Frequently Asked Questions

What is your question about ?

An Outbreak Alert is a comprehensive report that provides in-depth insights into cybersecurity threats, serving as a vital tool for organizations to stay informed about critical and or emerging cybersecurity risks that may compromise sensitive data, disrupt business operations, and pose significant risks to the organization’s overall security.


Each report can assist customers in understanding the background of the attack, the timeline of events, affected technologies, and related threat intelligence such as Indicators of Compromise (IoCs), Tactics, Techniques, and Procedures (TTPs), and Attack sequence used by the adversaries.


The FortiGuard Outbreak Alerts provide context around the entire attack surface and help clarify which Fortinet product or service can aid in the Protection, Detection, Response, Recovery, and Identification of the threat.

The new threat radar combines both FortiGuard telemetries and the external threat landscape. This combination provides a holistic rating of the cyber threat. Users may use the Threat Radar values in conjunction with other vulnerability management processes to make informed decisions about patching, mitigation, and defense strategies. A higher value suggests a higher priority for remediation efforts and actionable Intelligence as they represent a more immediate or severe threat.

When an outbreak has multiple CVEs, we use the highest possible value from each CVE when creating Threat Radar. This is to anticipate the Outbreak Threat level as compared to each related CVEs.

The Exploit Prediction Scoring System (EPSS, provided by FIRST is a data-driven effort for estimating the likelihood (probability) that a software vulnerability will be exploited in the wild. The higher the value the greater likelihood of exploitation. EPSS scores on Outbreak are processed every day. To learn more visit: https://www.first.org/epss/

Anyone can subscribe to receive the FortiGuard Outbreak Alert report using the link below and signing up using your email address. https://www.fortinet.com/fortiguard/labs

Customers using FortiAnalyzer may subscribe to the Outbreak Detection Service, which delivers the outbreak reports plus real-time updated event handlers and reports to check the customer environment (logs) for any triggers associated with the outbreak. FortiAnalyzer can then raise incidents and generate reports for customer SOC teams to further investigate or take remediation action. Other products also support automated Outbreak Detection Services, including pre-built decoys for FortiDeceptor,automated security rating packages for FortiGate, targeted threat hunting for FortiSIEM, endpoint tagging rules for FortiClient, and playbook response packages for FortiSOAR.

FortiGuard Threat Signal acts as an early warning system for potential cybersecurity outbreaks, allowing organizations to identify and respond to emerging threats before they escalate. By monitoring these signals organizations can gain valuable insights into potential vulnerabilities and threats. This proactive approach enables timely intervention, minimizing the risk of data breaches, operational disruptions, and other security incidents.

The Threat Signal and Outbreak Alert are both cybersecurity reports from FortiGuard Labs, but they differ in scope and detail:


Threat Signal provides concise, actionable insights into emerging threats. It focuses on technical details, mitigation recommendations, and available solutions in a straightforward FAQ format. It is designed to deliver quick, clear information for immediate action.


Outbreak Alert, on the other hand, is a comprehensive, in-depth report offering detailed insights into specific cybersecurity threats. It covers the attack’s background, timeline, affected technologies, and related threat intelligence (e.g., IoCs, TTPs, attack sequences). It also highlights how Fortinet products can assist in different stages of threat management (Protection, Detection, Response, Recovery, and Identification).

If you have found a vulnerability in a third party product (non-Fortinet) please fill this form and provide some details about the software, device model etc. (such as software version, hardware model)

If you have found a vulnerability in a Fortinet product please fill this form and provide details about the hardware model or software product. Please include information such as the model number, OS version, software version as applicable.

Please fill out this form and provide details about the software product including a download link, version number and any other relevant information.

Please fill out this form and provide details of the problem encountered. Please include the Fortinet hardware or software product used including model, os and/or software version number as appropriate.

If you discover a suspicious file on your machine, or suspect that a program you downloaded from the internet might be malicious you can scan it here. Use this form and enter the file name to be checked in the box to the right and it will automatically be uploaded from your computer to a dedicated server where it will be scanned using FortiClient Antivirus. A confirmation email will be sent to the provided email address containing the results of the scan.

The form on this page can be used should a software author or company feel their product has been incorrectly classified as Spyware. Note that Fortinet uses the term "Spyware" as both a description of activity (see Spyware Classification and Terms) as well as a general term for potentially undesirable software that does not fall under the catagory of computer virus or trojan.

Please fill out this form and provide details of the detection including the name and id number if available.

Please fill out this form and provide details of the problem encountered. Please include the Fortinet hardware or software product used including model, os and/or software version number as appropriate.

Please fill out this form and suggest a category from the available web filtering categories. You may optionally provide a screen capture of block message. (add a link to the web filter categories page).

Please fill out this form and provide details of the problem encountered. Please include the Fortinet hardware or software product used including model, os and/or software version number as appropriate.

Please fill out this form and provide the url and other necessary information.

Please fill out this form and provide the url and other necessary information.

