Fortinet FortiSandbox Reviews

I provide this solution in the FortiGate firewall as a cloud license. I'm in presales and I qualify the solution, so I don't install it or deploy it. I worked with Sandbox for one project two years ago, especially with FortiGate 200E. I worked with the customer and prepared the solution according to their needs, and we decided on the architecture and design to deploy this solution.

We put the firewall in the front end design and we configured it so that every file will be downloaded through the HTTP, or HTTPS, and the file will be scanned and analyzed with the antivirus of FortiClient. This is checked with the signature of this antivirus. If it's not okay, we will configure it to be scanned and analyzed with Sandbox.

There, we will configure, for example, a virtual machine for in the cloud that contains Windows Server or Windows Desktop, the version that the customer already has. We deploy some services like Active Directory, or the service that the customer uses. We try to send this file to the virtual cloud. Then we check it. If the file attains a certain score, we will block it. If not, we can make an event quarantine. We configure our event in the firewall or in the switch that connects in this firewall, and we will put it in quarantine until that administrator checks this file and where or not it contains malware or not.

In general, we purchase the license and we configure it in the front end firewall, not in the internal or data center firewall. This is especially for downloading the files that we can receive.

For the firewall, we were using the version FortiOS 7.0. The first version that we deployed was the 6.5 version. That includes this cloud license.

The firewall is on-premise, but the license for FortiSandbox is on the cloud.

There are 10 people using this solution in my company.

The price has been a benefit to our organization. Fortinet has given us a very interesting financial offer compared to others. For example, if we compared it with Palo Alto, they have a specific license for sandbox but call it WildFire, and it's very expensive. In comparison with the Fortinet, the license is included in a bundle that includes antivirus and URL file filtering. This is for an SMB, small and medium businesses. It's competitive in terms of the price.

Compared to other solutions, it's easy to configure and implement because of the templates. The timing of scanning files is faster.

There could be more templates and a higher number of simulated VMs to configure more use cases. Sometimes we need to configure many use cases in many different environments, and if the number of VMs that we configure is limited, we have to remove some and reconfigure the environment if we need another environment. It's better to have more use cases and more simulated environments that we can configure.

I have been using this solution for two years.

The solution is stable. The performance is okay because Fortinet is based on FortiADC, and they have the capability to have a higher performance than others.

I do not use the solution daily. It depends on the project. At the moment, we don't have plans to increase usage.

With the cloud license, the scalability is okay, but it depends on the firewall type. For a smaller business, I think they are limited with the number of files. It depends on the number of firewalls.

For the on-prem solution, it certainly depends. I think there are problems with the scalability. If you need to extend or add more sizing, that means more files per day. We have to change the kind of appliance. This is a problem for that. But if it was on a VM solution, maybe it wouldn't be a problem for scalability.

Technical support is good.

We have used other solutions previously. It depends on the needs of our customers and the budget.

Concerning security, Trend Micro is better in comparison.

Initial setup is complex. The length it takes to deploy the solution just depends. We also need to have a tuning phase to collect more information for the environment and how to configure it. If we already have the template, we can easily configure it in two days. But after that, we have to make a learning phase or tuning phase to see how the solution responds and what the results are, and then we can optimize the configuration. The timing depends on the context.

For maintenance, patching, and updating, we need maybe two people.

The price is competitive.

I would rate this solution 7 out of 10.

FortiSandbox is used to contain and prevent malware outbreaks. 

One of my clients was receiving malware in their email. Less than 1 percent of their email contained malware, but it was still too many. FortiSandbox prevented the malware from entering the broader network. FortiMail forwarded the files to be analyzed in FortiSandbox, which ran it on a Windows 10 machine with Office 365. The sandbox detected malicious behavior. One of the files tried to change the Windows registry, so FortiSandbox flagged it as malware and reported it to FortiMail, which blocked the email. 

