FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 258616
Description This article describes the FortiGate logs 'verdict: Submission Failed' to on-premies FortiSandbox.
Scope FortiGate v6.4, 7.0, and v7.2 above.

This log refers to a submission that failed due to FortiSandbox already reaching the submission limit.




  • It is possible to set a submission limitation in FortiSandbox, for example, one hour.

After reaching the limit, it will prompt a verdict submission failed in the FortiGate log.


  • It is possible to check the FortiSandbox hardware limit setting below:

Go to Security Fabric -> Device -> FGT:root > Submission Limitation.


  • If the issue is still there collect the debug :


diagnose debug reset

diagnose debug console timestamp enable

diagnose debug application quarantine -1
diag deb enable


To stop the debug:

diag debug disable


If the output is as follows:


2023-09-28 16:03:49 quar_remote_recv()-574: no data is available
2023-09-28 16:03:49 __quar_ipc_recver()-434: New job, cmd 7, req_length 848, qfd: 15
2023-09-28 16:03:49 __quar_job_validation()-156: analytics: Vfid=0, Status=1, Status-descr=manifest.{8B26BC7D-829D-4354-8635-3FA6D6F5B1CB}.cab, Service=4, Checksum=957b47f4, Size=11981, URL_length=0, Mail_header_length=0
2023-09-28 16:03:49 __quar_alloc_job_req()-300: New job created, id: 6110345
2023-09-28 16:03:49 __check_dev_cond()-1276: there are too many pending in forticloud-fsb   <---
2023-09-28 16:03:49 quar_put_job_req()-331: Job 6110345 deleted
2023-09-28 16:03:49 quar_ipc_reject_new()-113: IPC paused

To reduce the number of those drops, consider using the 'submit the suspicious files only' option.