Technical Tip: How to configure FortiMail to bypass FortiSandbox scanning for an outbound email

While FortiSandbox integration provides strong protection against advanced threats, scanning outbound email traffic is often unnecessary and may introduce unnecessary load/delays.

In most deployments:

• Outbound messages originate from trusted internal users or systems.
• The primary security concern is typically inbound threats.
• Sandbox analysis is resource-intensive by design.

Sending every outbound attachment and URL to FortiSandbox can therefore create significant additional load without delivering proportional security value.

This optimization becomes especially important when using FortiSandbox Cloud SaaS (Software as a Service) since submission limits apply according to the device type.

To Disable the AntiVirus Scanning of the outbound traffic the following steps are required:

1. In the FortiMail GUI, navigate to Profile -> AntiVirus, then select New to create a new AntiVirus profile.
2. Next, go to FortiSandbox and ensure that both Attachment Analysis and URL Analysis are disabled.

3. Select 'Create' to create the new AntiVirus profile.
4. Next, navigate to Policy -> Recipient Policy -> Outbound.
5. Select 'New' to create a new outbound recipient policy.
6. Configure the preferred sender or recipient, and select the AntiVirus profile created in Steps 1-3.
7. Finally, move the new outbound recipient policy to the top of the policy list to ensure it takes effect, as FortiMail evaluates policies from top to bottom.