FortiMail Devices

FortiMail Devices

In FortiMail version 5.2.0 or later, you can configure your FortiMail device to send suspicious files, URLs, and suspicious attachments to FortiSandbox for inspection and analysis. FortiSandbox statistics for total detected and total clean are displayed in FortiMail.

If FortiMail sends over protected domain information, those domain names and jobs counts of them are listed. For each protected domain, the user can set a submission limitation.

If protected domain information is not available, such as files from older versions of FortiMail or outgoing emails, jobs from them will be grouped in Unprotected domain name.

For more information on how to configure FortiMail to send files to FortiSandbox, please refer to the FortiMail Administration Guide available in the Fortinet Document Library.

To edit FortiMail Settings in FortiSandbox:

On your FortiSandbox device, go to Scan Input > Device.
This page lists all FortiMail devices and protected domains. Since FortiMail does not explicitly send a list of possible protected domains to FortiSandbox, FortiSandbox only knows about a domain after it receives a file or URL. Domains on this page are displayed after the first file or URL is received on that domain.
Click the FortiMail device name to open the Edit Device Settings page.

Edit the following settings and then click OK.

Device Status
	Serial Number	The device serial number.
	Alias	The host name of the FortiMail unit. This is a read-only value.
	IP	The IP address of the FortiMail.
	Status	The status of the device, either connected or disconnected. This field cannot be edited.
	Last Modified	The date and time that the FortiMail settings were last changed.
	Last Seen	The date and time that the FortiMail last connected to the FortiSandbox.
Permissions
	Authorized	Select the checkbox to authorize the FortiMail device. If this field is not checked, files sent from the FortiMail will be dropped. The date and time that the authorization status was changed.
	New VDOMs/Domains Inherit Authorization	Select the checkbox to have protected domains inherit the authorization setting configured at the device level.
Email Settings
	Administrator Email	The email address entered in the Notifier Email field configured on the FortiMail device. You cannot edit this field on the FortiSandbox.
	Send Notifications	Select the checkbox to send notifications. When notifications are enabled, you will receive email notifications when a file inside an email has been detected as potential malware. The email will contain a link to the scan job details page. To receive notification emails, you must configure a mail server and enable Send a notification email to the Device/Domain/Vdom email list when Files/URLs with selected rating are detected in System > Mail Server. Otherwise, a warning icon is displayed.
	Send PDF Reports	Select the checkbox to send job detail PDF reports. To receive reports and define report generation frequency, you must configure System > Mail Server page. Also, the Send scheduled PDF report about an individual VDOM/Domain to its email address in that page should be checked. Otherwise, a warning icon is displayed.

To edit Domain settings:

On your FortiSandbox device, go to Scan Input > Device.
This page lists all FortiMail devices and protected Domains.
Click the domain name.

Edit the following settings and then click OK.

Device Status
	Domain/VDOM FQDN	The protected domain name. This field cannot be edited.
	Alias	The value is FortiMail Device Name: Domain name.
	IP	The IP address of the FortiMail . This field cannot be edited.
	Status	The status of the device, either connected or disconnected. This field cannot be edited.
	Files/URLs Transmitted	The total number of files and URLs sent to the domain in the last seven days.
	Last Modified	The date and time that the authorization status was changed. This field cannot be edited.
	Last Seen	The date and time that last file/URL sent to this domain
Permissions and Policy
	Authorized	Select the checkbox to authorize the FortiMail domain.
	Submission Limitation	Limit the FortiMail submission speed regarding to a protected domain. Specify the number of submissions per Hour, Day, or Unlimited. When limitation is reached, FSA will reject files and URLs to this domain. Note: This feature is only working for new version FortiMail who can send over domain information.
Email Settings		If this field is checked, when submission limitation is reached, an alert email will be sent to domain email address.
	Email	Enter the Administrator Email address for the domain, separated by a comma.
	Send Notifications	Select checkbox to send notifications when viruses or malware to this domain is detected. To receive notification emails, you must configure a mail server and enable Send a notification email to the Device/Domain/Vdom email list when Files/URLs with selected rating are detected in System > Mail Server. Otherwise, a warning icon is displayed.
	Send Reports	Select checkbox to send PDF reports of jobs. To receive reports and define report generation frequency, you must configure the System > Mail Server page. Also the Send scheduled PDF report about an individual VDOM/Domain to its email address in that page should be enabled. Otherwise, a warning icon is displayed.
	Send Reach Limit Alert Email	When checked, an alert email is sent to the domain email address when limitation is reached.

Upload suspicious attachments to FortiSandbox

For information on how to configure FortiMail to send files to FortiSandbox, see the FortiMail Administration Guide in Fortinet Document Library.

Device and VDOM/Domain level notifications

When enabling Send notifications in the Edit Device Settings or Edit VDOM/Domain Settings page, you receive an email every time a file from your environment is detected as potential malware.

Device and VDOM/Domain level PDF reports

When enabling Send PDF reports in Edit Device Settings or Edit VDOM/Domain Settings, you receive a PDF report by email as defined in System > Mail Server. This FortiSandbox Summary Reports PDF lists statistics of scan jobs in the defined time period in System > Mail Server and includes the following information:

Scanning Statistics: A table listing the number of files processed by FortiSandbox and a breakdown of files by rating.
Scanning Statistics by Type: A table listing the file type, rating and event count.
Scanning Activity: A table and graph listing the number of clean, suspicious, and malicious files processed by FortiSandbox per day.
Top Targeted Hosts: A list of the top targeted hosts.
Top Malware Files: A list of the top malware programs detected by FortiSandbox.
Top Infectious URLs: A list of the top infectious URLs detected by FortiSandbox.
Top Callback Domains: A list of the top call back domains detected by FortiSandbox.

