IT Central Station is now PeerSpot: Here's why

Fortinet FortiSandbox OverviewUNIXBusinessApplication

Fortinet FortiSandbox is #8 ranked solution in top Advanced Threat Protection (ATP) tools. PeerSpot users give Fortinet FortiSandbox an average rating of 8 out of 10. Fortinet FortiSandbox is most commonly compared to Palo Alto Networks WildFire: Fortinet FortiSandbox vs Palo Alto Networks WildFire. Fortinet FortiSandbox is popular among the large enterprise segment, accounting for 60% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a comms service provider, accounting for 26% of all views.
Buyer's Guide

Download the Advanced Threat Protection (ATP) Buyer's Guide including reviews and more. Updated: May 2022

What is Fortinet FortiSandbox?

Today’s threats are increasingly sophisticated and often bypass traditional malware security by masking their malicious activity. A sandbox augments your security architecture by validating threats in a separate, secure environment. FortiSandbox offers a powerful combination of advanced detection, automated mitigation, actionable insight, and flexible deployment to stop targeted attacks and subsequent data loss. It's also a key component of our Advanced Threat Protection solution.

Fortinet FortiSandbox was previously known as FortiSandbox.

Fortinet FortiSandbox Customers

Lush, Barnabas Health, Options, Riverside Healthcare, Hillsbourough County Schools, Columbia Public Schools, Schiller AG

Fortinet FortiSandbox Video

Fortinet FortiSandbox Pricing Advice

What users are saying about Fortinet FortiSandbox pricing:
  • "The price is competitive."
  • "Altogether, it is about €10,000 for the Sandbox and Email Gateway."
  • "We are on an annual license to use the solution. We have an additional feature that is integrated with S5, which is working well."
  • "The price of Fortinet FortiSandbox is expensive."
  • "Fortinet is more reasonable than Palo Alto."
  • "There is a license to use this solution."
  • Fortinet FortiSandbox Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Architect of solutions at a comms service provider with 11-50 employees
    Reseller
    Top 10
    Good performance and integration capabilities with good technical support
    Pros and Cons
    • "Integration is one of the solution's most valuable aspects. You can integrate even third-party solutions so that they can send the information or files they quarantine through the FortiSandbox"
    • "If you were to compare prices between vendors and manufacturers, you would see that the lowest equipment in the Sandbox line is quite expensive for a new customer."

    What is our primary use case?

    FortiSandbox was a solution that we mainly sold for manual protection, however, in order to have a more compact environment, like you see the security fabric that has Fortinet, in many of our clients, we performed integration within solutions. Our clients are mainly ones that have had Fortinet solutions previously or want to test Fortinet solutions. We also encourage them to use integration with Security Fabric. Clients mainly use it for documents, or, for example, programs or execute tools that are injected in the network through the perimeter or through the DNC and also for internal analysis. When any of the users reconnect to the network after some time it will perform a check through FortiClient. They also have interaction with FortiSandbox - everything new is put in quarantine during the user's use. These files or execute tools are analyzed in the FortiSandbox.It can also analyze for scripts between documents or inside documents - mainly office documents like Excel, PowerPoint, or PDF.

    What is most valuable?

    Integration is one of the solution's most valuable aspects. You can integrate even third-party solutions so that they can send the information or files they quarantine through the FortiSandbox. That's one of the main features every customer relies on or likes.  The performance capacity is impressive. Normally, you will need a big solution, I would say, or big hardware so that you can handle all the processing you have to do. However, FortiSandbox is quite a good hardware in and of itself. You can handle it without any restrictions.  With an on-premises solution, you can do all the analysis locally and not have the need to connect to the internet to depend on that service.  The solution can scale, however, it needs to be planned ahead of time. The technical support on offer is quite good.

    What needs improvement?

    With the 3000D we had some issues with the FortiOS version. I don't remember which one it was, however, there was an interaction problem or a performance issue. It might have been the FortiOS issue as it was a very particular, very specific issue and the performance was very high. All the indicators were in the highest levels and yet the equipment was not necessarily overloaded from doing analysis. I haven't interacted directly with these solutions. I mainly use it for design and not how they work, and therefore I haven't interacted directly with them. It would be hard for me to comment on missing features in general. The price just could be a little bit better, I would say, however, that depends a lot on the manufacturer. If you were to compare prices between vendors and manufacturers, you would see that the lowest equipment in the Sandbox line is quite expensive for a new customer. Those kinds of clients that don't have a very big budget or at least a medium one, need to rely on cloud solutions more than hardware, as hardware is expensive.  It would be ideal if the product had the ability to, if it cannot detect something correctly, to be able to put it on hold until a new release. That would be very circumstantial, actually. However, it could help protect against unknown entities.

