Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiSandbox VM on AWS

    Home FortiSandbox Public Cloud 4.0.0 FortiSandbox VM on AWS
    4.0.0
    5.0.0
    4.4.0
    4.2.3
    4.2.1
    4.2.0
    4.0.0
    3.2.0
    3.1.0
    3.0.0

    Setting up basic AWS network

    Setting up basic AWS network

    Creating a Virtual Private Cloud (VPC)

    1. Go to VPC Dashboard > Your VPCs and click Create VPC.

      note icon

      Create a new VPC even though there is a default VPC.
    2. Enter the following information, then click Yes, Create.
      • For Name tag, enter a name. For example, FortiSandbox.
      • For IPv4 CIDR block, enter 10.0.0.0/16. This helps ease scale-out issues in the future.
      • For IPv6 CIDR block, select No IPv6 CIDR Block.
      • For Tenancy, select Default.

    Creating the subnet for FortiSandbox firmware

    If you do not use Custom VMs, you don't have to create a private subnet. Even without a private subnet, you can still use the remote VM for file analysis.

    • Public subnet with IPv4 CIDR 10.0.0.0/24, which is connected to the FSA-VM management interface.
    • Private subnet with IPv4 CIDR 10.0.1.0/24, which is connected to all VM clones and FSA-VM.
    • HA-Cluster subnet is optional for HA-Cluster.
    To create the public subnet:
    1. Click Subnets > Create Subnet.
    2. In the Create Subnet dialog box, enter the following information, then click Yes, Create.
      • For Name tag, enter a name. For example, Public_FortiSandbox.
      • For VPC, select the VPC you just created.
      • For IPV4 CIDR block, enter 10.0.0.0/24 (public subnet).

    To create the private subnet:
    1. Click Subnets > Create Subnet.
    2. In the Create Subnet dialog box, enter the following information, then click Yes, Create.
      • For Name tag, enter a name. For example, Private_FortiSandbox.
      • For VPC, select the VPC you just created.
      • For IPV4 CIDR block, enter 10.0.1.0/24 (private subnet).

    3. If you want, repeat the above steps to create an HA-Cluster subnet.

    Creating an internet gateway

    1. Under Virtual Private Cloud > Internet Gateways, click Create Internet Gateway.
    2. For Name tag, enter a name. For example, vpc-gw and click Yes, Create.

    3. When the Internet Gateway is created, click Attach to VPC.
    4. Select the VPC and click Yes, Attach.

    Creating a route table

    1. Under Virtual Private Cloud > Route Tables, click Create Route Table.

    2. In the Create Route Table dialog box, enter the following information, then click Yes, Create.
      • For Name tag, enter a name. For example, route_FortiSandboxTest.
      • For VPC, select the VPC you created.

    3. Go to Subnet Associations > Edit, select the public subnet you created, then click Save.

    4. Go to Routes > Add Another Route, enter the following information, then click Save.
      • For Destination, enter 0.0.0.0/0.
      • For Target, select the internet gateway for the public subnet.

    Creating a security group

    1. Under Virtual Private Cloud > Security Groups, click Create security group.
    2. Enter the following information, then click Create.
      • For Security group name, enter a name.
      • For Description, enter a description.
      • For VPC, select the VPC you just created.

    3. Configure the following:

      Details

      Value

      Type

      All Traffic.

      You can select TCP.

      Protocol

      All.

      You can select TCP.

      Port Range

      If you select All for Protocol, the Port Range is automatically selected.

      If you select TCP, allow all the following:

      • HTTPS (TCP 443)
      • SSH traffic (TCP 22)
      • OFTP traffic (TCP 514)
      • Optional: FTP (TCP 21)
      • If needed: RDP to VM interaction

      Source

      Custom.

      For the SourceIP, enter 0.0.0.0/0.
    Previous
    Next

    Setting up basic AWS network

    Setting up basic AWS network

    Creating a Virtual Private Cloud (VPC)

    1. Go to VPC Dashboard > Your VPCs and click Create VPC.

      note icon

      Create a new VPC even though there is a default VPC.
    2. Enter the following information, then click Yes, Create.
      • For Name tag, enter a name. For example, FortiSandbox.
      • For IPv4 CIDR block, enter 10.0.0.0/16. This helps ease scale-out issues in the future.
      • For IPv6 CIDR block, select No IPv6 CIDR Block.
      • For Tenancy, select Default.

    Creating the subnet for FortiSandbox firmware

    If you do not use Custom VMs, you don't have to create a private subnet. Even without a private subnet, you can still use the remote VM for file analysis.

    • Public subnet with IPv4 CIDR 10.0.0.0/24, which is connected to the FSA-VM management interface.
    • Private subnet with IPv4 CIDR 10.0.1.0/24, which is connected to all VM clones and FSA-VM.
    • HA-Cluster subnet is optional for HA-Cluster.
    To create the public subnet:
    1. Click Subnets > Create Subnet.
    2. In the Create Subnet dialog box, enter the following information, then click Yes, Create.
      • For Name tag, enter a name. For example, Public_FortiSandbox.
      • For VPC, select the VPC you just created.
      • For IPV4 CIDR block, enter 10.0.0.0/24 (public subnet).

    To create the private subnet:
    1. Click Subnets > Create Subnet.
    2. In the Create Subnet dialog box, enter the following information, then click Yes, Create.
      • For Name tag, enter a name. For example, Private_FortiSandbox.
      • For VPC, select the VPC you just created.
      • For IPV4 CIDR block, enter 10.0.1.0/24 (private subnet).

    3. If you want, repeat the above steps to create an HA-Cluster subnet.

    Creating an internet gateway

    1. Under Virtual Private Cloud > Internet Gateways, click Create Internet Gateway.
    2. For Name tag, enter a name. For example, vpc-gw and click Yes, Create.

    3. When the Internet Gateway is created, click Attach to VPC.
    4. Select the VPC and click Yes, Attach.

    Creating a route table

    1. Under Virtual Private Cloud > Route Tables, click Create Route Table.

    2. In the Create Route Table dialog box, enter the following information, then click Yes, Create.
      • For Name tag, enter a name. For example, route_FortiSandboxTest.
      • For VPC, select the VPC you created.

    3. Go to Subnet Associations > Edit, select the public subnet you created, then click Save.

    4. Go to Routes > Add Another Route, enter the following information, then click Save.
      • For Destination, enter 0.0.0.0/0.
      • For Target, select the internet gateway for the public subnet.

    Creating a security group

    1. Under Virtual Private Cloud > Security Groups, click Create security group.
    2. Enter the following information, then click Create.
      • For Security group name, enter a name.
      • For Description, enter a description.
      • For VPC, select the VPC you just created.

    3. Configure the following:

      Details

      Value

      Type

      All Traffic.

      You can select TCP.

      Protocol

      All.

      You can select TCP.

      Port Range

      If you select All for Protocol, the Port Range is automatically selected.

      If you select TCP, allow all the following:

      • HTTPS (TCP 443)
      • SSH traffic (TCP 22)
      • OFTP traffic (TCP 514)
      • Optional: FTP (TCP 21)
      • If needed: RDP to VM interaction

      Source

      Custom.

      For the SourceIP, enter 0.0.0.0/0.
    Previous
    Next