Access and configure the FortiSandbox-VM

Access to the FortiSandbox-VM

To connect to the FortiSandbox-VM:

1. On the VM Instances page, choose the instance from the list. Copy the External IP of the Port1 interface.

   

2. Open a web Browser, and enter the https address: https:// <fsa ip>. This can be the external IP or internal IP that is accessible on the PC you are operating.
3. Connect to the FortiSandbox using your browser. Your browser displays a certificate error message, which is normal because browsers do not recognize the default self-signed FortiSandbox certificate. Proceed past this error. In the Chrome browser example below, click Advanced to continue to the address.

   

4. You may see a disclaimer if you are accessing the FortiSandbox for the first time via the GUI (HTTPS, port 443) or SSH (port 22). Click Accept.
5. Log in to the FortiSandbox-VM with the username admin and the supplied temporary password. The initial default password should be the Instance ID.

   

6. When logging in for the first time, you are prompted to change the password. This is required.

   

7. Log into the system with username: admin and the new password.

Upload the license file

Before using FortiSandbox VM:

For BYOL deployments, you must enter the license file that you downloaded from the Customer Service & Support portal upon registration.

After the license has been validated, verify the rating and tracer engines were downloaded and installed.

To upload the license file:

1. Log in to the FortiSandbox VM GUI and locate the System Information widget on the dashboard.
2. Click the System Information widget, and click Upload VM License in the options list. The VM License Upload page opens.
3. Click Upload License File, locate the VM license file (.lic) on your computer, then click Submit to upload the license file. A reboot message appears. The FortiSandbox system will reboot and load the license file.
4. Refresh your browser and log back in to the FortiSandbox. The VM registration status appears as valid in the Connectivity and Services widget once the license has been validated.

As a part of the license validation process FortiSandbox compares its IP address with the IP information in the license file. If a new license has been imported or the FortiSandbox’s IP address has been changed, the FortiSandbox must be rebooted in order for the system to validate the change and operate with a valid license.

If the IP address in the license file and the IP address configured in the FortiSandbox do not match, you will receive an error message when you log back into the VM. If this occurs, you will need to change the IP address in the Customer Service & Support portal to match the management IP and re-download the license file.

Verify the Rating and Tracer engines

Once the FortiSandbox VM license has been validated, the rating and tracer engines will be downloaded automatically from FortiGuard Distribution Network (FDN) and install within an hour. If your FortiSandbox is not able to reach FDN, log on to support site to download the engines and upload them manually to the system.

To verify the engines downloaded:

1. Go to System > FortiGuard.
2. In the Sandbox Rating Engine and Sandbox Tracer Engine rows:
   • Check the Last Update Time.
   • Verify the Last Check Status is Successful.

The following tasks are only required when the engines do not download and install automatically.

To download the rating and tracer engines:

1. Log in to FortiCloud.
2. In the banner, click Support > Service Updates.
3. In the left navigation pane, click FortiSandbox.
4. In the Engine column, click the link to download the file.

To upload the engine file:

1. Go to System > FortiGuard.
2. Click Upload Package File.
3. Navigate to file location on your device and click Open.
4. Click OK. The file is submitted.

Configure GCP Config Settings

To configure the GCP settings:

1. Go to System > GCP Config. A green label indicats the current Guest VM Running Mode. You can switch modes by clicking the labels.

   

   Prerequisites:

   • The instance type running the current unit must support nested virtualization, otherwise you cannot switch to nested mode.
   • The number of clones of all installed VMs is set to 0. Switching modes will automatically delete all installed VMs and reboot.
2. Click the Configuration Wizard button, and enter the required information.

   Parameters	Nested Mode	Non-Nested Mode
   Key	Copy and paste the JSON access key you created for FortiSandbox. For information, see Generate GCP access key for FortiSandbox in Prepare the GCP environment.
   Node Affinities	N/A	Sole-tenant node Group Node affinity label. For more information, see Set up a Sole-tenant node group for running the Custom VM in (Optional) Set up a local custom Windows VM (Non-Nested) Format：compute.googleapis.com/node-group-name:IN:<Node Group Name> Example：compute.googleapis.com/node-group-name:IN:custom-vm-group1
   Instance Type	N/A	Any instance type consistent with the selected node group. For more information, refer to GCP documentation. Example: n2-standard-2
   Allow Hot-Standby VM	N/A	Disable/Enable the toggle. Specify whether the Custom VM clone stays up in the no-scan task state. See, Reduce scan time in custom Windows VM (Non-Nested)

   

3. Click Test Connection to verify the configuration is valid and GCP is accessible with current key.

   

4. Click Save.

Configure the DNS

To configure the DNS:

1. Go to System > DNS.
2. Configure the primary and secondary DNS server addresses for your organization, such as the following:

   Detail	Value
   Primary DNS Server	8.8.8.8
   Secondary DNS Server	8.8.4.4

3. Click OK.

Access FortiSandbox CLI

You can execute CLI commands in the FortiSandbox console or use an SSH client. Use admin as the username to log in.

For information about opening CLI console through web UI, see the Port Information section of the FortiSandboxAdministration Guide.