Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

FortiMail Devices

You can configure FortiMail to send suspicious files, URLs, and suspicious attachments to FortiSandbox for inspection and analysis. FortiSandbox statistics for total detected and total clean are displayed in FortiMail.

If FortiMail sends protected domain information, the domain names and jobs counts from them are listed. For each protected domain, you can set a submission limitation. If protected domain information is not available, such as files from older versions of FortiMail or outgoing emails, jobs from them are grouped in the Unprotected domain name.

For information on how to configure FortiMail to send files to FortiSandbox, see the FortiMail Administration Guide in the Fortinet Document Library.

To edit FortiMail Settings in FortiSandbox:
  1. On your FortiSandbox device, go to Scan Input > Device.

    This page lists all devices and protected domains. Since FortiMail does not explicitly send a list of possible protected domains to FortiSandbox, FortiSandbox only knows about a domain after it receives a file or URL. Domains on this page are displayed after the first file or URL is received on that domain.

  2. Click the FortiMail device name to open the Edit Device Settings page.
  3. Edit the following settings and then click OK.

    Device Status

    Serial Number

    Device serial number.

    Hostname

    FortiMail host name.

    IP

    IP address of the FortiMail.

    Status

    Status of the device.

    Last Modified

    Date and time the FortiMail settings were last changed.

    Last Seen

    Date and time the FortiMail last connected to FortiSandbox.

    Permissions & Policy

    Authorized

    Enable to authorize the FortiMail device. If disabled, files sent from FortiMail are dropped.

    New VDOMs/Domains Inherit Authorization

    Enable to have new protected domains inherit the authorization setting configured at the device level.

    Email Settings

    Administrator Email

    Email address in Notifier email in FortiMail.

    Send Notifications

    Enable to send notifications. When enabled, you receive email notifications when a file inside an email is detected as potential malware. The email contains a link to the scan job details page.

    To receive notification emails, configure a mail server in System > Mail Server and enable Send a notification email to the Device/Domain/Vdom email list when Files/URLs with selected rating are detected. Otherwise, a warning icon is displays.

    Send PDF Reports

    Enable to send PDF reports of job detail.

    To receive reports and define report generation frequency, configure a mail server in System > Mail Server and enable Send scheduled PDF report about an individual VDOM/Domain to its email address. Otherwise, a warning icon is displays.

To edit Domain settings:
  1. On your FortiSandbox device, go to Scan Input > Device.
  2. Click the domain name.
  3. Edit the following settings and then click OK.

    Device Status

    Domain/VDOM FQDN

    Protected domain name.

    Hostname

    Domain/VDOM name in the format of FortiMail Device Name: Domain name.

    IP

    IP address of the FortiMail.

    Status

    Status of the device.

    Files/URLs Transmitted

    Number of files and URLs sent to the domain in the last seven days.

    Last Modified

    Date and time the authorization status was changed.

    Last Seen

    Date and time last file/URL was sent to this domain.

    Permissions & Policy

    Authorized

    Enable to authorize the FortiMail domain.

    Submission Limitation

    Limit the protected domain submission speed. Select Unlimited or specify the number of submissions per Hour or Day.

    When the limit is reached, FortiSandbox rejects files and URLs sent to this domain.

    Email Settings

    Email

    Enter the administrator email addresses for the domain, separated by commas.

    Send Notifications

    Enable to send notifications when viruses or malware to this domain is detected.

    To receive notification emails, configure a mail server in System > Mail Server and enable Send a notification email to the Device/Domain/VDOM email list when Files/URLs with selected rating are detected. Otherwise, a warning icon is displays.

    Send PDF Reports

    Enable to send PDF reports of jobs.

    To receive reports and define report generation frequency, configure a mail server in System > Mail Server and enable Send scheduled PDF report about an individual VDOM/Domain to its email address. Otherwise, a warning icon is displays.

    Send Reach Limit Alert Email

    Enable to send an alert email to the domain email address when Submission Limitation is reached.

Upload suspicious attachments to FortiSandbox

For information on how to configure FortiMail to send files to FortiSandbox, see the FortiMail Administration Guide in Fortinet Document Library.

Device and VDOM/Domain level notifications

If you enable Send notifications in the Edit Device Settings or Edit VDOM/Domain Settings page, you receive an email every time a file from your environment is detected as potential malware.

Device and VDOM/Domain level PDF reports

If you enable Send PDF reports in Edit Device Settings or Edit VDOM/Domain Settings, you receive a PDF report by email as defined in System > Mail Server. This FortiSandbox Summary Reports PDF lists statistics of scan jobs in the time period in System > Mail Server and includes the following information:

  • Scanning Statistics: The number of files processed by FortiSandbox and a breakdown of files by rating.
  • Scanning Statistics by Type: The file type, rating, and event count.
  • Scanning Activity: A table and graph listing the number of clean, suspicious, and malicious files processed by FortiSandbox per day.
  • Top Targeted Hosts: The top targeted hosts.
  • Top Malware Files: The top malware programs detected by FortiSandbox.
  • Top Infectious URLs: The top infectious URLs detected by FortiSandbox.
  • Top Callback Domains: The top callback domains detected by FortiSandbox.

