Fortinet black logo

FortiSandbox VM on Azure

Home FortiSandbox Public Cloud 4.2.1 FortiSandbox VM on Azure

Set up the local custom VM

4.2.1
4.4.0
4.2.1
4.2.0
4.0.0
3.2.0
3.1.0
3.0.0
Copy Link
Copy Doc ID baade84c-0e8a-11ed-bb32-fa163e15d75b:679859
Download PDF

Set up the local custom VM

To create a custom Windows VM for Azure, follow steps in Custom VM Guide which can be found in the Fortinet Developer Network or is available on request from Customer Support.

To prepare the network interface for custom VM:
  1. Shutdown the FortiSandbox VM instance from the Azure Portal.
  2. The FortiSandbox instance uses port2 to communicate with local Windows or Linux clones. For information, see To create a network interface in Azure in Create network interfaces.
  3. Attach this network interface to FortiSandbox VM instance as FSA Port2.

  4. Start the FortiSandbox VM instance from Azure Portal
  5. On the FortiSandbox GUI, go to System > Interfaces to verify that the network interface is attached.
To prepare the environment for installing the custom VM:
  1. Check your Azure Config for the FortiSandbox firmware image storage account.
  2. Go to Resource group > Storage account > Access keys to find your blob key.

  3. Create a storage blob for the custom VM image.
    1. Create a blob container (with anonymous read access) in this storage account.
    2. Upload the activated prebuilt custom VM image VHD to this blob container.
To install a custom VM using CLI:
  1. Go to the FortiSandbox firmware CLI.
  2. Import the VHD image using the azure-vm-customized CLI command. For more information about the vm-customized command, see the FortiSandbox CLI Reference Guide in the Fortinet Document Library.
Note
  • From v3.2.0, FortiSandbox Azure supports installing custom VMs from Azure snapshot and Azure disks.
  • Use a meaningful custom VM name and keep the same name as VM_image_name.
  • Do not use:
    • Special characters in the name.
    • Reserved FortiSandbox VM names starting with WIN7, WIN8, or WIN10.
    • The set admin-port command to set port2 as the administrative port.
To install the Azure custom VM from a blob:
  1. Install the Azure custom VM with the CLI command: azure-vm-customized
  2. Install the VM from a blob as the default type.
    azure-vm-customized –cn -tblob -f[blob container name] -b[VM_image_name.vhd] -vo[OS type] -vn[VM name]
To install the Azure custom VM from disk:
  1. Install the Azure custom VM with the CLI command: azure-vm-customized
  2. Verify that your disk is under the same resource group as FortiSandbox and related resources.
  3. Install the VM from disk with the -t option.
    azure-vm-customized -cn -tdisk -b[VM_image_disk_name] -vo[OS type] -vn[VM name]
Test FortiSandbox instance with a file scan:

To verify the configuration is successful, perform an on-demand file scan with a Windows VM clone.

  1. On the FortiSandbox GUI, go to Scan Policy and Object > VM Settings and change Clone # to 1. Expand the clone number after vminit is completed.

  2. In a new CLI window, check the VM clone initialization using the command: diagnose-debug vminit
  3. After vminit is done, on the FortiSandbox GUI, go to the Dashboard to verify there is a green checkmark beside Custom VM.

  4. To associate file extensions to the custom VM, go to Scan Policy and Object> Scan Profile and click the VM Association tab.
  5. Test the installation:
    1. Go to Scan Job > File On-Demand > Submit File.
    2. Select the file and click Submit. For example, select Sample.pdf. If the file you send to FortiSandbox is not harmful, the rating is Clean.

    3. When the scan is finished, click the View File icon to view job details.

  6. (Optional) Interaction with a custom VM clone during scan:
    1. Go to Scan Job > File On-Demand or URL on-Demand and click Submit File or Submit File/URL.
    2. Enable Force to scan the file inside VM or Force to scan the url inside VM.
    3. Select Force to scan inside the following VMs and select the custom VM.
    4. Click Submit.
    5. Go to Scan Policy and Object> VM Settings and click VM Screenshot.
    6. When the icon in the Interaction column is enabled, click the icon to establish an RDP tunnel.

