Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiSandbox VM on AWS

    Home FortiSandbox Public Cloud 3.2.0 FortiSandbox VM on AWS
    3.2.0
    5.0.0
    4.4.0
    4.2.3
    4.2.1
    4.2.0
    4.0.0
    3.2.0
    3.1.0
    3.0.0

    Preparing network connection for FortiSandbox VM

    Preparing network connection for FortiSandbox VM

    Creating a private subnet

    The Private Subnet (IPv4 CIDR 10.0.1.0/24) is connected to all VM clones and FSA-VM.

    To create a private subnet:
    1. Click Create Subnet and configure the following information.
      • For Name tag, enter a name. For example, private_FortiSandbox.
      • For VPC, select the VPC you created.
      • For IPv4 CIDR block, enter 10.0.1.0/24 (for private subnet).

    2. Click Yes, Create.

    Creating a NAT gateway and setting the route table

    The AWS security team recommends the following:

    • Do not use NAT/Internet Gateway for private subnet. You can use it temporarily for testing but do not use it for running real malware.
    • Use AWS VPN or AWS Direct Connect to route out of an egress point to a third-party Internet provider.
    To create a NAT Gateway:
    1. Under Virtual Private Cloud, select NAT Gateways.
    2. Click Create NAT Gateway and select the public subnet you created.
    3. For Subnet, select the Elastic IP you created.

    4. Click Create a NAT Gateway.
    To create a route table:
    1. Under Virtual Private Cloud, select Route Tables.
    2. Click Create Route Table and configure the following. Then click Yes, Create.
      • For Name Tag, enter a name.
      • For VPC, select the VPC you created.

    3. Go to Subnet Associations.
    4. Click Edit, select the public subnet, then click Save.

    5. Go to Routes and click Add Another Route.
      • For Destination, enter 0.0.0.0/0.
      • For Target, select the Internet Gateway for public subnet you created.
    6. Click Save.
    7. Repeat these steps to create a route table for your private subnet, and, if needed, for your HA-Cluster.

    Creating and attaching DHCP options to VPC

    1. Under Virtual Private Cloud, select DHCP Options Sets.
    2. Click Create DHCP options set and configure the following:
      • For Name, enter a name. For example, dhcp_fortisandbox.
      • For Domain name servers, enter the primary IP address you provided when creating eth1 of FortiSandbox. If auto-assigned, enter the IP address from Instance Details.

    3. Click Create DHCP options set.
    4. Go back to Your VPCs; then right-click the VPC entry you created and select Edit DHCP Options Set.

    5. Choose the DHCP Options Set you created and click Save.

    Previous
    Next

    Preparing network connection for FortiSandbox VM

    Preparing network connection for FortiSandbox VM

    Creating a private subnet

    The Private Subnet (IPv4 CIDR 10.0.1.0/24) is connected to all VM clones and FSA-VM.

    To create a private subnet:
    1. Click Create Subnet and configure the following information.
      • For Name tag, enter a name. For example, private_FortiSandbox.
      • For VPC, select the VPC you created.
      • For IPv4 CIDR block, enter 10.0.1.0/24 (for private subnet).

    2. Click Yes, Create.

    Creating a NAT gateway and setting the route table

    The AWS security team recommends the following:

    • Do not use NAT/Internet Gateway for private subnet. You can use it temporarily for testing but do not use it for running real malware.
    • Use AWS VPN or AWS Direct Connect to route out of an egress point to a third-party Internet provider.
    To create a NAT Gateway:
    1. Under Virtual Private Cloud, select NAT Gateways.
    2. Click Create NAT Gateway and select the public subnet you created.
    3. For Subnet, select the Elastic IP you created.

    4. Click Create a NAT Gateway.
    To create a route table:
    1. Under Virtual Private Cloud, select Route Tables.
    2. Click Create Route Table and configure the following. Then click Yes, Create.
      • For Name Tag, enter a name.
      • For VPC, select the VPC you created.

    3. Go to Subnet Associations.
    4. Click Edit, select the public subnet, then click Save.

    5. Go to Routes and click Add Another Route.
      • For Destination, enter 0.0.0.0/0.
      • For Target, select the Internet Gateway for public subnet you created.
    6. Click Save.
    7. Repeat these steps to create a route table for your private subnet, and, if needed, for your HA-Cluster.

    Creating and attaching DHCP options to VPC

    1. Under Virtual Private Cloud, select DHCP Options Sets.
    2. Click Create DHCP options set and configure the following:
      • For Name, enter a name. For example, dhcp_fortisandbox.
      • For Domain name servers, enter the primary IP address you provided when creating eth1 of FortiSandbox. If auto-assigned, enter the IP address from Instance Details.

    3. Click Create DHCP options set.
    4. Go back to Your VPCs; then right-click the VPC entry you created and select Edit DHCP Options Set.

    5. Choose the DHCP Options Set you created and click Save.

    Previous
    Next