Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiSandbox VM on Azure

    Home FortiSandbox Public Cloud 4.2.0 FortiSandbox VM on Azure
    4.2.0
    5.0.0
    4.4.0
    4.2.1
    4.2.0
    4.0.0
    3.2.0
    3.1.0
    3.0.0

    Deploying FortiSandbox VM on Azure (Basic)

    Deploying FortiSandbox VM on Azure (Basic)

    To deploy FortiSandbox VM on Azure with Windows Cloud VMs:
    1. Go to Azure Marketplace and search for Fortinet FortiSandbox.

      Screenshot displaying the Azure Wizard search for Fortinet Sandbox

    2. Select a software plan and then click Create to start the setup wizard.

      If you select Fortinet FortiSandbox-VM for Azure BYOL, you must provide your own licenses.

      Screenshot displaying the Azure Wizard search for Fortinet Sandbox

    3. In the setup wizard, click Create.
    4. Configure the virtual machine.

      Screenshot displays Azure Wizard with information required for FSA VM

      Resource group Create a new resource group.
      Virtual machine name Name of the VM.
      Region VM region.
      Size

      Select the VM instance type. We recommend Standard A4 v2 for speed and storage capacity.

      FortiSandbox on Azure uses the temporary disk (provided free by the VM) to store and process job files. A secondary disk is not required.
      Authentication type Click Password or SSH public key.
      Username Enter a secondary admin user; the default Admin user is always created.
    5. Click Review + Create.
    6. When the setup wizard has validated your information, click Create.

      Wait a few minutes for the FortiSandbox VM to become available.

      Screenshot displaying validation passed in Azure

    7. When the VM is available, click Go to resource to go to the VM.

      Screenshot displaying the successful deployment of FSA for Azure

    8. Use the Public IP address assigned to the FortiSandbox to access from HTTPS.

    9. Get the default admin password for the FortiSandbox VM using the Azure CLI command az vm list –output tsv -g [Your resource group].

      The VM-ID UUID is the default password for Admin access.

    To apply the VM00 license and enable Windows Cloud VMs:
    1. Log into FortiSandbox with the username admin and the password you retrieved from the CLI in the previous step.
    2. Go to FortiSandbox > Dashboard and click Upload License to upload your license.

      When a license file is loaded, the FortiSandbox Azure instance reboots.

      When the FortiSandbox Azure instance finishes rebooting, the VM License icon changes to green.

    3. Go to Scan Policy and Object > VM Settings and select the WindowsCloudVM.
    4. Click Edit Clone Number to assign a clone number and enable the Windows Cloud VM.

      Note

      As with FortiSandbox appliance, the FortiSandbox license must be generated matching the port1 IP of the instance. Go to System > Interfaces to check the port1 IP address assigned by Azure.

    FortiSandbox VM and Windows Cloud VMs topology

    FortiSandbox VM Port Usage

    Type

    Service

    Port
    FortiGate OFTP TCP/514
    FortiClient File Analysis TCP/514
    Others

    		 SSH CLI Management TCP/22
    Telnet CLI Management TCP/23
    Web Admin TCP/80, TCP/443

    OFTP Communication with FortiGate and FortiMail

    TCP/514

    Third-Party Proxy Server for ICAP Servers (ICAP)

    TCP/1344

    Third-Party Proxy Server for ICAP Servers (ICAPS)

    TCP/11344

    FortiGuard

    FortiGuard Distribution Servers

    TCP/8890

    FortiGuard Web Filtering Servers

    UDP/53, UDP/8888

    FortiSandbox Community Cloud

    Upload Detected Malware Information

    TCP/443, UDP/53

    FortiSandbox WindowsCloudVM

    Serving WindowsVM on cloud for FSA-VM to perform sandboxing

    TCP/443
    Previous
    Next

    Deploying FortiSandbox VM on Azure (Basic)

    Deploying FortiSandbox VM on Azure (Basic)

    To deploy FortiSandbox VM on Azure with Windows Cloud VMs:
    1. Go to Azure Marketplace and search for Fortinet FortiSandbox.

      Screenshot displaying the Azure Wizard search for Fortinet Sandbox

    2. Select a software plan and then click Create to start the setup wizard.

      If you select Fortinet FortiSandbox-VM for Azure BYOL, you must provide your own licenses.

      Screenshot displaying the Azure Wizard search for Fortinet Sandbox

    3. In the setup wizard, click Create.
    4. Configure the virtual machine.

      Screenshot displays Azure Wizard with information required for FSA VM

      Resource group Create a new resource group.
      Virtual machine name Name of the VM.
      Region VM region.
      Size

      Select the VM instance type. We recommend Standard A4 v2 for speed and storage capacity.

      FortiSandbox on Azure uses the temporary disk (provided free by the VM) to store and process job files. A secondary disk is not required.
      Authentication type Click Password or SSH public key.
      Username Enter a secondary admin user; the default Admin user is always created.
    5. Click Review + Create.
    6. When the setup wizard has validated your information, click Create.

      Wait a few minutes for the FortiSandbox VM to become available.

      Screenshot displaying validation passed in Azure

    7. When the VM is available, click Go to resource to go to the VM.

      Screenshot displaying the successful deployment of FSA for Azure

    8. Use the Public IP address assigned to the FortiSandbox to access from HTTPS.

    9. Get the default admin password for the FortiSandbox VM using the Azure CLI command az vm list –output tsv -g [Your resource group].

      The VM-ID UUID is the default password for Admin access.

    To apply the VM00 license and enable Windows Cloud VMs:
    1. Log into FortiSandbox with the username admin and the password you retrieved from the CLI in the previous step.
    2. Go to FortiSandbox > Dashboard and click Upload License to upload your license.

      When a license file is loaded, the FortiSandbox Azure instance reboots.

      When the FortiSandbox Azure instance finishes rebooting, the VM License icon changes to green.

    3. Go to Scan Policy and Object > VM Settings and select the WindowsCloudVM.
    4. Click Edit Clone Number to assign a clone number and enable the Windows Cloud VM.

      Note

      As with FortiSandbox appliance, the FortiSandbox license must be generated matching the port1 IP of the instance. Go to System > Interfaces to check the port1 IP address assigned by Azure.

    FortiSandbox VM and Windows Cloud VMs topology

    FortiSandbox VM Port Usage

    Type

    Service

    Port
    FortiGate OFTP TCP/514
    FortiClient File Analysis TCP/514
    Others

    		 SSH CLI Management TCP/22
    Telnet CLI Management TCP/23
    Web Admin TCP/80, TCP/443

    OFTP Communication with FortiGate and FortiMail

    TCP/514

    Third-Party Proxy Server for ICAP Servers (ICAP)

    TCP/1344

    Third-Party Proxy Server for ICAP Servers (ICAPS)

    TCP/11344

    FortiGuard

    FortiGuard Distribution Servers

    TCP/8890

    FortiGuard Web Filtering Servers

    UDP/53, UDP/8888

    FortiSandbox Community Cloud

    Upload Detected Malware Information

    TCP/443, UDP/53

    FortiSandbox WindowsCloudVM

    Serving WindowsVM on cloud for FSA-VM to perform sandboxing

    TCP/443
    Previous
    Next