Skip to content Skip to navigation Skip to footer


Sandboxing solutions from Fortinet detect and analyze zero-day malware and other advanced file-based threats. The combination of service and product provides a comprehensive, coordinated, integrated, and scalable approach to advanced detection and protection from file-based zero-day threats. Inline sandboxing offers the industry’s first inline blocking on an NGFW. Flexible deployment options include Platform-as-a-Service, Software-as-a-Service, virtual machine, and hardware appliances to suit any use case and type of organization.

Immediate Protection with Real-time Analysis

The FortiGuard Inline Sandbox Service combines multilayered advanced threat filtering. It uses AV, CPRL, AI/ML, dynamic analysis with deep neural networks, and FortiGuard threat intelligence to render verdicts in real time without impact on productivity or security overhead. The service is available globally.

Comprehensive Security

FortiSandbox is the ultimate combination of AI-/ML-powered detection and threat filtering. It detects and remediates threats traditional approaches miss. Deploy as on-prem, cloud, or a hosted service for your enterprise, OT, or SOC needs.

Inline Sandbox Delivers Real-time Zero-day Protection

How Inline Sandbox Works

The FortiGuard Inline Sandbox Service does not let any suspicious files pass into the organization. A combination of AV, advanced threat filtering, and AI/ML, narrows down file-based threats. This eliminates false positives to focus on unknown threats that can pose actual risk.

Inline blocking on the NGFW blocks unknown files and sends them to the inline sandbox.

Static and dynamic analysis of suspicious files results in sub-second malware detection and verdicts. If the file is clean, the NGFW will release the file to the user. Otherwise, the file will be blocked and quarantined for further action.

What is Advanced Threat Filtering?

Advanced threat filtering optimizes file analysis while reducing false positives. Combining AV and techniques like AI/ML, CPRL, deep inspection, advanced threat filtering filters out the noise. It sends only select, higher risk zero-day files for deeper sandbox analysis.

Advanced threat filtering reduces file processing time and enables quicker time to verdict while maintaining a high security posture.

Advanced threat filtering delivers security without guess work.

Services and Products Deployment Options

Service/Product Type Description Inline Blocking
FortiGuard AI-based Inline Sandbox Service SaaS subscription The FortiGuard AI-Based Inline Sandbox Service is a new a-la-carte service for FortiGate NGFWs. It includes inline blocking for sandbox and AI/NDR detection, plus log enrichment for SOC teams Yes
Cloud Sandbox Service SaaS subscription Available as part of Fortigate Cloud, is subscription sandbox service that protects against zero-day malware. No
FortiSandbox Hosted PaaS subscription Fortinet-hosted sandbox is a subscription service. It includes FortiSandbox VM with dedicated resources for high performance and centralization of reports.  Yes
FortiSandbox Virtual Appliance VM subscription FortiSandbox VMs are offered as an alternative to hardware for greater deployment flexibility with same features.  Yes
FortiSandbox Hardware HW bundle + licenses FortiSandbox hardware appliances natively integrate with the Security Fabric, Fabric Partners, adapters, APIs, network share and sniffer to intercept and submit suspicious content to FortiSandbox. The integration also provides timely remediation and reporting capabilities to those devices. Yes

Fortinet Security Fabric Integrations

The strength of Fortinet's platform-driven approach is to enable coordinated workflows including response while customers benefit from a globalized network effect across Fortinet’s worldwide install base. The FortiGuard Sandbox Service and related sandbox portfolio are integrated into the following Fabric solutions:


Sandbox Across the Fabric

Sandbox Use Cases

With a growing attack surface, organizations need protection against sophisticated, multi-vector, and multi-stage AI/ML- driven zero-day attacks. Sandboxing solutions from Fortinet detect and block zero-day and other advanced attacks from ever becoming threats. Key use cases include the following:

Features and Benefits


Prevent delays and unknown files from entering the network with real-time analysis and filtering.


Deploy inline on hardware & VM appliances on-premises, or use SaaS or PaaS options.


Extend zero-day threat protection to NGFWs and other major areas of your infrastructure.


Speed investigation with built-in MITRE ATT&CK® matrix to identify a variety of malware.


Protect IT, OT, and converged environments and assets with one solution.


Block unknown files and experience fewer incidents and less investigation and mitigation time.