It is important to identify that the FortiSandbox service over Fortigate Cloud is a service on demand and not on premise (or virtualized) as FortiSanbox, the FortiSandbox AI-based Sandbox Service, requests the DB over FortiGate Cloud and is on demand.

To have a proper configuration at DNS level, communication to internet and to our FortiGuard Services/Cloud Services.

To know more about how to troubleshoot the communication and improve the communication to the Cloud Services, check this KB article: Technical Tip: FortiGuard is not reachable via Anycast default method

Before to activate the service and the in-line scan on the FortiGate and over the AV (AntiVirus) profile, make sure to see activated over the FortiCloud account and on the FortiGate, the license.

The license is active over FortiCloud and Asset Management.

The license is active under System -> FortiGuard -> FortiGate Cloud Sandbox.

If it is not shown properly, it could be an issue at the license level. Contact Customer Service to check over the account and contract level.

If it is being shown properly, follow the next steps to activate the service on the FortiGate:

At CLI level, run the command 'execute forticloud-sandbox region' to enable the feature over the FortiGate.

Executing the command will show the region to choose, this region must match the region where the FortiGate is registered to be managed over FortiGate Cloud.

After running the command, the service will be activated and the features to send the file to be scanned by FortiSanbox will be enabled.

Service is active under Security Fabric -> Fabric Connectors -> Sandbox - FortiGate Cloud.