Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiSandbox VM on OCI

    Home FortiSandbox Public Cloud 5.0.0 FortiSandbox VM on OCI
    5.0.0
    5.0.0
    4.2.3

    Set up a scan VM

    Set up a scan VM

    Configure the Network Interface of Port 3

    The FortiSandbox instance uses Port 3 to communicate with local Windows or Linux clones. If you need to use a local Custom VM on FortiSandbox,you need to ensure that there are at least 3 NICs when creating a FortiSandbox instance, which belongs to two different subnets. The subnet where Port 3 is located can be a private network. If it needs to connect to the Internet when performing scanning jobs, you also need to configure the corresponding NAT Gateway.

    After the FortiSandbox instance is created, start the instance and go to System > Interfaces to verify the network interface is attached and the IP address is set as desired.

    Install Guest VMs

    To install and enable the local or cloud Guest VMs

    Go to Scan Policy and Object > VM Settings. Install and enable the VM clones as desired.

    For the FortiSandbox-OCI-Nested:

    Supports all types of Guest VMs, including Default VMs, Optional VMs, Custom VMs, and Remote (Cloud) VMs. For more information, please refer to VM settings in the FortiSandbox Administration Guide.

    Note:

    Note

    Before downloading and enabling the VMs please make sure the corresponding licenses and keys are ready and uploaded. See, VM settings in the FortiSandbox Administration Guide.

    Set up a Windows Cloud VM

    1. Go to Scan Policy and Object > VM Settings.
    2. For the WindowCloudVM change the Clone # to a value greater than 0 and click Apply.
      Note

      A Windows/MACOS Cloud VM support contract support is required.

    Optional: Set up a local custom VM

    To create a custom Windows VM for OCI, follow the steps in Custom VM Guide which can be found in the Fortinet Developer Network or is available upon request from Customer Support.

    Note

    OCI uses VirtualBox Disk Image (.vdi) format custom Windows VM same as Private cloud or On-premise unit.

    Install the custom VM using the CLI

    To install and enable a custom VM on OCI:
    1. Upload the custom VM VirtualBox Disk Image (.vdi) file to a server accessible by the FortiSandbox instance.
    2. Go to the FortiSandbox firmware CLI. Import the OCI Custom VM image using the CLI command vm-customized.

      vm-customized

      For more information about the vm-customized command, see the FortiSandbox CLI Reference Guide in the Fortinet Document Library.

      CLI Command Usage:

      vm-customized -cn –t<ftp|scp> -s <server IP address> –u<username> -p<password> -f < VM VirtualBox Disk Image (.vdi) file path> -d <hardware ID or machine ID> -k <MD5 checksum for uploaded file> -vo <OS type> -vn <VM name>

      CLI Example Usage:

      vm-customized -cn -tscp -s10.0.49.145 -uopc -popc -f./WIN10O19V1CUST.vdi -d671BC5F7-4B0F-FF43-B923-8B1645581DC8 -k39f9e72ade4046b203d700b6fe57d24c -voWindows10_64 -vnWIN10O19V1CUST

    3. In the FortiSandbox GUI, go to Scan Policy and Object > VM Settings and change Clone # to 1 or higher, then click Apply.
    4. Wait until the VM initialization process is done. Once the initialization process is done, you should be able to see the Custom VM is activated and loaded on FortiSandbox GUI. This process may take up to ten minutes to complete.
    5. In the FortiSandbox GUI, go to the Dashboard to verify there is a green checkmark beside Windows VM.
    6. To associate file extensions to the custom VM, go to Scan Policy and Object> Scan Profile and click the VM Association tab.

    To connect Port 3 NIC to the Internet when performing scanning jobs:
    1. Go to Scan Policy and Object > General Settings.
      1. Enable Allow Virtual Machines to access external network through outgoing port3.
      2. Enter the Gateway as x.x.x.1 and DNS as 8.8.8.8.
      3. Click OK.
    2. Go to the FortiSandbox firmware CLI. Test the Port3 internet access using the CLI command:

      test-network vm_connect

      The following image shows that Port 3 can access the Internet normally.