    What do I think about the stability of the solution?

    I can't really speak to the stability. I haven't checked the functionalities of how they work in the current databases. So I don't have too much info about it.
    Buyer's Guide
    Advanced Threat Protection (ATP)
    May 2022
    Find out what your peers are saying about Fortinet, Palo Alto Networks, Trellix and others in Advanced Threat Protection (ATP). Updated: May 2022.
    608,010 professionals have used our research since 2012.

    What do I think about the scalability of the solution?

    Part of the design is to know how the solution can scale. You normally try to leave some space. For example, you offer a customer the possibility to scale in the future, according to their needs, however, only if you know the customer is going to grow. If the customer doesn't have that need, it doesn't make any sense to offer them equipment with some space to grow or to have more processing capacity or more licenses in the future. I would say normally you would sell what the customer needs plus a 5% to 10% cushion for the future if needed. However, it would be a properly designed solution.  We usually work with medium to large-scale organizations.

    How are customer service and support?

    Technical support has been pretty good. I know they respond every time. It just takes a few hours. It doesn't take too much time to respond. They're helpful and you can count on them.

    Which solution did I use previously and why did I switch?

    We are also a reseller of Palo Alto solutions.

    How was the initial setup?

    In terms of the initial setup, I would say it is half straightforward and half complex. It depends on the scenario and it depends on the kind of things you want to do with the Sandbox, for example, the kind of files you want to analyze or which kind of OS or images you want to analyze. It also depends on the requirements. Sometimes it's harder to deploy due to the scenario, the use case. Deployment times also vary, however, it takes, at minimum, 15 days to set everything up.

    What's my experience with pricing, setup cost, and licensing?

    The solution is a rather sizable investment. That said, for those organizations with sensitive data, that feed to know they are protected, it's likely worth the price tag.

    What other advice do I have?

    We are resellers of the product. I worked as a systems engineer previously. I'm now a sales executive, however, previously, I was in charge of making all the designs and the architecture for the solutions, and therefore, I know the distribution of these products, how can they be used, and different scenarios. I know how to position, for example, a FortiGate inside of a network for network segmentation and also for perimeter protection. Working also for VPN solutions, we were using FortiClients in EMS. We can have a centralized solution for VPN and also endpoint protection. In terms of versions we deployed, there was FortiSandbox 1000D and also FortiSandbox 3000D.  We try to integrate solutions together so they can have some feedback on each other and they can work better to provide security and to also sharpen the attack services. If you don't want to have any zero-day malware on your network, if you know that you will be literally exposed to those kinds of malware, it's good to have a solution such as this. That said, it's a big, big investment. It's a big investment for a business. If you really want to protect your information, if you're dealing with very, very delicate information, you need some kind of hardware or solution that can protect it from any kind of malware, especially those from zero-day. This Sandbox would be a must-have solution for those kinds of customers. I'd rate the solution at a nine out of ten. That would be dependant on what types of third-party software a company has that the solution could integrate with effectively.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
    Consultant Business Development - Security at a comms service provider with 51-200 employees
    Consultant
    Top 20
    Easy to configure and implement because of templates and has a competitive price, but there could be a higher number of VMs
    Pros and Cons
    • "Compared to other solutions, it's easy to configure and implement because of the templates. The timing of scanning files is faster."
    • "There could be more templates and a higher number of simulated VMs to configure more use cases. Sometimes we need to configure many use cases in many different environments, and if the number of VMs that we configure is limited, we have to remove some and reconfigure the environment if we need another environment."

    What is our primary use case?

    I provide this solution in the FortiGate firewall as a cloud license. I'm in presales and I qualify the solution, so I don't install it or deploy it. I worked with Sandbox for one project two years ago, especially with FortiGate 200E. I worked with the customer and prepared the solution according to their needs, and we decided on the architecture and design to deploy this solution.