If FortiMail sends over protected domain information, those domain names and jobs counts of them are listed. For each protected domain, the user can set a submission limitation.

If protected domain information is not available, such as files from older versions of FortiMail or outgoing emails, jobs from them will be grouped in Unprotected domain name.

For more information on how to configure FortiMail to send files to FortiSandbox, please refer to the FortiMail Administration Guide available in the Fortinet Document Library.

To edit FortiMail Settings in FortiSandbox:

On your FortiSandbox device, go to Scan Input > Device.
This page lists all FortiMail devices and protected domains. Since FortiMail does not explicitly send a list of possible protected domains to FortiSandbox, FortiSandbox only knows about a domain after it receives a file or URL. Domains on this page are displayed after the first file or URL is received on that domain.
Click the FortiMail device name to open the Edit Device Settings page.

Edit the following settings and then click OK.

Device Status
	Serial Number	The device serial number.
	Alias	The host name of the FortiMail unit. This is a read-only value.
	IP	The IP address of the FortiMail.
	Status	The status of the device, either connected or disconnected. This field cannot be edited.
	Last Modified	The date and time that the FortiMail settings were last changed.
	Last Seen	The date and time that the FortiMail last connected to the FortiSandbox.
Permissions
	Authorized	Select the checkbox to authorize the FortiMail device. If this field is not checked, files sent from the FortiMail will be dropped. The date and time that the authorization status was changed.
	New VDOMs/Domains Inherit Authorization	Select the checkbox to have protected domains inherit the authorization setting configured at the device level.
Email Settings
	Administrator Email	The email address entered in the Notifier Email field configured on the FortiMail device. You cannot edit this field on the FortiSandbox.
	Send Notifications	Select the checkbox to send notifications. When notifications are enabled, you will receive email notifications when a file inside an email has been detected as potential malware. The email will contain a link to the scan job details page. To receive notification emails, you must configure a mail server and enable Send a notification email to the Device/Domain/Vdom email list when Files/URLs with selected rating are detected in System > Mail Server. Otherwise, a warning icon is displayed.
	Send PDF Reports	Select the checkbox to send job detail PDF reports. To receive reports and define report generation frequency, you must configure System > Mail Server page. Also, the Send scheduled PDF report about an individual VDOM/Domain to its email address in that page should be checked. Otherwise, a warning icon is displayed.

To edit Domain settings:

On your FortiSandbox device, go to Scan Input > Device.
This page lists all FortiMail devices and protected Domains.
Click the domain name.

Edit the following settings and then click OK.

Device Status
	Domain/VDOM FQDN	The protected domain name. This field cannot be edited.
	Alias	The value is FortiMail Device Name: Domain name.
	IP	The IP address of the FortiMail . This field cannot be edited.
	Status	The status of the device, either connected or disconnected. This field cannot be edited.
	Files/URLs Transmitted	The total number of files and URLs sent to the domain in the last seven days.
	Last Modified	The date and time that the authorization status was changed. This field cannot be edited.
	Last Seen	The date and time that last file/URL sent to this domain
Permissions and Policy
	Authorized	Select the checkbox to authorize the FortiMail domain.
	Submission Limitation	Limit the FortiMail submission speed regarding to a protected domain. Specify the number of submissions per Hour, Day, or Unlimited. When limitation is reached, FSA will reject files and URLs to this domain. Note: This feature is only working for new version FortiMail who can send over domain information.
Email Settings		If this field is checked, when submission limitation is reached, an alert email will be sent to domain email address.
	Email	Enter the Administrator Email address for the domain, separated by a comma.
	Send Notifications	Select checkbox to send notifications when viruses or malware to this domain is detected. To receive notification emails, you must configure a mail server and enable Send a notification email to the Device/Domain/Vdom email list when Files/URLs with selected rating are detected in System > Mail Server. Otherwise, a warning icon is displayed.
	Send Reports	Select checkbox to send PDF reports of jobs. To receive reports and define report generation frequency, you must configure the System > Mail Server page. Also the Send scheduled PDF report about an individual VDOM/Domain to its email address in that page should be enabled. Otherwise, a warning icon is displayed.
	Send Reach Limit Alert Email	When checked, an alert email is sent to the domain email address when limitation is reached.

Upload suspicious attachments to FortiSandbox

For information on how to configure FortiMail to send files to FortiSandbox, see the FortiMail Administration Guide in Fortinet Document Library.

Device and VDOM/Domain level notifications

When enabling Send notifications in the Edit Device Settings or Edit VDOM/Domain Settings page, you receive an email every time a file from your environment is detected as potential malware.

Device and VDOM/Domain level PDF reports

Scanning Statistics: A table listing the number of files processed by FortiSandbox and a breakdown of files by rating.
Scanning Statistics by Type: A table listing the file type, rating and event count.
Scanning Activity: A table and graph listing the number of clean, suspicious, and malicious files processed by FortiSandbox per day.
Top Targeted Hosts: A list of the top targeted hosts.
Top Malware Files: A list of the top malware programs detected by FortiSandbox.
Top Infectious URLs: A list of the top infectious URLs detected by FortiSandbox.
Top Callback Domains: A list of the top call back domains detected by FortiSandbox.