Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiSandbox VM on AWS

    Home FortiSandbox Public Cloud 5.0.0 FortiSandbox VM on AWS
    5.0.0
    5.0.0
    4.4.0
    4.2.3
    4.2.1
    4.2.0
    4.0.0
    3.2.0
    3.1.0
    3.0.0

    Launch a new FortiSandbox AWS instance

    Launch a new FortiSandbox AWS instance

    You can deploy FortiSandbox VM using the AWS GUI.

    Launch FortiSandbox instance on AWS using GUI

    Note

    Starting in version 5.0.0, FortiSandbox supports two Guest VM running modes: Nested and Non-Nested. For more information, see Configure Guest VM Running mode in Configure AWS Config Settings.
    To deploy FortiSandbox on AWS with the GUI:
    • You can create your FortiSandbox instance on AWS in On-Demand mode or BYOL mode. For BYOL mode, a FSA-VM00 license file should be purchased and uploaded.

    Choose an Amazon Machine Image (AMI)

    1. Go to EC2 > Instances and click Launch Instance.

    2. On the Launch an instance page, browse for the FortiSandbox AMI on AWS Marketplace

    3. Select Fortinet FortiSandbox Advanced Threat Protection (BYOL) or Fortinet FortiSandbox Advanced Threat Protection (On-Demand).

    Configure the instance

    Add Name and tags

    Add descriptive name tags to identify this FortiSandbox instance.

    Choose the Instance type

    To choose the instance type, refer to the Minimum system requirements.

    The AWS instance will be launched as Nested mode if the chosen instance type supports nested virtualization, for example x86_64 metal instance.

    Create a new key pair

    Tooltip

    You do not need to complete this task if you are using an existing key pair.
    To create a new key pair:
    1. Click Create new key pair.

    2. In the Create key pair box, enter the Key pair name, then click Create key pair. The key pair downloads automatically.

    3. Save the key pair on your device.

    Edit Network settings

    To edit the network settings:
    1. Configure the following Network Settings:

      VPC

      Select the FortiSandbox VPC you created.

      SubnetSelect the management interface subnet you created.
      Auto-Assign public IPDisable.
      Firewall (security groups)Choose the security group you created.

    2. Configure the following Advanced network configuration settings and click Add network interface.

      Network interface 1 Select the management interface subnet you created. Select the first security group you created.
      Network interface 2

      Select the local VM clone communication subnet you created. Select the second security group you created.

      Note

      You do not need to add Network interface 2 if you are not using a local VM clone. If needed, you can attach network interfaces later when the instance is not running.

    Configure storage

    Fortinet recommends allotting 500GB to 16TB for storage size, depending on the number of historical jobs you want to keep in the system.

    (Optional) Advanced details

    From v5.0.0, you can enable IMDS v2:

    • Metadata accessible: select Enabled
    Metadata accessible Select Enabled.
    Metadata version Select V2 only (token required)

    Launch the instance

    To launch the instance:
    1. Review the summary, then click Launch instance.

    2. Click View Instances to view the instance state. Allow several minutes for Status Checks to change from Initializing to 2/2 checks passed.
    3. Monitor the initialization, and select the created instance. Right-click the instance and select Monitor and troubleshoot > Get Instance Screenshot to view the status of the launched instance.

    Previous
    Next

    Launch a new FortiSandbox AWS instance

    Launch a new FortiSandbox AWS instance

    You can deploy FortiSandbox VM using the AWS GUI.

    Launch FortiSandbox instance on AWS using GUI

    Note

    Starting in version 5.0.0, FortiSandbox supports two Guest VM running modes: Nested and Non-Nested. For more information, see Configure Guest VM Running mode in Configure AWS Config Settings.
    To deploy FortiSandbox on AWS with the GUI:
    • You can create your FortiSandbox instance on AWS in On-Demand mode or BYOL mode. For BYOL mode, a FSA-VM00 license file should be purchased and uploaded.

    Choose an Amazon Machine Image (AMI)

    1. Go to EC2 > Instances and click Launch Instance.

    2. On the Launch an instance page, browse for the FortiSandbox AMI on AWS Marketplace

    3. Select Fortinet FortiSandbox Advanced Threat Protection (BYOL) or Fortinet FortiSandbox Advanced Threat Protection (On-Demand).

    Configure the instance

    Add Name and tags

    Add descriptive name tags to identify this FortiSandbox instance.

    Choose the Instance type

    To choose the instance type, refer to the Minimum system requirements.

    The AWS instance will be launched as Nested mode if the chosen instance type supports nested virtualization, for example x86_64 metal instance.

    Create a new key pair

    Tooltip

    You do not need to complete this task if you are using an existing key pair.
    To create a new key pair:
    1. Click Create new key pair.

    2. In the Create key pair box, enter the Key pair name, then click Create key pair. The key pair downloads automatically.

    3. Save the key pair on your device.

    Edit Network settings

    To edit the network settings:
    1. Configure the following Network Settings:

      VPC

      Select the FortiSandbox VPC you created.

      SubnetSelect the management interface subnet you created.
      Auto-Assign public IPDisable.
      Firewall (security groups)Choose the security group you created.

    2. Configure the following Advanced network configuration settings and click Add network interface.

      Network interface 1 Select the management interface subnet you created. Select the first security group you created.
      Network interface 2

      Select the local VM clone communication subnet you created. Select the second security group you created.

      Note

      You do not need to add Network interface 2 if you are not using a local VM clone. If needed, you can attach network interfaces later when the instance is not running.

    Configure storage

    Fortinet recommends allotting 500GB to 16TB for storage size, depending on the number of historical jobs you want to keep in the system.

    (Optional) Advanced details

    From v5.0.0, you can enable IMDS v2:

    • Metadata accessible: select Enabled
    Metadata accessible Select Enabled.
    Metadata version Select V2 only (token required)

    Launch the instance

    To launch the instance:
    1. Review the summary, then click Launch instance.

    2. Click View Instances to view the instance state. Allow several minutes for Status Checks to change from Initializing to 2/2 checks passed.
    3. Monitor the initialization, and select the created instance. Right-click the instance and select Monitor and troubleshoot > Get Instance Screenshot to view the status of the launched instance.

    Previous
    Next