    We put the firewall in the front end design and we configured it so that every file will be downloaded through the HTTP, or HTTPS, and the file will be scanned and analyzed with the antivirus of FortiClient. This is checked with the signature of this antivirus. If it's not okay, we will configure it to be scanned and analyzed with Sandbox.

    There, we will configure, for example, a virtual machine for in the cloud that contains Windows Server or Windows Desktop, the version that the customer already has. We deploy some services like Active Directory, or the service that the customer uses. We try to send this file to the virtual cloud. Then we check it. If the file attains a certain score, we will block it. If not, we can make an event quarantine. We configure our event in the firewall or in the switch that connects in this firewall, and we will put it in quarantine until that administrator checks this file and where or not it contains malware or not.

    In general, we purchase the license and we configure it in the front end firewall, not in the internal or data center firewall. This is especially for downloading the files that we can receive.

    For the firewall, we were using the version FortiOS 7.0. The first version that we deployed was the 6.5 version. That includes this cloud license.

    The firewall is on-premise, but the license for FortiSandbox is on the cloud.

    There are 10 people using this solution in my company.

    How has it helped my organization?

    The price has been a benefit to our organization. Fortinet has given us a very interesting financial offer compared to others. For example, if we compared it with Palo Alto, they have a specific license for sandbox but call it WildFire, and it's very expensive. In comparison with the Fortinet, the license is included in a bundle that includes antivirus and URL file filtering. This is for an SMB, small and medium businesses. It's competitive in terms of the price.

    What is most valuable?

    Compared to other solutions, it's easy to configure and implement because of the templates. The timing of scanning files is faster.

    What needs improvement?

    There could be more templates and a higher number of simulated VMs to configure more use cases. Sometimes we need to configure many use cases in many different environments, and if the number of VMs that we configure is limited, we have to remove some and reconfigure the environment if we need another environment. It's better to have more use cases and more simulated environments that we can configure.

    For how long have I used the solution?

    I have been using this solution for two years.

    What do I think about the stability of the solution?

    The solution is stable. The performance is okay because Fortinet is based on FortiADC, and they have the capability to have a higher performance than others.

    I do not use the solution daily. It depends on the project. At the moment, we don't have plans to increase usage.

    What do I think about the scalability of the solution?

    With the cloud license, the scalability is okay, but it depends on the firewall type. For a smaller business, I think they are limited with the number of files. It depends on the number of firewalls.

    For the on-prem solution, it certainly depends. I think there are problems with the scalability. If you need to extend or add more sizing, that means more files per day. We have to change the kind of appliance. This is a problem for that. But if it was on a VM solution, maybe it wouldn't be a problem for scalability.

    How are customer service and support?

    Technical support is good.

    Which solution did I use previously and why did I switch?

    We have used other solutions previously. It depends on the needs of our customers and the budget.

    Concerning security, Trend Micro is better in comparison.

    How was the initial setup?

    Initial setup is complex. The length it takes to deploy the solution just depends. We also need to have a tuning phase to collect more information for the environment and how to configure it. If we already have the template, we can easily configure it in two days. But after that, we have to make a learning phase or tuning phase to see how the solution responds and what the results are, and then we can optimize the configuration. The timing depends on the context.

    For maintenance, patching, and updating, we need maybe two people.

    What's my experience with pricing, setup cost, and licensing?

    The price is competitive.

    What other advice do I have?

    I would rate this solution 7 out of 10.

    Which deployment model are you using for this solution?

    Hybrid Cloud
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Flag as inappropriate
    Buyer's Guide
    Advanced Threat Protection (ATP)
    May 2022
    Find out what your peers are saying about Fortinet, Palo Alto Networks, Trellix and others in Advanced Threat Protection (ATP). Updated: May 2022.
    608,010 professionals have used our research since 2012.
    Dikeos Davakis - PeerSpot reviewer
    ICT Manager at Nic. J. Theocarakis
    Real User
    Top 5
    It can emulate several operating systems and is stable and easy to set up
    Pros and Cons
    • "The scanner office document as well as PDF are useful. The most valuable thing is that you can emulate different operating systems without having the danger of getting something infected. It emulates several operating systems, and as a result, you either get the file or you don't get the file."
    • "I don't know if it is viable to do an improvement like this. When there are passwords in the password-protected files, it can't scan them or do things like this. I don't know if an algorithm or something else could make it better. Nowadays, many legitimate office documents have passwords."