FortiSandbox analyzes the behavior of processes in a sandbox environment, which is useful for threat hunting. The solution has an excellent standard configuration, and you can prioritize the types of files of VMs you want to analyze. It also integrates seamlessly with other Fortinet solutions, like FortiGate, FortiMail, and FortiEMS. 

It should be easier to import custom virtual machines. Some of the VMs that are in FortiSandbox don't have the applications that we have in our environment. We need to import a VM with specific applications that we use in our environment. Have all the licenses because this is a real environment. You need a license for the Windows client you run on it. It's possible to import custom VMs, but it's a pain to do it. I would like a tool that simplifies the process. 

We have used FortiSandbox for three years. 

FortiSandbox is pretty stable. I don't remember a time when it crashed. We've had to restart the VMs, but not the sandbox itself. 

There are limits to FortiSandbox because you must pay for a license for all the VMs you use.

The setup is straightforward. Yeah. You only need to install the VM and configure the two interfaces. We use one FortiSandbox for external requests and another internally. Sometimes, the malware tries to access something on the Internet. you can block it on the sandbox or allow it, so you can gather more information about what it is trying to do. 

But maybe you don't want the VM or the malware on the VM accessing the Internet from your environment. You need to configure that interface for that purpose. After that, you must authorize the FortiGate or the fabric devices on the FortiSandbox and create the VMs. If you are using the VMs Fortinet provides, you can download and provision them with one click. It will have the default configuration. The default policy may not work the way you intend, but it will protect out of the box. 

We've seen a return by preventing outbreaks and stopping zero-day threats. 

FortiSandbox is pricey because we need to purchase three licenses, including one for the cloud and an on-prem license. We also have a sandbox that comes with a FortiGate UTM license, but you don't have access to the VMs. However, you can access the malware timeline from the cloud and see the information about the FortiSandbox services. Still, It doesn't block the threat immediately. If you are downloading malware, FortiGate will send it to the FortiGate cloud sandbox, but the download will finish, and you'll have malware in your host. As soon as the sandbox returns a verdict on that file, it will be blocked on the next download attempt if it's malware.

I rate FortiSandbox 10 out of 10.

We mainly use it for incoming mail from all our domains because we have several of them. We are servicing many companies as the holding company. Every mail is passed to the Sandbox virtual machine. It is a VM. Occasionally, a link or a standalone file that we want to check is also passed to the Sandbox virtual machine.

The scanner office document as well as PDF are useful. The most valuable thing is that you can emulate different operating systems without having the danger of getting something infected. It emulates several operating systems, and as a result, you either get the file or you don't get the file. 

I don't know if it is viable to do an improvement like this. When there are passwords in the password-protected files, it can't scan them or do things like this. I don't know if an algorithm or something else could make it better. Nowadays, many legitimate office documents have passwords.

I have been using Fortinet FortiSandbox for about five to six years.

It is very stable. The only thing is that you have to manually check for some extensions. You have to do that mainly for the office documents because they change their extension. You have to manually add the new extension, but it is not a big problem. 

They are very responsive. At first, I had interacted with only the Greece branch of Fortinet, which has only pre-sales engineers, not the support engineers, and they were very helpful. For the last two and a half years, we have a contract with a dedicated team for support. They're getting bigger, better, and greater. 

It is very simple. You just specify the operating system that you want to emulate as well as the office version. It is pretty straightforward in terms of the procedure. It is easy to use and has a very useful interface.

Altogether, it is about €10,000 for the Sandbox and Email Gateway. 

I have used it within the Fortinet ecosystem. The whole Fortinet ecosystem collaborates very well. It is a standalone product as well, but I haven't tested it as a standalone product. If I had a choice, I would opt for the cloud version. I currently have the on-premises version.

I would rate Fortinet FortiSandbox a nine out of ten.

We use Fortinet FortiSandbox for malware. Fortinet FortiSandbox is used before entering the firewall to extract any file and check for malicious activity.

The solution extracts an attached file before reaching the user and notifies the user if there's something malicious in the attachment received along with an email. The solution prevents such malicious content from entering your enterprise network.

