Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiSandbox VM on AWS

    Home FortiSandbox Public Cloud 5.0.0 FortiSandbox VM on AWS
    5.0.0
    5.0.0
    4.4.0
    4.2.3
    4.2.1
    4.2.0
    4.0.0
    3.2.0
    3.1.0
    3.0.0

    Install Guest VMs

    Install Guest VMs

    FortiSandbox supports Local VMs (including Default VM, Optional VM and Custom VM) and Cloud VM. The following table shows the supported VMs by mode:

    Default VM

    Optional VM

    Custom VM

    Nested Mode

    Supported

    Supported

    Support vdi format

    Supported

    Non-Nested Mode

    Support vhd format

    Supported

    To create a custom Windows VM for AWS, follow the steps in the Custom VM Guide which can be found in the Fortinet Developer Network or is available upon request from Customer Support.

    Install Guest VMs in Nested Mode

    To support the nested VMs, you will need to set up two more interfaces: port2 and port3.

    To set up network interfaces for guest VM in Nested mode:
    1. Guest VM uses port3 to communicate with internet in Nested mode. If you have not created port3 in previous steps, please set it up here. Otherwise, skip this step.
    2. Shut down the FortiSandbox VM instance from the AWS Portal.
    3. Create interfaces port2 and port3 for the VMs.

      Nested

      Two interfaces are required:

      • Interface 2: port2
      • Interface 3: port3
    4. Attach this network interface to the FortiSandbox VM instance as FSA Port2 and Port3.
    5. Start the FortiSandbox VM instance from AWS Portal
    6. On the FortiSandbox GUI, go to System > Interfaces to verify that the network interface is attached.
    To install the Guest VM:
    • Please follow the instructions in, VM Settings in the FortiSandbox Administration Guide. There are default VMs, Optional VMs and Customized VM can be enabled with GUI or CLI. The cloud VMs can be enabled with the GUI.
    • Please make sure the status of port3 is connected on VM External Network Access in the System >Settings page.

    If port1’s connection to Fortinet’s image server is not available, the image can be installed with the CLI command: fw-upgrade. For example:

    fw-upgrade -v -thttps –s<your https server> -f/images/WIN10O21V1_1.pkg

    Install Guest VMs as Non-Nested Mode

    To set up additional network interface for custom VM:
    1. FortiSandbox uses port2 to communicate with local Windows or Linux clones on Non-Nested mode. If you have not created port2 in the previous steps, please set it up. Otherwise, skip this step.
    2. Shutdown the FortiSandbox VM instance from the AWS Portal.
    3. Create interfaces for port2 to install the VMs.
    4. Attach this network interface to FortiSandbox VM instance as FSA Port2.
    5. Start the FortiSandbox VM instance from the AWS Portal
    6. On the FortiSandbox GUI, go to System > Interfaces to verify that the network interface is attached.
    To install a custom VM using CLI on Non-Nested Mode:
    1. Go to the FortiSandbox firmware CLI.
    2. Import the VHD image with the CLI: vm-customized.
    Note
    • From v3.2.0, FortiSandbox AWS supports installing custom VMs from AWS AMI.
    • Use a meaningful custom VM name and keep the same name as VM_image_name.
    • From v5.0.0, the password for customized VM is the same as FSA SN when interaction with customized VM.
    • Do not use:
      • Special characters in the name.
      • Reserved FortiSandbox VM names starting with WIN7, WIN8, or WIN10.
      • The set admin-port command to set port2 or port3 as the administrative port.
    Install custom VM from a vhd image file in Non-Nested mode:

    For example: vm-customized -cn -tftp –u[username] -f/path/to/awsENAwin10x64.vhd -d[machine-uuid] -k[md5] -voWindows10_64 -vnENAwin10x64 -s[server-ip]

    Install custom VM from an AMI in Non-Nested mode:

    Install guest VM from an AMI if you have created guest VM AMI before, for example:

    vm-customized -cn –i[ami-id] -voWindows10_64 -vnENAwin10x64

    How to switch between nested and non-nested mode

    To switch between Non-Nested and Nested mode, go to the System > AWS config page. Switching modes will reboot the system and delete all the local VMs. For more information, see How to switch between nested and non-nested mode.

    For CLI config-reset and factory-reset, the Guest VM Running Mode setting will be kept.

    When backing up and restoring the configuration, the Guest VM Running Mode will also be retained and not restored according to the backup file.

    Install Guest VMs in air-gapped mode:

    The VM cannot be activated online if FortiSandbox is in air-gapped mode.

    To activate the VM in air-gapped mode:
    1. Go to Log & Report > Events > VM Event.
    2. Search for the failure of activation with an installation ID log.
    3. Call the Microsoft Activation Center to get the confirmation ID.
    4. Use the CLI to add the confirmation ID: confirm-id -a –k<windows/office key> –c<confirmation ID> –n<VM name>

    The re-initialization of the VM will start automatically. Please refer to Hyper-V Admin Guide for other operations.

