot be edited.

     

    Last Seen

    The date and time that last file/URL sent to this domain

    Permissions and Policy

     

     

    Authorized

    Select the checkbox to authorize the FortiMail domain.

     

    Submission Limitation

    Limit the FortiMail submission speed regarding to a protected domain. Specify the number of submissions per Hour, Day, or Unlimited. When limitation is reached, FSA will reject files and URLs to this domain.

    Note: This feature is only working for new version FortiMail who can send over domain information.

     

    Send Reach Limit Alert Email

    When checked, an alert email is sent to the domain email address when limitation is reached.

    Email Settings

    If this field is checked, when submission limitation is reached, an alert email will be sent to domain email address.

     

    Email

    Enter the Administrator Email address for the domain, separated by a comma.

     

    Send Notifications

    Select checkbox to send notifications when viruses or malware to this domain is detected.

    To receive notification emails, you must configure a mail server and enable the Send a notification email to the global email list when malicious files are detected setting in System > Mail Server. Otherwise, a warning icon is displayed.

     

    Send Reports

    Select checkbox to send PDF reports of jobs. To receive reports and define report generation frequency, you must configure the System > Mail Server page. Also the Send scheduled PDF report about an individual VDOM/Domain to its email address in that page should be enabled. Otherwise, a warning icon is displayed.

  4. Click OK to save the settings.
Upload suspicious attachments to FortiSandbox

For more information on how to configure FortiMail e to send files to FortiSandbox, please refer to the FortiMail Administration Guide available on the Fortinet Document Library.

Device and VDOM/Domain level notifications

When enabling Send notifications in the Edit Device Settings or Edit VDOM/Domain Settings page, you will receive an email every time a file from your environment has been detected as potential malware.

Device and VDOM/Domain level PDF reports

When enabling Send PDF reports in the Edit Device Settings or Edit VDOM/Domain Settings page, you will receive a PDF report by email at defined moment in Config > Mail Server page. This email will contain a FortiSandbox Summary Reports PDF. The report lists statistics of scan jobs from the defined previous time period configured from the System > Mail Server page. This report contains the following information:

  • Scanning Statistics: A table listing the number of files processed by FortiSandbox and a breakdown of files by rating.
  • Scanning Statistics by Type: A table listing the file type, rating and event count.
  • Scanning Activity: A table and graph listing the number of clean, suspicious, and malicious files processed by FortiSandbox per day.
  • Top Targeted Hosts: A list of the top targeted hosts.
  • Top Malware Files: A list of the top malware programs detected by FortiSandbox.
  • Top Infectious URLs: A list of the top infectious URLs detected by FortiSandbox.
  • Top Callback Domains: A list of the top call back domains detected by FortiSandbox.