When you reach the maximum capacity, you cannot upgrade the solution because its hardware is very expensive. All you can do is discard it and buy another.

I have been using Fortinet FortiSandbox for five years.

We didn't face any issues with the solution's stability for the three years it was installed on-premises at our data center.

The solution’s technical support is good.

The solution’s initial setup is straightforward.

We have seen a return on investment with Fortinet FortiSandbox because it helped us a lot on the security part.

If you're using Fortinet, it's best to use the solution when using FortiGate antivirus because it's all connected and easy to manage.

Overall, I rate Fortinet FortiSandbox an eight out of ten.

Every day, we connect to Fortinet Administrative Center and Sandbox to view emails. It's great for monitoring and reporting. 

The firmware is very good. 

I like the services and features on offer. 

Technical support is okay.

FortiGate is very easy in terms of configuration. The Web GUI is very simple and the Command Line is okay. The GUI makes administration tasks straightforward. 

The solution is stable.

You can scale the solution easily.

While support is okay, it can always be slightly improved. 

It can be difficult if you need to use the Command Line Interface (CLI). It's much easier if you only have to deal with the GUI. 

The solution has all of the features we need. 

I've been using the solution for two years. 

The product is stable. FortiGate firmware and the Sandbox are stable. We do not have problems. Even when you update, it's very reliable. There are no bigs or glitches. 

It is a scalable product.

Support has been mostly helpful. 

I have a contact from Fortinet support and my contact is very nice. I use it three to five times a year and they've mostly;y been able to support me and answer my questions. 

We do pay for support and they do provide us with help and with patches, et cetera, to help with firmware and updates and any security items. 

I have used Stormshield in the past. That was a long time ago. We now only use Fortinet for security. Fortinet, in comparison, is easy to configure. Stormshield is also a smaller solution than Fortinet. It's technically more affordable, s Fortinet is more expensive, however, Fortinet is a bigger more technical option.

Setting it up and configuring it is very easy.

It's easy to configure from Sandbox as configuration from the policy is very easy. 

I don't have much information in terms of maintenance tasks and what might be needed to maintain the product. 

We have a one-year license for the product. You can renew it yearly.

I'm very satisfied with this product.

We are using the latest version of the solution. 

We have 500 people in the organization. 

I'd recommend the solution to others. It's great, working from the cloud and the security is good. 

I would rate the solution ten out of ten.

We are using Fortinet FortiSandbox to inspect and scan all our files. All the files inside our organization that is transferred through the company. The solution scans the files inside the PSVM because it has many VMs inside the FortiScan. It's working on zero-day attacks and not based on the signature of the threat. It's based on behavior analysis.

The dynamic behavior analysis is excellent. We have many attacks caught by the FortiSandbox as zero-day attacks. Additionally, the administration is simple and can be customized to fit your companies needs.

Fortinet FortiSandbox has manual scan features. We have other sandboxes solutions from other vendors but they don't have this feature. It allows you to interpret or intervene in the scan whatever you want. It is a SOC analyzer, and it is called Manual Scan or something similar. Comparing this feature to other vendors, it's very good.

The reporting tools could be improved in Fortinet FortiSandbox.

I have been using Fortinet FortiSandbox for approximately six years.

The stability of the solution is good.

We have not tried to scale the solution, it has been working fine for what we have been using it for at this time.

We have approximately 50 devices and 1,000 to 2,000 files being scanned daily.

We use the solution extensively.

We use similar sandbox solutions from Forcepoint and Palo Alto.

The installation of Fortinet FortiSandbox is very easy.

We did the implementation ourselves.

We are on an annual license to use the solution. We have an additional feature that is integrated with S5, which is working well.

I would recommend Fortinet FortiSandbox to others, it is the most comprehensive sandbox available.

I rate Fortinet FortiSandbox an eight out of ten.

The most valuable features of the product include components like CDR, greylisting, sandboxing, attachment detection in sandboxing, DLP fingerprinting, and the redirect option.