    Previous
    Next

    Set up a scan VM

    Set up a scan VM

    Configure the Network Interface of Port 3

    The FortiSandbox instance uses Port 3 to communicate with local Windows or Linux clones. If you need to use a local Custom VM on FortiSandbox,you need to ensure that there are at least 3 NICs when creating a FortiSandbox instance, which belongs to two different subnets. The subnet where Port 3 is located can be a private network. If it needs to connect to the Internet when performing scanning jobs, you also need to configure the corresponding NAT Gateway.

    After the FortiSandbox instance is created, start the instance and go to System > Interfaces to verify the network interface is attached and the IP address is set as desired.

    Install Guest VMs

    To install and enable the local or cloud Guest VMs

    Go to Scan Policy and Object > VM Settings. Install and enable the VM clones as desired.

    For the FortiSandbox-OCI-Nested:

    Supports all types of Guest VMs, including Default VMs, Optional VMs, Custom VMs, and Remote (Cloud) VMs. For more information, please refer to VM settings in the FortiSandbox Administration Guide.

    Note:

    Note

    Before downloading and enabling the VMs please make sure the corresponding licenses and keys are ready and uploaded. See, VM settings in the FortiSandbox Administration Guide.

    Set up a Windows Cloud VM

    1. Go to Scan Policy and Object > VM Settings.
    2. For the WindowCloudVM change the Clone # to a value greater than 0 and click Apply.
      Note

      A Windows/MACOS Cloud VM support contract support is required.

    Optional: Set up a local custom VM

    To create a custom Windows VM for OCI, follow the steps in Custom VM Guide which can be found in the Fortinet Developer Network or is available upon request from Customer Support.

    Note

    OCI uses VirtualBox Disk Image (.vdi) format custom Windows VM same as Private cloud or On-premise unit.

    Install the custom VM using the CLI

    To install and enable a custom VM on OCI:
    1. Upload the custom VM VirtualBox Disk Image (.vdi) file to a server accessible by the FortiSandbox instance.
    2. Go to the FortiSandbox firmware CLI. Import the OCI Custom VM image using the CLI command vm-customized.

      vm-customized

      For more information about the vm-customized command, see the FortiSandbox CLI Reference Guide in the Fortinet Document Library.

      CLI Command Usage:

      vm-customized -cn –t<ftp|scp> -s <server IP address> –u<username> -p<password> -f < VM VirtualBox Disk Image (.vdi) file path> -d <hardware ID or machine ID> -k <MD5 checksum for uploaded file> -vo <OS type> -vn <VM name>

      CLI Example Usage:

      vm-customized -cn -tscp -s10.0.49.145 -uopc -popc -f./WIN10O19V1CUST.vdi -d671BC5F7-4B0F-FF43-B923-8B1645581DC8 -k39f9e72ade4046b203d700b6fe57d24c -voWindows10_64 -vnWIN10O19V1CUST

    3. In the FortiSandbox GUI, go to Scan Policy and Object > VM Settings and change Clone # to 1 or higher, then click Apply.
    4. Wait until the VM initialization process is done. Once the initialization process is done, you should be able to see the Custom VM is activated and loaded on FortiSandbox GUI. This process may take up to ten minutes to complete.
    5. In the FortiSandbox GUI, go to the Dashboard to verify there is a green checkmark beside Windows VM.
    6. To associate file extensions to the custom VM, go to Scan Policy and Object> Scan Profile and click the VM Association tab.

    To connect Port 3 NIC to the Internet when performing scanning jobs:
    1. Go to Scan Policy and Object > General Settings.
      1. Enable Allow Virtual Machines to access external network through outgoing port3.
      2. Enter the Gateway as x.x.x.1 and DNS as 8.8.8.8.
      3. Click OK.
    2. Go to the FortiSandbox firmware CLI. Test the Port3 internet access using the CLI command:

      test-network vm_connect

      The following image shows that Port 3 can access the Internet normally.

    Previous
    Next