Fortinet black logo

FortiSandbox VM on AWS

Home FortiSandbox Public Cloud 4.0.0 FortiSandbox VM on AWS
4.0.0
4.4.0
4.2.3
4.2.1
4.2.0
4.0.0
3.2.0
3.1.0
3.0.0

Setting up basic AWS network

Setting up basic AWS network

Creating a Virtual Private Cloud (VPC)

  1. Go to VPC Dashboard > Your VPCs and click Create VPC.

    note icon

    Create a new VPC even though there is a default VPC.
  2. Enter the following information, then click Yes, Create.
    • For Name tag, enter a name. For example, FortiSandbox.
    • For IPv4 CIDR block, enter 10.0.0.0/16. This helps ease scale-out issues in the future.
    • For IPv6 CIDR block, select No IPv6 CIDR Block.
    • For Tenancy, select Default.

Creating the subnet for FortiSandbox firmware

If you do not use Custom VMs, you don't have to create a private subnet. Even without a private subnet, you can still use the remote VM for file analysis.

  • Public subnet with IPv4 CIDR 10.0.0.0/24, which is connected to the FSA-VM management interface.
  • Private subnet with IPv4 CIDR 10.0.1.0/24, which is connected to all VM clones and FSA-VM.
  • HA-Cluster subnet is optional for HA-Cluster.
To create the public subnet:
  1. Click Subnets > Create Subnet.
  2. In the Create Subnet dialog box, enter the following information, then click Yes, Create.
    • For Name tag, enter a name. For example, Public_FortiSandbox.
    • For VPC, select the VPC you just created.
    • For IPV4 CIDR block, enter 10.0.0.0/24 (public subnet).

To create the private subnet:
  1. Click Subnets > Create Subnet.
  2. In the Create Subnet dialog box, enter the following information, then click Yes, Create.
    • For Name tag, enter a name. For example, Private_FortiSandbox.
    • For VPC, select the VPC you just created.
    • For IPV4 CIDR block, enter 10.0.1.0/24 (private subnet).

  3. If you want, repeat the above steps to create an HA-Cluster subnet.

Creating an internet gateway

  1. Under Virtual Private Cloud > Internet Gateways, click Create Internet Gateway.
  2. For Name tag, enter a name. For example, vpc-gw and click Yes, Create.

  3. When the Internet Gateway is created, click Attach to VPC.
  4. Select the VPC and click Yes, Attach.

Creating a route table

  1. Under Virtual Private Cloud > Route Tables, click Create Route Table.

  2. In the Create Route Table dialog box, enter the following information, then click Yes, Create.
    • For Name tag, enter a name. For example, route_FortiSandboxTest.
    • For VPC, select the VPC you created.

  3. Go to Subnet Associations > Edit, select the public subnet you created, then click Save.

  4. Go to Routes > Add Another Route, enter the following information, then click Save.
    • For Destination, enter 0.0.0.0/0.
    • For Target, select the internet gateway for the public subnet.

Creating a security group

  1. Under Virtual Private Cloud > Security Groups, click Create security group.
  2. Enter the following information, then click Create.
    • For Security group name, enter a name.
    • For Description, enter a description.
    • For VPC, select the VPC you just created.

  3. Configure the following:

    Details

    Value

    Type

    All Traffic.

    You can select TCP.

    Protocol

    All.

    You can select TCP.

    Port Range

    If you select All for Protocol, the Port Range is automatically selected.

    If you select TCP, allow all the following:

    • HTTPS (TCP 443)
    • SSH traffic (TCP 22)
    • OFTP traffic (TCP 514)
    • Optional: FTP (TCP 21)
    • If needed: RDP to VM interaction

    Source

    Custom.

    For the SourceIP, enter 0.0.0.0/0.
Previous
Next

Setting up basic AWS network

Creating a Virtual Private Cloud (VPC)

  1. Go to VPC Dashboard > Your VPCs and click Create VPC.

    note icon

    Create a new VPC even though there is a default VPC.
  2. Enter the following information, then click Yes, Create.
    • For Name tag, enter a name. For example, FortiSandbox.
    • For IPv4 CIDR block, enter 10.0.0.0/16. This helps ease scale-out issues in the future.
    • For IPv6 CIDR block, select No IPv6 CIDR Block.
    • For Tenancy, select Default.

Creating the subnet for FortiSandbox firmware

If you do not use Custom VMs, you don't have to create a private subnet. Even without a private subnet, you can still use the remote VM for file analysis.

  • Public subnet with IPv4 CIDR 10.0.0.0/24, which is connected to the FSA-VM management interface.
  • Private subnet with IPv4 CIDR 10.0.1.0/24, which is connected to all VM clones and FSA-VM.
  • HA-Cluster subnet is optional for HA-Cluster.
To create the public subnet:
  1. Click Subnets > Create Subnet.
  2. In the Create Subnet dialog box, enter the following information, then click Yes, Create.
    • For Name tag, enter a name. For example, Public_FortiSandbox.
    • For VPC, select the VPC you just created.
    • For IPV4 CIDR block, enter 10.0.0.0/24 (public subnet).

To create the private subnet:
  1. Click Subnets > Create Subnet.
  2. In the Create Subnet dialog box, enter the following information, then click Yes, Create.
    • For Name tag, enter a name. For example, Private_FortiSandbox.
    • For VPC, select the VPC you just created.
    • For IPV4 CIDR block, enter 10.0.1.0/24 (private subnet).

  3. If you want, repeat the above steps to create an HA-Cluster subnet.

Creating an internet gateway

  1. Under Virtual Private Cloud > Internet Gateways, click Create Internet Gateway.
  2. For Name tag, enter a name. For example, vpc-gw and click Yes, Create.

  3. When the Internet Gateway is created, click Attach to VPC.
  4. Select the VPC and click Yes, Attach.

Creating a route table

  1. Under Virtual Private Cloud > Route Tables, click Create Route Table.

  2. In the Create Route Table dialog box, enter the following information, then click Yes, Create.
    • For Name tag, enter a name. For example, route_FortiSandboxTest.
    • For VPC, select the VPC you created.

  3. Go to Subnet Associations > Edit, select the public subnet you created, then click Save.

  4. Go to Routes > Add Another Route, enter the following information, then click Save.
    • For Destination, enter 0.0.0.0/0.
    • For Target, select the internet gateway for the public subnet.

Creating a security group

  1. Under Virtual Private Cloud > Security Groups, click Create security group.
  2. Enter the following information, then click Create.
    • For Security group name, enter a name.
    • For Description, enter a description.
    • For VPC, select the VPC you just created.

  3. Configure the following:

    Details

    Value

    Type

    All Traffic.

    You can select TCP.

    Protocol

    All.

    You can select TCP.

    Port Range

    If you select All for Protocol, the Port Range is automatically selected.

    If you select TCP, allow all the following:

    • HTTPS (TCP 443)
    • SSH traffic (TCP 22)
    • OFTP traffic (TCP 514)
    • Optional: FTP (TCP 21)
    • If needed: RDP to VM interaction

    Source

    Custom.

    For the SourceIP, enter 0.0.0.0/0.
Previous
Next