For the MSSPs, it would be great if the product could display all the threat chains on a dashboard since it is an area where the tool is currently lacking.

I have been using Fortinet FortiSandbox for around two years. My company has a partnership with Fortinet. My company also operates as an MSP for Fortinet.

It is a stable solution with no issues at all. The product is scalable and stable since it is compatible with cloud solutions like AWS and Azure. The product can be deployed on the cloud services offered by Amazon AWS or Microsoft Azure.

It is an easily scalable solution.

My company caters to the needs of small, medium, and large-sized businesses where the solution is used.

The solution's technical support is satisfactory. I rate the technical support a seven to eight out of ten.

Positive

I have worked with other solutions in the past.

The product is easy to deploy.

The product can be deployed in 15 days.

Two or three people from our company are involved in the deployment, implementation, and configuration process.

Fortinet FortiSandbox saves a lot of money for its users since if an attack happens in your environment, the loss is infinite, especially in terms of the brand value and laws of data. In terms of ROI, the tools safeguard the data and brand value of the company. The percentage of the ROI can vary from company to company. If the product prevents an attack on a small or medium-sized business, then the ROI part will have a different implication in terms of numbers. If the product prevents an attack on an enterprise-sized company, the ROI part will have a different implication in terms of numbers.

Fortinet FortiSandbox is a nominally priced product, so I would not say that it is a very cheap tool. It is one of the best solutions in the market with a competitive pricing model, similar to the prices offered by products from Cisco.

I would describe Fortinet FortiSandbox, which has been deployed within our company's network for threat detection, as a proactive solution with multiple functionalities. A few of the functionalities of the product include areas like sandboxing, CDR, pattern-reading, and detection ratio, which are very good.

I rate the product's effectiveness in dealing with zero-day threats a seven to eight out of ten, where ten means it is the most effective product for dealing with zero-day threats.

As of now, Fortinet FortiSandbox is not integrated with other Fortinet solutions to improve our company's security posture. The tool is integrated with our own existing email security gateway to use anti-spam and anti-virus features.

The tool should have more ability to customize from the reporting point of view. The tool should be able to provide more slicing and dicing in data. The users of the product should try to know about threat chains t with the help of the tool's MSPs so that they know the outcome of a threat that may enter their networks. In the MSP model, it would be good if the aforementioned area gets integrated.

The reporting and alerting capabilities of the product have helped our company's security area since the tool provides good and deep-dive reports, which include proper reasoning for certain actions that were taken. The report will explain why it blocked or did not block certain aspects. There are detailed reports in terms of the logs that the tool provides its users. The tools also provide details on the areas that were quarantined. In general, the tool provides a very detailed report.

The product is easy to maintain since my company gets proper support from Fortinet.

In my company, there are many use cases to describe scenarios where the product prevented or mitigated a breach or an attack. My company operates as a managed service provider for Fortinet, and many of our customers use Fortinet FortiSandbox. When my company receives any attacks via links or attachments, FortiMail blocks such emails.

I suggest others consider whether they plan to buy a solution from a security company. I will see whether the tool I use for sandboxing is from a security company or not. I will consider the catch rate of the product. I will also consider the other solutions that the vendor can bring in for me that can improve and secure my company's security posture while being easy to use and implement.

I will consider whether the vendor who offers our company sandboxing features has a security background. I will look into whether the solution is interoperable or not. There should be interoperability if I need to deploy some other solution as well, like a DLP or a firewall.

I rate the overall tool a seven out of ten.

We use Fortinet FortiSandbox to troubleshoot different software.

Performance is a valuable feature.

The delivery feature in my country is extremely bad.

I have been using Fortinet FortiSandbox for three months.

It is a stable solution. 

It is a scalable solution. 

We have the support to set it up. It took a few months to deploy it. We integrate the solution and the support takes care of the solution after that. Almost three to four people are required for the maintenance.

It is an expensive solution. 

I would rate the overall solution an eight out of ten.