FortiMail Devices

You can configure FortiMail to send suspicious files, URLs, and suspicious attachments to FortiSandbox for inspection and analysis. FortiSandbox statistics for total detected and total clean are displayed in FortiMail.

If FortiMail sends protected domain information, the domain names and jobs counts from them are listed. For each protected domain, you can set a submission limitation. If protected domain information is not available, such as files from older versions of FortiMail or outgoing emails, jobs from them are grouped in the Unprotected domain name.

For information on how to configure FortiMail to send files to FortiSandbox, see the FortiMail Administration Guide in the Fortinet Document Library.

To edit FortiMail Settings in FortiSandbox:
  1. On your FortiSandbox device, go to Scan Input > Device.

    This page lists all devices and protected domains. Since FortiMail does not explicitly send a list of possible protected domains to FortiSandbox, FortiSandbox only knows about a domain after it receives a file or URL. Domains on this page are displayed after the first file or URL is received on that domain.

  2. Click the FortiMail device name to open the Edit Device Settings page.
  3. Edit the following settings and then click OK.

    Device Status

    Serial Number

    Device serial number.

    Hostname

    FortiMail host name.

    IP

    IP address of the FortiMail.

    Status

    Status of the device.

    Last Modified

    Date and time the FortiMail settings were last changed.

    Last Seen

    Date and time the FortiMail last connected to FortiSandbox.

    Permissions & Policy

    Authorized

    Enable to authorize the FortiMail device. If disabled, files sent from FortiMail are dropped.

    New VDOMs/Domains Inherit Authorization

    Enable to have new protected domains inherit the authorization setting configured at the device level.

    Email Settings

    Administrator Email

    Email address in Notifier email in FortiMail.

    Send Notifications

    Enable to send notifications. When enabled, you receive email notifications when a file inside an email is detected as potential malware. The email contains a link to the scan job details page.

    To receive notification emails, configure a mail server in System > Mail Server and enable Send a notification email to the Device/Domain/Vdom email list when Files/URLs with selected rating are detected. Otherwise, a warning icon is displays.

    Send PDF Reports

    Enable to send PDF reports of job detail.

    To receive reports and define report generation frequency, configure a mail server in System > Mail Server and enable Send scheduled PDF report about an individual VDOM/Domain to its email address. Otherwise, a warning icon is displays.

To edit Domain settings:
  1. On your FortiSandbox device, go to Scan Input > Device.
  2. Click the domain name.
  3. Edit the following settings and then click OK.

    Device Status

    Domain/VDOM FQDN

    Protected domain name.

    Hostname

    Domain/VDOM name in the format of FortiMail Device Name: Domain name.

    IP

    IP address of the FortiMail.

    Status

    Status of the device.

    Files/URLs Transmitted

    Number of files and URLs sent to the domain in the last seven days.

    Last Modified

    Date and time the authorization status was changed.

    Last Seen

    Date and time last file/URL was sent to this domain.

    Permissions & Policy

    Authorized

    Enable to authorize the FortiMail domain.

    Submission Limitation

    Limit the protected domain submission speed. Select Unlimited or specify the number of submissions per Hour or Day.

    When the limit is reached, FortiSandbox rejects files and URLs sent to this domain.

    Email Settings

    Email

    Enter the administrator email addresses for the domain, separated by commas.

    Send Notifications

    Enable to send notifications when viruses or malware to this domain is detected.

    To receive notification emails, configure a mail server in System > Mail Server and enable Send a notification email to the Device/Domain/VDOM email list when Files/URLs with selected rating are detected. Otherwise, a warning icon is displays.

    Send PDF Reports

    Enable to send PDF reports of jobs.

    To receive reports and define report generation frequency, configure a mail server in System > Mail Server and enable Send scheduled PDF report about an individual VDOM/Domain to its email address. Otherwise, a warning icon is displays.

    Send Reach Limit Alert Email

    Enable to send an alert email to the domain email address when Submission Limitation is reached.

Upload suspicious attachments to FortiSandbox

For information on how to configure FortiMail to send files to FortiSandbox, see the FortiMail Administration Guide in Fortinet Document Library.

Device and VDOM/Domain level notifications

If you enable Send notifications in the Edit Device Settings or Edit VDOM/Domain Settings page, you receive an email every time a file from your environment is detected as potential malware.

Device and VDOM/Domain level PDF reports

If you enable Send PDF reports in Edit Device Settings or Edit VDOM/Domain Settings, you receive a PDF report by email as defined in System > Mail Server. This FortiSandbox Summary Reports PDF lists statistics of scan jobs in the time period in System > Mail Server and includes the following information:

  • Scanning Statistics: The number of files processed by FortiSandbox and a breakdown of files by rating.
  • Scanning Statistics by Type: The file type, rating, and event count.
  • Scanning Activity: A table and graph listing the number of clean, suspicious, and malicious files processed by FortiSandbox per day.
  • Top Targeted Hosts: The top targeted hosts.
  • Top Malware Files: The top malware programs detected by FortiSandbox.
  • Top Infectious URLs: The top infectious URLs detected by FortiSandbox.
  • Top Callback Domains: The top callback domains detected by FortiSandbox.