diff --git a/http/exposed-panels/fortisandbox-panel.yaml b/http/exposed-panels/fortisandbox-panel.yaml
new file mode 100644
index 000000000000..7b1208af57c2
--- /dev/null
+++ b/http/exposed-panels/fortisandbox-panel.yaml
@@ -0,0 +1,34 @@
+id: fortisandbox-panel
+
+info:
+  name: FortiSandbox Panel - Detect
+  author: rxerium
+  severity: info
+  description: |
+    Detected exposed FortiSandbox login and management interfaces.
+  reference:
+    - https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/FortiSandbox.pdf
+  metadata:
+    max-request: 1
+    verified: true
+    vendor: fortinet
+    product: fortisandbox
+    shodan-query: http.title:"FortiSandbox"
+  tags: fortinet,fortisandbox,panel,login,discovery
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/ng/login?returnUrl=%2F"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '<title>FortiSandbox'
+          - '<span>FortiSandbox'
+
+      - type: status
+        status:
+          - 200