We've been trying FortiSandbox for couple weeks, and so far it has found few files it rated as malicious. We're sending files from FortiMail and from FortiGate (unencrypted traffic only...). Everything was rated by the AV scanner though, so I guess if we'd have the AV profile in FortiGate it would also catch these?
Currently our SMTP connection comes via a different firewall, but instead of spending money on FortiSandbox it would be of course cheaper to just migrate that traffic to the FortiGates where we already have the UTM bundle.
So, has anyone ever seen FortiSandbox do anything useful? In networks where you have AV software on the clients and FortiGates doing UTM stuff.
Have you configured to send all files or to send suspicious files only to sandbox? In either case, AV would rate it if it had previously known about this file, or after getting the inspection results from sandbox about the same. So for those suspicious files which AV had no prior knowledge, it relies on sandbox results, and would therefore become useful.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.