Optional: Using a custom VM on Azure

FortiSandbox Azure supports custom VMs. You can provide a VHD image of a custom VM and the FortiSandbox firmware can load the VM image and use it for sample analysis.

For information on setting up a custom VM on Azure, see the custom VM image section in the FortiSandbox Administration Guide to do the following:

• Create a custom VHD image using virtualization software such as VirtualBox.
• Prepare the OS installation package.
• Install software and components on the custom VM image.
• Set up the VM image environment.

From v3.2.0, FortiSandbox Azure supports installing custom VMs from Azure snapshot and Azure disks.

Use a meaningful custom VM name and keep the name the same as VM_image_name. Do not use special characters in the name. Do not use reserved FortiSandbox VM names starting with WIN7, WIN8, or WIN10.

Do not use the set admin-port command to set port2 as the administrative port.

To install the Azure local custom VM from a blob:

1. Install the Azure local custom VM with the CLI command: azure-vm-customized.
2. Check Azure Config for the FortiSandbox firmware image storage account information.
3. Create a Blob container (with anonymous read access only) in this storage account.
4. Upload your custom VM VHD to this page blob container.
5. Install the VM from blob as the default type.

   You can ignore the -t opton.

   azure-vm-customized -cn -f[blob container name] -b[VM_image_name.vhd] -vo[OS type] -vn[VM name]

To install the Azure local custom VM from snapshot:

1. Install the Azure local custom VM with the CLI command: azure-vm-customized.
2. Verify that your snapshot is under the same resource group as FortiSandbox and related resources.
3. Install the VM from snapshot with the -t option.

   azure-vm-customized -cn -tsnapshot -b[snapshot name] -vo[OS type] -vn[VM name]

To install the Azure local custom VM from disk:

1. Install the Azure local custom VM with the CLI command: azure-vm-customized.
2. Verify that your disk is under the same resource group as FortiSandbox and related resources.
3. Install the VM from disk with the -t option.

   azure-vm-customized -cn -tdisk -b[disk name] -vo[OS type] -vn[VM name]

To use a custom VM on Azure:

1. On the FSA Azure web GUI, go to Scan Policy and Object > VM Settings and change Clone # to 1.

   You can change the Clone # to a higher number after the VM clone is completely prepared ad you have scanned a sample.

   

2. In a new FSA CLI window, check the VM clone initialization using the diagnose-debug vminit command.

   The FSA Azure Dashboard shows a green indicator for Windows VM.

   

3. To associate file extensions to the custom VM, go to Scan Policy and Object > Scan Profile to the VM Association tab.

Interaction with a custom VM clone during scan

1. Go to Scan Job > File On-Demand or URL on-Demand and click Submit File or Submit File/URL.
2. Enable Force to scan the file inside VM or Force to scan the url inside VM.
3. Select Force to scan inside the following VMs and select the custom VM.
4. Enable Allow Interaction.

   

5. Click Submit.
6. Go to Scan Policy and Object > VM Settings and wait for the VM Interaction icon to be enabled.
7. When the VM Interaction icon is enabled, click the icon to establish an RDP tunnel.

   The RDP port 9833 is reserved.

   The login credentials is reserved. Username is Administrator and password is FortiSandbox.

   

   You can also establish an RDP tunnel by going to Scan Policy and Object > VM Settings and clicking VM Screenshot. When the icon in the Interaction column is enabled, click the icon to establish an RDP tunnel.

   

8. Click Yes to manually start the scan process with VM Interaction.

   

9. When the FortiSandbox tracer engine displays the PDF sample, you can click Yes to manually stop the scan process.

   

10. When the scan is finished, go to the job details page to view the scan results.