FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Sometimes an antiVirus profile in a FortiGate is configured to send all files instead just to send the suspicious ones.
That is a problem in the FortiSandbox because the amount of files per hour allowed is out of specifications and it's not required to send all files to FortiSandbox when the antivirus profile in the FortiGate already identify the suspicious ones.

Verify the amount of total job in the FortiSandbox received from a FortiGate and show how to optimize in the AV profile in the FortiGate to just send the suspicious files.

Expectations, Requirements
Decrease the amount of files send from the FortiGate to a FortiSandbox to avoid to exceed the files per hour allowed in the FortiSanbdox.

1.) Access to the FortiSandbox via CLI and run the following command:
# show device all

Source: Device, File type: PDF files, Jobs: 99369

Source: Device, File type: Microsoft Office files (Word, Excel, PowerPoint files etc), Jobs: 1057

Source: Device, File type: Adobe Flash files, Jobs: 5
Source: Device, File type: Executables/DLL/VBS/BAT/PS1/JAR/MSI/WSF files, Jobs: 5
Source: Device, File type: Web Page files(JavaScript, HTML files etc), Jobs: 109705
Source: Device, File type: Not determined files, Jobs: 1993525
Source: Device, File type: Not assigned files, Jobs: 17539
Source: Device, Total Jobs: 2221205

2) Access to the FortiGate device via CLI and access to the AV profile that was configured to send the files to FortiSandbox for inspection, using following commands:
# config antivirus profile
# edit 'AV-NAME'
# get
Check for the 'ftgd-anaytics' files.
the AV profile is enabled to send all files to the FortiSandbox no matter if the antiVirus found the suspicious files.
Specify to just send the suspicious file running the following command:
# config antivirus profile
     edit 'AV-NAME'
          set ftgd-anaytics suspicious