|
This log refers to a submission that failed due to FortiSandbox already reaching the submission limit.
- It is possible to set a submission limitation in FortiSandbox, for example, one hour.
After reaching the limit, it will prompt a verdict submission failed in the FortiGate log.
- It is possible to check the FortiSandbox hardware limit setting below:
Go to Security Fabric -> Device -> FGT:root > Submission Limitation.
- If the issue is still there collect the debug :
diagnose debug reset
diagnose debug console timestamp enable
diagnose debug application quarantine -1
diag deb enable
To stop the debug:
diag debug disable
If the output is as follows:
2023-09-28 16:03:49 quar_remote_recv()-574: no data is available
2023-09-28 16:03:49 __quar_ipc_recver()-434: New job, cmd 7, req_length 848, qfd: 15
2023-09-28 16:03:49 __quar_job_validation()-156: analytics: Vfid=0, Status=1, Status-descr=manifest.{8B26BC7D-829D-4354-8635-3FA6D6F5B1CB}.cab, Service=4, Checksum=957b47f4, Size=11981, URL_length=0, Mail_header_length=0
2023-09-28 16:03:49 __quar_alloc_job_req()-300: New job created, id: 6110345
2023-09-28 16:03:49 __check_dev_cond()-1276: there are too many pending in forticloud-fsb <---
2023-09-28 16:03:49 quar_put_job_req()-331: Job 6110345 deleted
2023-09-28 16:03:49 quar_ipc_reject_new()-113: IPC paused
To reduce the number of those drops, consider using the 'submit the suspicious files only' option.
|