If you notice a false positive, a clean message marked as spam by FortiGuard AntiSpam Service, or if you believe an IP address, URL, or email address is blocked incorrectly, you can either:

If you are the email sender who had an email message incorrectly blocked please send us the error message you received. The error message should look like the following: 

mail.xxx.xxx #5.7.1 smtp;554 5.7.1 This message has been blocked because it contains
FortiGuard - AntiSpam blocking URL/IP/Email/Hash(s).(black url/ip/email/hash xxx.xxx)

If you are a Fortinet customer please send us the AntiSpam log messages obtained from FortiGate, FortiClient or FortiMail, including your Fortinet product's serial number. The AntiSpam log from FortiGate should look like the following: 

Feb 26 19:15:13 xx.xx.com date=2006-02-26 time=19:15:14 device_id=FGT-xxxxxxxxxxx log_id=xxxxxxx
type=emailfilter subtype=smtp pri=notice vd=root src=xxx.xxx.xxx.xxx dst=xxx.xxx.xxx.xxx
src_int=wan1 dst_int=internal service=smtp status=detected from="xxx@xxx.com" to="xxxx@xxx.net"
msg="The email contains FortiGuard - AntiSpam blocking URL(s).(black url xx.xxxx.xxx)"

Please fill out this form and provide details of the problem encountered. Please include the Fortinet hardware or software product used including model, os and/or software version number as appropriate.

Submitted spam will be analyzed, and their signatures will be extracted to be added to our spam signature database. This helps to improve the FortiGuard AntiSpam detection and filtering for similar spam. We appreciate your submitted spam samples, but do not respond to them due to the high volume of submissions.

Submission Instructions:

For Microsoft Outlook:


Method 1:
  1. Open Microsoft Outlook
  2. Create a new email to submitspam@fortinet.com
  3. Drag the message(s) you want to submit from the "message listing" pane into the body of the new message window you just created.
  4. Send the message.
Method 2:
Set Outlook to forward email as original attachment by
  1. In Outlook menu, click "Tools" -> "Options"
  2. In "Preference" tab, click "Email Options..." button in "Email" section
  3. In the drop-down section "When forwarding a message," choose "Attach original message text"
  4. Click "OK"
From now on, you can simply click the "Forward" button in Outlook and set submitspam@fortinet.com as the "To:" address to submit a spam.

For Microsoft Outlook Express:


  1. Open Microsoft Outlook Express
  2. Right-click the message you want to submit, click "Forward As Attachment"
  3. Set submitspam@fortinet.com as the "To:" address
  4. Click "Send"

For Thunderbird/Mozilla/Netscape:


Method 1:
  1. Open Thunderbird/Mozilla/Netscape mail
  2. Create a new email to submitspam@fortinet.com
  3. Drag the message(s) you want to submit from the "message listing" pane into the 'attachment' area of the new message window you just created.
  4. Send the message
Method 2:
Set Thunderbird/Mozilla/Netscape to forward email as original attachment by
  1. Click "Edit" -> "Preference"
  2. In Composition section, there is a drop-down option for "Forward messages". Choose "As Attachment".
  3. Click "OK"/"Close"
From now on, you can simply click the "Forward" button in Thunderbird/Mozilla/Netscape and set submitspam@fortinet.com as the "To:" address to submit a spam.

For Lotus Notes Client:


  1. Open Lotus Domio Client
  2. Open the spam email which would like to submit.
  3. From Menu View -> Show -> Page Source
  4. Select the entire page source and copy the selected content.
  5. Paste it to a notepad and save it as spamsample.eml.
  6. Create a new email with the spam email as an RFC-822 MIME encoded attachment.
  7. In the To box, type: submitspam@fortinet.com
  8. Send the message.

For Web Based Mail Clients:


If you are using web-based mail like yahoo or gmail, please forward the spam email as an attachment instead of inline text.

If you would like Fortinet to categorize your application (including custom application signatures), submit this form. Fortinet operators will review your request and respond in a timely manner.

Please fill out this form and provide details of the problem encountered. Please include the Fortinet hardware or software product used including model, os and/or software version number as appropriate.

Anycast is a technology that consists of multiple different servers around the world with the same IP address. It typically routes the user's request to the closest available server, and multinational telecom providers often use it to reduce latency on global services.


Since anycast IPs have different physical locations for deployment, all of which are considered "correct" and none of them have priority, a single physical location is not very conclusive for the designated anycast IP in firewall policies. To address this, FortiOS provides an option to whitelist or blacklist all anycast IPs. This can be done by using the anycast flag setting in FortiOS. Additionally, the GeoDB shows the registration location of an IP as its default location if it's anycast. This feature enables users to configure firewall policies based on the generic GeoDB function.


Please refer to our TAC team or your local support engineer for assistance on the functions mentioned above.

IP address ranges are publicly registered on internet registries (RIRs). This registration information, also known as WHOIS information, includes the country where the owning entity is headquartered. This country is considered the registration location of an IP block. However, multinational internet service companies often allocate their IPs to data centers around the world. As a result, the physical location of an IP may not necessarily match the registration information.


Our IP-Geolocation database by default displays and uses the physical location of an IP. Showing the actual geographic location of an IP is fundamental in various fields, including location-based services and malware detection. However, our database also includes the registration country data. FortiOS can be configured to use either the "physical location" or the "registration location" depending on your specific needs.


Please refer to our TAC team or your local support engineer for assistance on the functions mentioned above.

We would like to hear from you! Please use this form to let us know how you're liking the new beta of FortiGuard.


Please fill the form and provide details of the service you would like to renew.

Please fill out this form and provide details of the issue including the link that is unavailable.

Please fill out this form and provide details of the issue including the specific service(s) in question.

Please fill out this form and provide the link to the PSIRT advisory and list of details you would like more information about.

Please fill out this form and provide application name, ip address and other necessary information.

Please fill out this form and provide ip address, url or domain and other necessary information.

Please fill out this form and provide ip address and other necessary information.

Please fill out this form and provide the MAC Address and other necessary information.

Please fill out this form and provide the url and other necessary information.

Please use this form to request emergency IR services.

Don't see what you're looking for?

Check out the

Fortinet Community or use the general contact form.