Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Have you ever had something FortiSandbox caught?

We've been trying FortiSandbox for couple weeks, and so far it has found few files it rated as malicious. We're sending files from FortiMail and from FortiGate (unencrypted traffic only...). Everything was rated by the AV scanner though, so I guess if we'd have the AV profile in FortiGate it would also catch these?

Currently our SMTP connection comes via a different firewall, but instead of spending money on FortiSandbox it would be of course cheaper to just migrate that traffic to the FortiGates where we already have the UTM bundle.

So, has anyone ever seen FortiSandbox do anything useful? In networks where you have AV software on the clients and FortiGates doing UTM stuff.

Tweakbox Appvalley



Have you configured to send all files  or to send suspicious files only to sandbox? In either case, AV would rate it if it had previously known about this file, or after getting the inspection results from sandbox  about the same.  So for those suspicious files which AV had no prior knowledge, it relies on sandbox results, and would therefore become useful.


Best regards,



Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors