Fortinet white logo
Fortinet white logo
5.0.0

(Optional) Set up a local custom Windows VM (Non-Nested)

(Optional) Set up a local custom Windows VM (Non-Nested)

Create a custom VM for GCP Non-Nested

To create a custom Windows VM for GCP Non-Nested unit, follow the steps in the FortiSandbox Custom VM Guide which can be found in the Fortinet Developer Network or is available from Customer Support upon request.

Upload the custom VM disk file to a GCP bucket

To upload the VM disk file:
  1. Go to Cloud Storage > Buckets.
  2. Select an existing bucket or create a new one, and upload the VM virtual disk file.

Note

GCP supports VMDK and VHD image formats.

Create a custom VM image using the virtual disk file

To create a custom image:
  1. Go to Compute Engine > Storage > Images and click CREATE IMAGE.

  2. Configure the image then click CREATE.

    Name Enter a name for the image.
    SourceSelect the source from the dropdown.

    Virtual disk file

    Click Browse to upload the disk file.

    OS licenseSelect the license key type.

  3. When the operation is successful, refresh the Compute Engine > Storage > Images page. The new GCP custom image file should be listed.

    This process may take more than 20 minutes.

Set up a Sole-tenant node group for running the Custom VM

To set up a sole-tenant node group:
  1. Go to Compute Engine > Sole-tenant nodes and click CREATE NODE GROUP.

  2. Complete the required steps in the wizard.

    After the Node Group is successfully created, it will appear in the Node Group tab.

  3. Validate the CUSTOM VM IMAGE and NODE GROUP by setting up an instance using the Custom VM Image and Sole-tenant node Group

    To check the validity of the CUSTOM VM IMAGE and NODE GROUP, you can try to set up an instance using the Custom VM Image and Sole-tenant node Group.

    Boot Disk: Select the Custom VM Image

    Sole-tenancy > Node affinity labels: Select the node group that just created

    Example: compute.googleapis.com/node-group-name:IN:custom-vm-group

Configure the Network Interface of Port2

The FortiSandbox Non-Nested instance uses port2 to communicate with local Windows or Linux clones. If you need to use a local Custom VM on FortiSandbox, you need to ensure that there are at least two NICs when creating the FortiSandbox instance, which belongs to two different VPC subnets. The subnet where Port2 is located can be a private network. If it needs to connect to the Internet when performing scanning jobs, you will also need to configure the corresponding Cloud NAT Gateway and Cloud Router for it.

After the FortiSandbox instance is created, start the instance and go to System > Interfaces to verify the network interface is attached and the IP address is set as desired.

Install the custom VM using the CLI

After the custom VM image is created, it should be installed on FortiSandbox with the CLI. For details of using FortiSandbox CLI, see Access FortiSandbox CLI.

Note

Do not use the set admin-port command to set port2 as the administrative port.

To install and enable a custom VM on GCP (Non-Nested):
  1. Go to the FortiSandbox firmware CLI.
  2. Import the GCP Custom VM image using the CLI command vm-customized.

    For more information about the vm-customized command, see the FortiSandbox CLI Reference Guide.

    CLI Command Usage: vm-customized -cn -vo<OS type> -vn< VM name > -i<GCP Custom VM Image Name>

    Example

    vm-customized -cn -voWindows10_64 -vngcpwin10v2 -iwin10gcp-image-v2

  3. In the FortiSandbox GUI, go to Scan Policy and Object > VM Settings and change Clone # to 1 or higher, the click Apply.

  4. VM initialization.

    Once the initialization process is done, you should be able to see the clone instance listed in the GCP VM instances list. The Custom VM is activated and loaded on FortiSandbox GUI.

    Note

    This process may take up to ten minutes to complete.

  5. In the FortiSandbox GUI, go to the Dashboard to verify there is a green check mark beside the Windows VM.

  6. To associate file extensions to the custom VM, go to Scan Policy and Object > Scan Profile to the VM Association tab.

(Optional) Set up a local custom Windows VM (Non-Nested)

(Optional) Set up a local custom Windows VM (Non-Nested)

Create a custom VM for GCP Non-Nested

To create a custom Windows VM for GCP Non-Nested unit, follow the steps in the FortiSandbox Custom VM Guide which can be found in the Fortinet Developer Network or is available from Customer Support upon request.

Upload the custom VM disk file to a GCP bucket

To upload the VM disk file:
  1. Go to Cloud Storage > Buckets.
  2. Select an existing bucket or create a new one, and upload the VM virtual disk file.

Note

GCP supports VMDK and VHD image formats.

Create a custom VM image using the virtual disk file

To create a custom image:
  1. Go to Compute Engine > Storage > Images and click CREATE IMAGE.

  2. Configure the image then click CREATE.

    Name Enter a name for the image.
    SourceSelect the source from the dropdown.

    Virtual disk file

    Click Browse to upload the disk file.

    OS licenseSelect the license key type.

  3. When the operation is successful, refresh the Compute Engine > Storage > Images page. The new GCP custom image file should be listed.

    This process may take more than 20 minutes.

Set up a Sole-tenant node group for running the Custom VM

To set up a sole-tenant node group:
  1. Go to Compute Engine > Sole-tenant nodes and click CREATE NODE GROUP.

  2. Complete the required steps in the wizard.

    After the Node Group is successfully created, it will appear in the Node Group tab.

  3. Validate the CUSTOM VM IMAGE and NODE GROUP by setting up an instance using the Custom VM Image and Sole-tenant node Group

    To check the validity of the CUSTOM VM IMAGE and NODE GROUP, you can try to set up an instance using the Custom VM Image and Sole-tenant node Group.

    Boot Disk: Select the Custom VM Image

    Sole-tenancy > Node affinity labels: Select the node group that just created

    Example: compute.googleapis.com/node-group-name:IN:custom-vm-group

Configure the Network Interface of Port2

The FortiSandbox Non-Nested instance uses port2 to communicate with local Windows or Linux clones. If you need to use a local Custom VM on FortiSandbox, you need to ensure that there are at least two NICs when creating the FortiSandbox instance, which belongs to two different VPC subnets. The subnet where Port2 is located can be a private network. If it needs to connect to the Internet when performing scanning jobs, you will also need to configure the corresponding Cloud NAT Gateway and Cloud Router for it.

After the FortiSandbox instance is created, start the instance and go to System > Interfaces to verify the network interface is attached and the IP address is set as desired.

Install the custom VM using the CLI

After the custom VM image is created, it should be installed on FortiSandbox with the CLI. For details of using FortiSandbox CLI, see Access FortiSandbox CLI.

Note

Do not use the set admin-port command to set port2 as the administrative port.

To install and enable a custom VM on GCP (Non-Nested):
  1. Go to the FortiSandbox firmware CLI.
  2. Import the GCP Custom VM image using the CLI command vm-customized.

    For more information about the vm-customized command, see the FortiSandbox CLI Reference Guide.

    CLI Command Usage: vm-customized -cn -vo<OS type> -vn< VM name > -i<GCP Custom VM Image Name>

    Example

    vm-customized -cn -voWindows10_64 -vngcpwin10v2 -iwin10gcp-image-v2

  3. In the FortiSandbox GUI, go to Scan Policy and Object > VM Settings and change Clone # to 1 or higher, the click Apply.

  4. VM initialization.

    Once the initialization process is done, you should be able to see the clone instance listed in the GCP VM instances list. The Custom VM is activated and loaded on FortiSandbox GUI.

    Note

    This process may take up to ten minutes to complete.

  5. In the FortiSandbox GUI, go to the Dashboard to verify there is a green check mark beside the Windows VM.

  6. To associate file extensions to the custom VM, go to Scan Policy and Object > Scan Profile to the VM Association tab.