    Tooltip
    • Non-Nested mode: The custom VMs uses vhd file.
    • Nested mode: The custom VMs uses vdi file. They are in a different format.
    Previous
    Next

    Install Guest VMs

    Install Guest VMs

    FortiSandbox supports Local VMs (including Default VM, Optional VM and Custom VM) and Cloud VM. The following table shows the supported VMs by mode:

    Default VM

    Optional VM

    Custom VM

    Nested Mode

    Supported

    Supported

    Support vdi format

    Supported

    Non-Nested Mode

    Support vhd format

    Supported

    To create a custom Windows VM for AWS, follow the steps in the Custom VM Guide which can be found in the Fortinet Developer Network or is available upon request from Customer Support.

    Install Guest VMs in Nested Mode

    To support the nested VMs, you will need to set up two more interfaces: port2 and port3.

    To set up network interfaces for guest VM in Nested mode:
    1. Guest VM uses port3 to communicate with internet in Nested mode. If you have not created port3 in previous steps, please set it up here. Otherwise, skip this step.
    2. Shut down the FortiSandbox VM instance from the AWS Portal.
    3. Create interfaces port2 and port3 for the VMs.

      Nested

      Two interfaces are required:

      • Interface 2: port2
      • Interface 3: port3
    4. Attach this network interface to the FortiSandbox VM instance as FSA Port2 and Port3.
    5. Start the FortiSandbox VM instance from AWS Portal
    6. On the FortiSandbox GUI, go to System > Interfaces to verify that the network interface is attached.
    To install the Guest VM:
    • Please follow the instructions in, VM Settings in the FortiSandbox Administration Guide. There are default VMs, Optional VMs and Customized VM can be enabled with GUI or CLI. The cloud VMs can be enabled with the GUI.
    • Please make sure the status of port3 is connected on VM External Network Access in the System >Settings page.

    If port1’s connection to Fortinet’s image server is not available, the image can be installed with the CLI command: fw-upgrade. For example:

    fw-upgrade -v -thttps –s<your https server> -f/images/WIN10O21V1_1.pkg

    Install Guest VMs as Non-Nested Mode

    To set up additional network interface for custom VM:
    1. FortiSandbox uses port2 to communicate with local Windows or Linux clones on Non-Nested mode. If you have not created port2 in the previous steps, please set it up. Otherwise, skip this step.
    2. Shutdown the FortiSandbox VM instance from the AWS Portal.
    3. Create interfaces for port2 to install the VMs.
    4. Attach this network interface to FortiSandbox VM instance as FSA Port2.
    5. Start the FortiSandbox VM instance from the AWS Portal
    6. On the FortiSandbox GUI, go to System > Interfaces to verify that the network interface is attached.
    To install a custom VM using CLI on Non-Nested Mode:
    1. Go to the FortiSandbox firmware CLI.
    2. Import the VHD image with the CLI: vm-customized.
    Note
    • From v3.2.0, FortiSandbox AWS supports installing custom VMs from AWS AMI.
    • Use a meaningful custom VM name and keep the same name as VM_image_name.
    • From v5.0.0, the password for customized VM is the same as FSA SN when interaction with customized VM.
    • Do not use:
      • Special characters in the name.
      • Reserved FortiSandbox VM names starting with WIN7, WIN8, or WIN10.
      • The set admin-port command to set port2 or port3 as the administrative port.
    Install custom VM from a vhd image file in Non-Nested mode:

    For example: vm-customized -cn -tftp –u[username] -f/path/to/awsENAwin10x64.vhd -d[machine-uuid] -k[md5] -voWindows10_64 -vnENAwin10x64 -s[server-ip]

    Install custom VM from an AMI in Non-Nested mode:

    Install guest VM from an AMI if you have created guest VM AMI before, for example:

    vm-customized -cn –i[ami-id] -voWindows10_64 -vnENAwin10x64

    How to switch between nested and non-nested mode

    To switch between Non-Nested and Nested mode, go to the System > AWS config page. Switching modes will reboot the system and delete all the local VMs. For more information, see How to switch between nested and non-nested mode.

    For CLI config-reset and factory-reset, the Guest VM Running Mode setting will be kept.

    When backing up and restoring the configuration, the Guest VM Running Mode will also be retained and not restored according to the backup file.

    Install Guest VMs in air-gapped mode:

    The VM cannot be activated online if FortiSandbox is in air-gapped mode.

    To activate the VM in air-gapped mode:
    1. Go to Log & Report > Events > VM Event.
    2. Search for the failure of activation with an installation ID log.
    3. Call the Microsoft Activation Center to get the confirmation ID.
    4. Use the CLI to add the confirmation ID: confirm-id -a –k<windows/office key> –c<confirmation ID> –n<VM name>

    The re-initialization of the VM will start automatically. Please refer to Hyper-V Admin Guide for other operations.

    Tooltip
    • Non-Nested mode: The custom VMs uses vhd file.
    • Nested mode: The custom VMs uses vdi file. They are in a different format.
    Previous
    Next