Fortinet black logo

FortiSandbox VM on AWS

Home FortiSandbox Public Cloud 4.0.0 FortiSandbox VM on AWS

Optional: Using a custom VM on AWS

4.0.0
4.4.0
4.2.3
4.2.1
4.2.0
4.0.0
3.2.0
3.1.0
3.0.0
Copy Link
Copy Doc ID 8e94bfda-ac4e-11eb-b70b-00505692583a:370767
Download PDF

Optional: Using a custom VM on AWS

FortiSandbox AWS supports custom VMs. You can provide a VHD image of a custom VM and the FortiSandbox firmware can load the VM image and use it for sample analysis.

For information on setting up a custom VM on AWS, see the custom VM image section in the FortiSandbox Administration Guide to do the following:

  • Create a custom VHD image using virtualization software such as VirtualBox.
  • Prepare the OS installation package.
  • Install software and components on the custom VM image.
  • Set up the VM image environment.

Preparing the network interface for custom VM

  1. Create a network interface under private_subnet (10.0.1.x) and assign a private IP address.
  2. Attach this network interface to FortiSandbox AWS.

  3. Reboot the FortiSandbox instance.
  4. Go to System > Interfaces to verify that the network interface is attached.

Installing a custom VM using CLI

Convert the saved pem file which you downloaded while creating the key pair to a ppk file.

If you did not choose the without key pair option, log in using <InstanceID> as the password.

Note
  • Use a meaningful custom VM name and keep the name the same as VM_image_name.
  • Do not use special characters in the name.
  • Do not use reserved FortiSandbox VM names starting with WIN7, WIN8, or WIN10.
Note

Do not use the set admin-port command to set port2 as the administrative port.
To install a custom VM on AWS:
  1. Go to the FortiSandbox firmware CLI.
  2. Import the VHD image using the CLI command vm-customized.

    For more information about the vm-customized command, see the FortiSandbox CLI Reference Guide in the Fortinet Document Library.

  3. In the FortiSandbox GUI, go to Scan Policy and Object > VM Settings and change Clone # to 1 or higher.

  4. In a new CLI window, check the VM clone initialization using the diagnose-debug vminit command.
  5. In the FortiSandbox GUI, go to the Dashboard to verify there is a green checkmark beside Windows VM.

  6. To associate file extensions to the custom VM, go to Scan Policy and Object> Scan Profile to the VM Association tab.

Test the installation

  1. Go to Scan Job > File On-Demand > Submit File.
  2. Select the file and click Submit. For example, select Sample.pdf.

    If the file you send to FortiSandbox is not harmful, the rating is Clean.

  3. When the scan is finished, click the View File icon to view job details.

Interaction with a custom VM clone during scan

  1. Go to Scan Job > File On-Demand or URL on-Demand and click Submit File or Submit File/URL.
  2. Enable Force to scan the file inside VM or Force to scan the url inside VM.
  3. Select Force to scan inside the following VMs and select the custom VM.

  4. Click Submit.
  5. Go to Scan Policy and Object> VM Settings and click VM Screenshot.
  6. When the icon in the Interaction column is enabled, click the icon to establish an RDP tunnel.

  7. Click Yes to manually start the scan process with VM Interaction.

  8. When the FortiSandbox tracer engine displays the PDF sample, you can click Yes to manually stop the scan process.

  9. When the scan is finished, go to the job details page to view the scan results.

Previous
Next

Optional: Using a custom VM on AWS

FortiSandbox AWS supports custom VMs. You can provide a VHD image of a custom VM and the FortiSandbox firmware can load the VM image and use it for sample analysis.

For information on setting up a custom VM on AWS, see the custom VM image section in the FortiSandbox Administration Guide to do the following:

  • Create a custom VHD image using virtualization software such as VirtualBox.
  • Prepare the OS installation package.
  • Install software and components on the custom VM image.
  • Set up the VM image environment.

Preparing the network interface for custom VM

  1. Create a network interface under private_subnet (10.0.1.x) and assign a private IP address.
  2. Attach this network interface to FortiSandbox AWS.

  3. Reboot the FortiSandbox instance.
  4. Go to System > Interfaces to verify that the network interface is attached.

Installing a custom VM using CLI

Convert the saved pem file which you downloaded while creating the key pair to a ppk file.

If you did not choose the without key pair option, log in using <InstanceID> as the password.

Note
  • Use a meaningful custom VM name and keep the name the same as VM_image_name.
  • Do not use special characters in the name.
  • Do not use reserved FortiSandbox VM names starting with WIN7, WIN8, or WIN10.
Note

Do not use the set admin-port command to set port2 as the administrative port.
To install a custom VM on AWS:
  1. Go to the FortiSandbox firmware CLI.
  2. Import the VHD image using the CLI command vm-customized.

    For more information about the vm-customized command, see the FortiSandbox CLI Reference Guide in the Fortinet Document Library.

  3. In the FortiSandbox GUI, go to Scan Policy and Object > VM Settings and change Clone # to 1 or higher.

  4. In a new CLI window, check the VM clone initialization using the diagnose-debug vminit command.
  5. In the FortiSandbox GUI, go to the Dashboard to verify there is a green checkmark beside Windows VM.

  6. To associate file extensions to the custom VM, go to Scan Policy and Object> Scan Profile to the VM Association tab.

Test the installation

  1. Go to Scan Job > File On-Demand > Submit File.
  2. Select the file and click Submit. For example, select Sample.pdf.

    If the file you send to FortiSandbox is not harmful, the rating is Clean.

  3. When the scan is finished, click the View File icon to view job details.

Interaction with a custom VM clone during scan

  1. Go to Scan Job > File On-Demand or URL on-Demand and click Submit File or Submit File/URL.
  2. Enable Force to scan the file inside VM or Force to scan the url inside VM.
  3. Select Force to scan inside the following VMs and select the custom VM.

  4. Click Submit.
  5. Go to Scan Policy and Object> VM Settings and click VM Screenshot.
  6. When the icon in the Interaction column is enabled, click the icon to establish an RDP tunnel.

  7. Click Yes to manually start the scan process with VM Interaction.

  8. When the FortiSandbox tracer engine displays the PDF sample, you can click Yes to manually stop the scan process.

  9. When the scan is finished, go to the job details page to view the scan results.

Previous
Next