    What is our primary use case?

    We mainly use it for incoming mail from all our domains because we have several of them. We are servicing many companies as the holding company. Every mail is passed to the Sandbox virtual machine. It is a VM. Occasionally, a link or a standalone file that we want to check is also passed to the Sandbox virtual machine.

    What is most valuable?

    The scanner office document as well as PDF are useful. The most valuable thing is that you can emulate different operating systems without having the danger of getting something infected. It emulates several operating systems, and as a result, you either get the file or you don't get the file. 

    What needs improvement?

    I don't know if it is viable to do an improvement like this. When there are passwords in the password-protected files, it can't scan them or do things like this. I don't know if an algorithm or something else could make it better. Nowadays, many legitimate office documents have passwords.

    For how long have I used the solution?

    I have been using Fortinet FortiSandbox for about five to six years.

    What do I think about the stability of the solution?

    It is very stable. The only thing is that you have to manually check for some extensions. You have to do that mainly for the office documents because they change their extension. You have to manually add the new extension, but it is not a big problem. 

    How are customer service and technical support?

    They are very responsive. At first, I had interacted with only the Greece branch of Fortinet, which has only pre-sales engineers, not the support engineers, and they were very helpful. For the last two and a half years, we have a contract with a dedicated team for support. They're getting bigger, better, and greater. 

    How was the initial setup?

    It is very simple. You just specify the operating system that you want to emulate as well as the office version. It is pretty straightforward in terms of the procedure. It is easy to use and has a very useful interface.

    What's my experience with pricing, setup cost, and licensing?

    Altogether, it is about €10,000 for the Sandbox and Email Gateway. 

    What other advice do I have?

    I have used it within the Fortinet ecosystem. The whole Fortinet ecosystem collaborates very well. It is a standalone product as well, but I haven't tested it as a standalone product. If I had a choice, I would opt for the cloud version. I currently have the on-premises version.

    I would rate Fortinet FortiSandbox a nine out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Senior Security Engineer at a computer software company with 1,001-5,000 employees
    Real User
    Top 5
    Effective behavior analysis, useful manual scan, and overall comprehensive features
    Pros and Cons
    • "The dynamic behavior analysis is excellent. We have many attacks caught by the FortiSandbox as zero-day attacks. Additionally, the administration is simple and can be customized to fit your companies needs."
    • "The reporting tools could be improved in Fortinet FortiSandbox."

    What is our primary use case?

    We are using Fortinet FortiSandbox to inspect and scan all our files. All the files inside our organization that is transferred through the company. The solution scans the files inside the PSVM because it has many VMs inside the FortiScan. It's working on zero-day attacks and not based on the signature of the threat. It's based on behavior analysis.

    What is most valuable?

    The dynamic behavior analysis is excellent. We have many attacks caught by the FortiSandbox as zero-day attacks. Additionally, the administration is simple and can be customized to fit your companies needs.

    Fortinet FortiSandbox has manual scan features. We have other sandboxes solutions from other vendors but they don't have this feature. It allows you to interpret or intervene in the scan whatever you want. It is a SOC analyzer, and it is called Manual Scan or something similar. Comparing this feature to other vendors, it's very good.

    What needs improvement?

    The reporting tools could be improved in Fortinet FortiSandbox.

    For how long have I used the solution?

    I have been using Fortinet FortiSandbox for approximately six years.

    What do I think about the stability of the solution?

    The stability of the solution is good.

    What do I think about the scalability of the solution?

    We have not tried to scale the solution, it has been working fine for what we have been using it for at this time.

    We have approximately 50 devices and 1,000 to 2,000 files being scanned daily.

    We use the solution extensively.

    Which solution did I use previously and why did I switch?

    We use similar sandbox solutions from Forcepoint and Palo Alto.

    How was the initial setup?

    The installation of Fortinet FortiSandbox is very easy.

    What about the implementation team?

    We did the implementation ourselves.

    What's my experience with pricing, setup cost, and licensing?

    We are on an annual license to use the solution. We have an additional feature that is integrated with S5, which is working well.

    What other advice do I have?

    I would recommend Fortinet FortiSandbox to others, it is the most comprehensive sandbox available.

