FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 271700
Description This article describes how to enable FortiGate Cloud Sandbox in FortiOS from the CLI.
Scope FortiGate.

The following are the three ways files can be sent to a cloud sandbox:

  1. Files are sent to the Fortinet-maintained cloud sandbox cluster for scanning and processing.
  2. Files are sent to a customer-operated and maintained FortiSandbox Cloud instance.
  3. Files are sent to a customer-operated and maintained FortiSandbox hardware appliance.

By default, the option to send the files to FortiGate Cloud Sandbox is not enabled and will not be shown in the GUI. 


To enable this option:


  1. Enable 'fortigate-cloud-sandbox' from the CLI:

config system global

    set gui-fortigate-cloud-sandbox enable



  1. Log out from FortiGate and log back in again. Navigate to Security Fabric -> Fabric Connectors -> Sandbox.




The FortiGate Cloud Sandbox option should be visible now. Users should also select a region to send the traffic to for analysis.

To configure the FortiGate Cloud Sandbox, first activate the connection from the CLI. Note that FortiGate Cloud Sandbox is decoupled from FortiGate Cloud logging, so no need to have a FortiCloud account or have cloud logging enabled.
To activate the FortiGate Cloud Sandbox connection:
execute forticloud-sandbox region
0  Europe
1  Global
2  Japan
3  US
Please select cloud sandbox region[0-3]:3
After a region is selected, the following configuration is added:
config system fortiguard
    set sandbox-region {0 | 1 | 2 | 3}
Alternatively, using the execute forticloud-sandbox update command also works.


To enable the setting from the GUI, see this documentation.