Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiSandbox VM on AWS

    Home FortiSandbox Public Cloud 4.4.0 FortiSandbox VM on AWS
    4.4.0
    5.0.0
    4.4.0
    4.2.3
    4.2.1
    4.2.0
    4.0.0
    3.2.0
    3.1.0
    3.0.0

    Prepare FortiSandbox for scanning contents

    Prepare FortiSandbox for scanning contents

    Upload firmware license to FortiSandbox instance

    If the deployment mode is On-Demand, a firmware license file is not required. If the mode is BYOL, download a firmware license from the Customer Support website and then upload it to FortiSandbox.

    To upload the license:
    • Go to Dashboard > Status > Licenses widget.
    • Click the Upload License button next to FortiSandbox-AWS and upload the license.

    Upload the rating and tracer engine

    A copy of the rating and tracer engines are required for your instance to be fully functional. The instance can automatically download and install the engines if it is connected to FDN. You can also upload the engines manually. These engines can be downloaded from the Customer Support web site. For more information, see the Tracer and Rating Engines section of the FortiSandbox Release Notes.

    To manually upload the rating and tracer engine:
    1. In FortiSandbox, go to System > FortiGuard.
    2. Beside Upload Package File, click Choose file and locate the rating or tracer engine to be uploaded.

    Import AWS settings into FortiSandbox

    1. Go to System > AWS Config page, click Configuration Wizard, and enter the Access Key ID and Secret Access Key information created in Create an IAM group.
    2. Select Local VM Instance Type.
      Tooltip

      Instance type t3.medium is recommended for the pre-built awsENAwin10x64.7z (https://fsavm.fortinet.net/vmtools/awsENAwin10x64.7z b6a5c040b93451640f92e7725dc47120) because this customized VM image is ENA enabled, and instance type t3 supports ENA.

      For other instance types supporting ENA, please refer to the AWS documentation.

      Medium size instance types are recommended for better performance during configuration.

    3. Click Next.
    4. For VPC ID, select the VPC you created.
    5. For Private Subnet, select the subnet created for the local Windows or Linux VM communication (port2) if one exists. Otherwise, select the management subnet.
    6. For Security Groups, select the security group for the Private Subnet you selected in step 5.
    7. Click Save.
    8. Click Connection Test.

    Configure the VM scan time.

    The VM Scan time covers the actual sample detonation plus some overhead (e.g. the VM and OS boot-up, engine preparation, cleanup). This overhead has been observed to take longer in VM deployment including public cloud. As a result, the sample detonation does not have enough time to collect enough behavior and will affect the rating causing a misdiagnosis.

    To compensate for overhead, we recommend to at least 120 seconds for the VM Scan timeout.

    To configure the VM scan timeouts:

    Go to Scan Policy and Object >Scan Profile > Advanced tab, under the section Limits and Timeouts.

    Previous
    Next

    Prepare FortiSandbox for scanning contents

    Prepare FortiSandbox for scanning contents

    Upload firmware license to FortiSandbox instance

    If the deployment mode is On-Demand, a firmware license file is not required. If the mode is BYOL, download a firmware license from the Customer Support website and then upload it to FortiSandbox.

    To upload the license:
    • Go to Dashboard > Status > Licenses widget.
    • Click the Upload License button next to FortiSandbox-AWS and upload the license.

    Upload the rating and tracer engine

    A copy of the rating and tracer engines are required for your instance to be fully functional. The instance can automatically download and install the engines if it is connected to FDN. You can also upload the engines manually. These engines can be downloaded from the Customer Support web site. For more information, see the Tracer and Rating Engines section of the FortiSandbox Release Notes.

    To manually upload the rating and tracer engine:
    1. In FortiSandbox, go to System > FortiGuard.
    2. Beside Upload Package File, click Choose file and locate the rating or tracer engine to be uploaded.

    Import AWS settings into FortiSandbox

    1. Go to System > AWS Config page, click Configuration Wizard, and enter the Access Key ID and Secret Access Key information created in Create an IAM group.
    2. Select Local VM Instance Type.
      Tooltip

      Instance type t3.medium is recommended for the pre-built awsENAwin10x64.7z (https://fsavm.fortinet.net/vmtools/awsENAwin10x64.7z b6a5c040b93451640f92e7725dc47120) because this customized VM image is ENA enabled, and instance type t3 supports ENA.

      For other instance types supporting ENA, please refer to the AWS documentation.

      Medium size instance types are recommended for better performance during configuration.

    3. Click Next.
    4. For VPC ID, select the VPC you created.
    5. For Private Subnet, select the subnet created for the local Windows or Linux VM communication (port2) if one exists. Otherwise, select the management subnet.
    6. For Security Groups, select the security group for the Private Subnet you selected in step 5.
    7. Click Save.
    8. Click Connection Test.

    Configure the VM scan time.

    The VM Scan time covers the actual sample detonation plus some overhead (e.g. the VM and OS boot-up, engine preparation, cleanup). This overhead has been observed to take longer in VM deployment including public cloud. As a result, the sample detonation does not have enough time to collect enough behavior and will affect the rating causing a misdiagnosis.

    To compensate for overhead, we recommend to at least 120 seconds for the VM Scan timeout.

    To configure the VM scan timeouts:

    Go to Scan Policy and Object >Scan Profile > Advanced tab, under the section Limits and Timeouts.

    Previous
    Next