Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Emails that were considered "high risk" in Fortisandbox, Fortimail is letting it go.

Good day * There are emails that the FORTISANDBOX has classified as high risk, low risk, malicious; However, FORTIMAIL is classifying it as 'Not Spam' or 'Safe System', despite the severity it presents, it is letting it pass. What is the reason that FORTIMAIL has accepted it, despite the severity that FORTISANDBOX classified it? The logs were reviewed and they do not indicate if the email is malicious or high risk. The domains or emails that are included in the "safe list" of FORTIMAIL, are not going to perform any scan analysis? because in the logs it is observed that despite the severity they are letting FORTIMAIL pass.



whitelisting domains or address is a last resource strategy, not a toy to play with.

Is important to solve email traffic using the several antispam layers available.


If fortisandbox is well integrated and configured with fortimail, an infected email will not pass.


But, if you whitelist domains or e-mails addresses widely,  all your efforts will be, literally, wasted





/ Abel

regards / Abel

gracias por su respuesta amigo. Por lo que me dices, entiendo que si los dominios estan en la lista blanca a pesar que el fortisandbox los catalogue como peligrosos, entonces el fortimail los dejara pasar porque estan incluidos en la lista blanca del fortimail por lo tanto no toma ninguna accion. estoy en lo correcto? 




Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors