We are now using FortiMail Version 5.3 and FortiSandbox version 2.3.3 for email scanning.
In the FortiMail, we set that the email with attachment will send to FortiSandbox for Scanning AntiVirus. The integration and the operation is fine.
Starting from last month, we found that no email with attachment sent to FortiSandbox for AntiVirus scanning. All the email just accumulated in the Mail queue and send to the receiver until 30 minutes timeout.
We have try to send a test email to test this case. In the FortiMail log message of the testing email, it stated that the mail has been send to FortiSandbox. However, we cannot find the session ID, log ID or message related to this testing email in the FortiSandbox. No scanning process has taken in the FortiSandbox.
We have checked the connectivity between the FortiMail and FortiSandbox and the connection between them is well
Are there any suggestion for this issue?
Thanks
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
For one, reboot the FSA. I've seen it bump against a wall once or twice (in months).
Second, I would check if newer FSA firmware (v2.5.2 or v3.0.0) supports FML v5.3, and if so, upgrade. There are miles between v2.3 and v2.5, and v3.0 looks promising.
For one, reboot the FSA. I've seen it bump against a wall once or twice (in months).
Second, I would check if newer FSA firmware (v2.5.2 or v3.0.0) supports FML v5.3, and if so, upgrade. There are miles between v2.3 and v2.5, and v3.0 looks promising.
Hello Ede,
Thank you for your suggestion.
We have tried to reboot the FortiSandbox, the FortiSandbox work as normal again. It can scan the AntiVirus and attachment transferred from FortiMail.
However, since the FortiSandbox is malfunction for a long period of time, there are huge amount of pending job accumulated in the Job queue after we reboot the FortiSandbox. As those pending email are sent to the receiver already before, where are those pending email (sent to receiver already) in the FortiSandbox transfer to when they complete the scanning process in the FortiSandbox. Will those email be deleted after scanning in FortiSandbox or send to receiver again?
Thanks,
Remus
Hello Remus,
sorry for my late answer.
Objects sent to the sandbox are used to rate them. In other words, the FortiMail has waited for 30 minutes and then sent the email anyway, without rating. When the sandbox now scans and rates those emails, you gain ratings for them but they are not sent again (by whom - the sandbox can't send emails, and the FML already has sent them out).
Depending on the length of the queue you can consider deleting the backlog. Pro and Con for both scanning or deleting.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1721 | |
1098 | |
752 | |
447 | |
234 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.