    I rate Fortinet FortiSandbox an eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    Mostafa  Nawar - PeerSpot reviewer
    Senior Network & Security Engineer at TransIT
    Real User
    Top 5
    Scalable, simple setup, but customization could improve
    Pros and Cons
    • "Fortinet FortiSandbox is scalable."
    • "The use cases in Fortinet FortiSandbox are not good. It is difficult to upload a custom VM for Fortinet FortiSandbox. The integration of Fortinet FortiSandbox with other Fortinet or FortiGate firewalls is not good. VMs are already installed in the hardware and are working fine, but we tried to approve the custom VM many times but did not succeed."

    What is our primary use case?

    We use Fortinet FortiSandbox to integrate FortiMail and FortiGate firewalls.

    What needs improvement?

    The use cases in Fortinet FortiSandbox are not good. It is difficult to upload a custom VM for Fortinet FortiSandbox. The integration of Fortinet FortiSandbox with other Fortinet or FortiGate firewalls is not good. VMs are already installed in the hardware and are working fine, but we tried to approve the custom VM many times but did not succeed.

    Fortinet FortiSandbox is complex in uploading the custom VM. Fortinet FortiSandbox needs to improve the customization and the custom framework updates.

    For how long have I used the solution?

    I have been using Fortinet FortiSandbox for approximately two years.

    What do I think about the stability of the solution?

    Fortinet FortiSandbox stability could improve.

    What do I think about the scalability of the solution?

    Fortinet FortiSandbox is scalable.

    We have approximately 300 users using this solution. We plan to increase usage of Fortinet FortiSandbox. We are moving to the next version soon.

    How are customer service and support?

    The technical support of Fortinet FortiSandbox is good.

    How was the initial setup?

    The initial setup of Fortinet FortiSandbox is easy, it took us a few days to do.

    What about the implementation team?

    We used a third party to do the implementation of Fortinet FortiSandbox.

    We have three engineers that are looking after the maintenance and are supporting the solution.

    What's my experience with pricing, setup cost, and licensing?

    The price of Fortinet FortiSandbox is expensive.

    What other advice do I have?

    Fortinet FortiSandbox is a leader in the market and they have good solutions.

    I rate Fortinet FortiSandbox a seven out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    Cybersecurity Engineer at a transportation company with 10,001+ employees
    Real User
    Works fine and has a reasonable price, but it would be good to have more dashboards

    What is most valuable?

    Overall, it works fine. Its interface is also fine.

    What needs improvement?

    If we can have more dashboards, it would be good.

    For how long have I used the solution?

    We have FortiSandbox and Fortinet firewalls. I have been using these solutions for three to four years.

    What do I think about the stability of the solution?

    It is stable.

    What do I think about the scalability of the solution?

    Scalability will always be there. Currently, I am the only user.

    How are customer service and support?

    Their support is good.

    How was the initial setup?

    Its setup is not that complex.

    What about the implementation team?

    It was done by a vendor.

    What's my experience with pricing, setup cost, and licensing?

    Fortinet is more reasonable than Palo Alto.

    What other advice do I have?

    I would recommend this solution. Others can use it, and there is no harm in that. I haven't used another Sandbox, so I cannot compare it with something else.

    I would rate it a seven out of 10.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    Network Engineer at a tech services company with 51-200 employees
    Real User
    Top 5
    Reliable, good support, and simple to manage

    What is our primary use case?

    We use Fortinet FortiSandbox for threat protection and threat emulation.

    What is most valuable?

    The solution is easy to manage.

    For how long have I used the solution?

    I have been using Fortinet FortiSandbox for approximately one year.

    What do I think about the stability of the solution?

    The solution is stable.

    What do I think about the scalability of the solution?

    We have over 20 customers using this solution.

    How are customer service and support?

    The technical support is good.

    How was the initial setup?

    The initial setup is not too complex but could be easier.

    What's my experience with pricing, setup cost, and licensing?

    There is a license to use this solution.

    What other advice do I have?

    I rate Fortinet FortiSandbox a ten out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    Buyer's Guide
    Download our free Advanced Threat Protection (ATP) Report and find out what your peers are saying about Fortinet, Palo Alto Networks, Trellix, and more!
    Updated: May 2022
    Buyer's Guide
    Download our free Advanced Threat Protection (ATP) Report and find out what your peers are saying about Fortinet, Palo Alto Networks, Trellix, and more!