Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiSandbox VM on AWS

    Home FortiSandbox Public Cloud 4.0.0 FortiSandbox VM on AWS
    4.0.0
    5.0.0
    4.4.0
    4.2.3
    4.2.1
    4.2.0
    4.0.0
    3.2.0
    3.1.0
    3.0.0

    Optional: Using a custom VM on AWS

    Optional: Using a custom VM on AWS

    FortiSandbox AWS supports custom VMs. You can provide a VHD image of a custom VM and the FortiSandbox firmware can load the VM image and use it for sample analysis.

    For information on setting up a custom VM on AWS, see the custom VM image section in the FortiSandbox Administration Guide to do the following:

    • Create a custom VHD image using virtualization software such as VirtualBox.
    • Prepare the OS installation package.
    • Install software and components on the custom VM image.
    • Set up the VM image environment.

    Preparing the network interface for custom VM

    1. Create a network interface under private_subnet (10.0.1.x) and assign a private IP address.
    2. Attach this network interface to FortiSandbox AWS.

    3. Reboot the FortiSandbox instance.
    4. Go to System > Interfaces to verify that the network interface is attached.

    Installing a custom VM using CLI

    Convert the saved pem file which you downloaded while creating the key pair to a ppk file.

    If you did not choose the without key pair option, log in using <InstanceID> as the password.

    Note
    • Use a meaningful custom VM name and keep the name the same as VM_image_name.
    • Do not use special characters in the name.
    • Do not use reserved FortiSandbox VM names starting with WIN7, WIN8, or WIN10.
    Note

    Do not use the set admin-port command to set port2 as the administrative port.
    To install a custom VM on AWS:
    1. Go to the FortiSandbox firmware CLI.
    2. Import the VHD image using the CLI command vm-customized.

      For more information about the vm-customized command, see the FortiSandbox CLI Reference Guide in the Fortinet Document Library.

    3. In the FortiSandbox GUI, go to Scan Policy and Object > VM Settings and change Clone # to 1 or higher.

    4. In a new CLI window, check the VM clone initialization using the diagnose-debug vminit command.
    5. In the FortiSandbox GUI, go to the Dashboard to verify there is a green checkmark beside Windows VM.

    6. To associate file extensions to the custom VM, go to Scan Policy and Object> Scan Profile to the VM Association tab.

    Test the installation

    1. Go to Scan Job > File On-Demand > Submit File.
    2. Select the file and click Submit. For example, select Sample.pdf.

      If the file you send to FortiSandbox is not harmful, the rating is Clean.

    3. When the scan is finished, click the View File icon to view job details.

    Interaction with a custom VM clone during scan

    1. Go to Scan Job > File On-Demand or URL on-Demand and click Submit File or Submit File/URL.
    2. Enable Force to scan the file inside VM or Force to scan the url inside VM.
    3. Select Force to scan inside the following VMs and select the custom VM.

    4. Click Submit.
    5. Go to Scan Policy and Object> VM Settings and click VM Screenshot.
    6. When the icon in the Interaction column is enabled, click the icon to establish an RDP tunnel.

    7. Click Yes to manually start the scan process with VM Interaction.

    8. When the FortiSandbox tracer engine displays the PDF sample, you can click Yes to manually stop the scan process.

    9. When the scan is finished, go to the job details page to view the scan results.

    Previous
    Next

    Optional: Using a custom VM on AWS

    Optional: Using a custom VM on AWS

    FortiSandbox AWS supports custom VMs. You can provide a VHD image of a custom VM and the FortiSandbox firmware can load the VM image and use it for sample analysis.

    For information on setting up a custom VM on AWS, see the custom VM image section in the FortiSandbox Administration Guide to do the following:

    • Create a custom VHD image using virtualization software such as VirtualBox.
    • Prepare the OS installation package.
    • Install software and components on the custom VM image.
    • Set up the VM image environment.

    Preparing the network interface for custom VM

    1. Create a network interface under private_subnet (10.0.1.x) and assign a private IP address.
    2. Attach this network interface to FortiSandbox AWS.

    3. Reboot the FortiSandbox instance.
    4. Go to System > Interfaces to verify that the network interface is attached.

    Installing a custom VM using CLI

    Convert the saved pem file which you downloaded while creating the key pair to a ppk file.

    If you did not choose the without key pair option, log in using <InstanceID> as the password.

    Note
    • Use a meaningful custom VM name and keep the name the same as VM_image_name.
    • Do not use special characters in the name.
    • Do not use reserved FortiSandbox VM names starting with WIN7, WIN8, or WIN10.
    Note

    Do not use the set admin-port command to set port2 as the administrative port.
    To install a custom VM on AWS:
    1. Go to the FortiSandbox firmware CLI.
    2. Import the VHD image using the CLI command vm-customized.

      For more information about the vm-customized command, see the FortiSandbox CLI Reference Guide in the Fortinet Document Library.

    3. In the FortiSandbox GUI, go to Scan Policy and Object > VM Settings and change Clone # to 1 or higher.

    4. In a new CLI window, check the VM clone initialization using the diagnose-debug vminit command.
    5. In the FortiSandbox GUI, go to the Dashboard to verify there is a green checkmark beside Windows VM.

    6. To associate file extensions to the custom VM, go to Scan Policy and Object> Scan Profile to the VM Association tab.

    Test the installation

    1. Go to Scan Job > File On-Demand > Submit File.
    2. Select the file and click Submit. For example, select Sample.pdf.

      If the file you send to FortiSandbox is not harmful, the rating is Clean.

    3. When the scan is finished, click the View File icon to view job details.

    Interaction with a custom VM clone during scan

    1. Go to Scan Job > File On-Demand or URL on-Demand and click Submit File or Submit File/URL.
    2. Enable Force to scan the file inside VM or Force to scan the url inside VM.
    3. Select Force to scan inside the following VMs and select the custom VM.

    4. Click Submit.
    5. Go to Scan Policy and Object> VM Settings and click VM Screenshot.
    6. When the icon in the Interaction column is enabled, click the icon to establish an RDP tunnel.

    7. Click Yes to manually start the scan process with VM Interaction.

    8. When the FortiSandbox tracer engine displays the PDF sample, you can click Yes to manually stop the scan process.

    9. When the scan is finished, go to the job details page to view the scan results.

    Previous
    Next