    7. Click Yes to manually start the scan process with VM Interaction.

    8. When the FortiSandbox tracer engine displays the PDF sample, you can click Yes to manually stop the scan process.
    9. When the scan is finished, go to the job details page to view the scan results.
Previous
Next

Set up the local custom VM

To create a custom Windows VM for Azure, follow steps in Custom VM Guide which can be found in the Fortinet Developer Network or is available on request from Customer Support.

To prepare the network interface for custom VM:
  1. Shutdown the FortiSandbox VM instance from the Azure Portal.
  2. The FortiSandbox instance uses port2 to communicate with local Windows or Linux clones. For information, see To create a network interface in Azure in Create network interfaces.
  3. Attach this network interface to FortiSandbox VM instance as FSA Port2.

  4. Start the FortiSandbox VM instance from Azure Portal
  5. On the FortiSandbox GUI, go to System > Interfaces to verify that the network interface is attached.
To prepare the environment for installing the custom VM:
  1. Check your Azure Config for the FortiSandbox firmware image storage account.
  2. Go to Resource group > Storage account > Access keys to find your blob key.

  3. Create a storage blob for the custom VM image.
    1. Create a blob container (with anonymous read access) in this storage account.
    2. Upload the activated prebuilt custom VM image VHD to this blob container.
To install a custom VM using CLI:
  1. Go to the FortiSandbox firmware CLI.
  2. Import the VHD image using the azure-vm-customized CLI command. For more information about the vm-customized command, see the FortiSandbox CLI Reference Guide in the Fortinet Document Library.
Note
  • From v3.2.0, FortiSandbox Azure supports installing custom VMs from Azure snapshot and Azure disks.
  • Use a meaningful custom VM name and keep the same name as VM_image_name.
  • Do not use:
    • Special characters in the name.
    • Reserved FortiSandbox VM names starting with WIN7, WIN8, or WIN10.
    • The set admin-port command to set port2 as the administrative port.
To install the Azure custom VM from a blob:
  1. Install the Azure custom VM with the CLI command: azure-vm-customized
  2. Install the VM from a blob as the default type.
    azure-vm-customized –cn -tblob -f[blob container name] -b[VM_image_name.vhd] -vo[OS type] -vn[VM name]
To install the Azure custom VM from disk:
  1. Install the Azure custom VM with the CLI command: azure-vm-customized
  2. Verify that your disk is under the same resource group as FortiSandbox and related resources.
  3. Install the VM from disk with the -t option.
    azure-vm-customized -cn -tdisk -b[VM_image_disk_name] -vo[OS type] -vn[VM name]
Test FortiSandbox instance with a file scan:

To verify the configuration is successful, perform an on-demand file scan with a Windows VM clone.

  1. On the FortiSandbox GUI, go to Scan Policy and Object > VM Settings and change Clone # to 1. Expand the clone number after vminit is completed.

  2. In a new CLI window, check the VM clone initialization using the command: diagnose-debug vminit
  3. After vminit is done, on the FortiSandbox GUI, go to the Dashboard to verify there is a green checkmark beside Custom VM.

  4. To associate file extensions to the custom VM, go to Scan Policy and Object> Scan Profile and click the VM Association tab.
  5. Test the installation:
    1. Go to Scan Job > File On-Demand > Submit File.
    2. Select the file and click Submit. For example, select Sample.pdf. If the file you send to FortiSandbox is not harmful, the rating is Clean.

    3. When the scan is finished, click the View File icon to view job details.

  6. (Optional) Interaction with a custom VM clone during scan:
    1. Go to Scan Job > File On-Demand or URL on-Demand and click Submit File or Submit File/URL.
    2. Enable Force to scan the file inside VM or Force to scan the url inside VM.
    3. Select Force to scan inside the following VMs and select the custom VM.
    4. Click Submit.
    5. Go to Scan Policy and Object> VM Settings and click VM Screenshot.
    6. When the icon in the Interaction column is enabled, click the icon to establish an RDP tunnel.

    7. Click Yes to manually start the scan process with VM Interaction.

    8. When the FortiSandbox tracer engine displays the PDF sample, you can click Yes to manually stop the scan process.
    9. When the scan is finished, go to the job details page to view the scan results.
Previous
Next