Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiSandbox 3.0.7 Administration Guide
    3.0.7
    5.0.0
    4.4.6
    4.4.5
    4.4.4
    4.4.3
    4.4.2
    4.4.1
    4.4.0
    4.2.7
    4.2.6
    4.2.5
    4.2.4
    4.2.3
    4.2.2
    4.2.1
    4.2.0
    4.0.5
    4.0.4
    4.0.3
    4.0.2
    4.0.1
    4.0.0
    3.2.4
    3.2.3
    3.2.2
    3.2.1
    3.2.0
    3.1.5
    3.1.4
    3.1.3
    3.1.2
    3.1.1
    3.1.0
    3.0.7
    3.0.6

    Virtual Machine

    VM Images

    Go to Virtual Machine > VM Images to view all installed VM Images and configure the number of instances of each image.

    VM Images are grouped to three categories:

    Default VMs

    Basic set of images installed on FortiSandbox by default. For FSA-AWS model, it's the installed Windows VMs on AWS.

    Optional VMs

    Fortinet published optional VM images.

    Customized VMs

    User created images and uploaded to FortiSandbox.

    Remote VMs

    MACOSX and Windows Cloud VM are supported as remote VMs. You can purchase subscription services from Fortinet to reserve clone numbers in the Fortinet Sandboxing Cloud.

    From 3.0, no TRIAL license is provided for MACOSX VM.

    In Cluster mode for MACOSX remote VMs, all cluster node share collected pool of reserved clones from each unit. This means even a node that has no remote VM contract purchased, it can still upload files to the cloud for scanning. For the cluster as whole, at any moment, the number of files being scanned in Cloud will no exceed total reserved clone numbers.

    In Cluster mode for Windows Cloud VM, VM00 units in the cluster can purchase Windows cloud VM seat counts. These cloud VM clones are local to that VM00 unit and are not shared.
    Note

    A new Ubuntu18 optional VM has been introduced in FortiSandbox 3.1.0.

    When Fortinet publishes a new version of VM image on its image server, the image will show up in the Optional VMs group. A download button will show up in Status column. Users can click the button to start downloading. After the image has downloaded, a Ready to Install button will be displayed. When the user clicks on it, all downloaded images will start installing. After installation, the system will reboot automatically. Users can also click the Remove button to delete a downloaded image.

    After an image is installed, its license key will be checked. If no key is available, the image's status will be installed but disabled, until the key is installed and the image is activated. After the image is activated, users can start using it by setting its clone number to be greater than 0. Thereafter, the Image's status will become activated.

    The following options are available:

    Edit Clone Number

    Select a VM Image and select Edit Clone Number from the toolbar to edit the entry. Click the green checkmark to save the new number. Then, click the Apply button to apply the changes.

    Delete VM

    Select a VM Image and select Delete VM from the toolbar to delete the entry. The default set of four Windows VMs cannot be deleted. Deleted VMs will only be deleted after the system reboots.

    Undelete VM

    After deleting a VM you have the option to Undelete the VM to recover it. After the system reboots and the delete action has been completed, the user cannot undelete a VM.

    VM Screenshot

    Select to take a screenshot of a running VM, and the file name the VM is scanning. The button is only available for admin user.

    The following information is displayed:

    Enabled VM Types

    Max number of VM types that can concurrently run. It cannot exceed four on models other than FSA-3000E. On FSA-3000E, the number is six.

    Keys

    Max number of keys. This includes used key numbers and installed key numbers.

    Clone Number

    Max Clone number. It is the number of the installed Windows license. For example:

    • FSA-3000D, the maximum clone number is 28.
    • FSA-1000D, the maximum clone number is 8.
    • FSA-3500D, the maximum clone number is 8.
    • FSA-3000E, the maximum clone number is 56.
    • FSA-2000E, the maximum clone number is 24.
    • FSAVM00, the maximum clone number is 8. To expand the unit's scan power, you can purchase cloud Windows VM subscription. Files can be sent to Fortinet Cloud Sandboxing to scan.

    Name

    Name of the VM Image. The name is unique in the system. If the user uploads a new VM image of the same name, the current installation will be replaced.

    A Chart icon is located beside the Name column on the left side. When you click on the Chart icon, the VM’s usage chart will appear.

    Version

    VM Image version. If a new version of an image is published on the Fortinet Image Server, a New Version Available icon will appear. Users can download, install and activate it.

    Status

    		 VM Image status. A VM image can be one of the following statuses:
    • Ready to Download
    • Ready to Upgrade
    • Downloading (shows a progress bar)
    • Ready to Install (Install or Remove downloaded image)
    • Installing
    • Installed (Disabled)
    • Installed (No Key Available)
    • Activated

    Enabled

    If an image's clone number is 0, it is disabled. Otherwise it is enabled.

    Clone#

    VM Clone number. The user can double click the number to edit it, then click the green check mark to save the new number. Click Apply to apply the change. The VM system will initialize again. The total clone number of all VM images cannot exceed the number of installed Windows license(s). For example, for FSA-3000D, the maximum clone number is 28.

    Load#

    The used VM clone number. For example, if a cluster primary (master) node is set to use 50% of sandboxing scan power, the load # is half of clone #.

    Extensions

    List of all the file types the VM image is associated with. It means files of these types will be scanned by this VM if these types are determined to enter the job queue. The system decides if they need to be sandboxed.

    If the sandbox prefiltering is turned off for a file type, it will be scanned inside each associated VM type.

    If sandbox prefiltering is turned on, files of this file type will be statically scanned first by an advanced analytic engine and only suspicious ones will be scanned inside associated VM type.

    File type and VM association can be defined in the Scan Policy > Scan Profile page. Users can double click the value to access the Scan Profile page to edit the list.

    Enabled clone numbers will be checked against allocated CPU and memory resources. If they are not enough, a warning message will appear and the setting will be denied.
    Previous
    Next

    Virtual Machine

    VM Images

    Go to Virtual Machine > VM Images to view all installed VM Images and configure the number of instances of each image.

    VM Images are grouped to three categories:

    Default VMs

    Basic set of images installed on FortiSandbox by default. For FSA-AWS model, it's the installed Windows VMs on AWS.

    Optional VMs

    Fortinet published optional VM images.

    Customized VMs

    User created images and uploaded to FortiSandbox.

    Remote VMs

    MACOSX and Windows Cloud VM are supported as remote VMs. You can purchase subscription services from Fortinet to reserve clone numbers in the Fortinet Sandboxing Cloud.

    From 3.0, no TRIAL license is provided for MACOSX VM.

    In Cluster mode for MACOSX remote VMs, all cluster node share collected pool of reserved clones from each unit. This means even a node that has no remote VM contract purchased, it can still upload files to the cloud for scanning. For the cluster as whole, at any moment, the number of files being scanned in Cloud will no exceed total reserved clone numbers.

    In Cluster mode for Windows Cloud VM, VM00 units in the cluster can purchase Windows cloud VM seat counts. These cloud VM clones are local to that VM00 unit and are not shared.
    Note

    A new Ubuntu18 optional VM has been introduced in FortiSandbox 3.1.0.

    When Fortinet publishes a new version of VM image on its image server, the image will show up in the Optional VMs group. A download button will show up in Status column. Users can click the button to start downloading. After the image has downloaded, a Ready to Install button will be displayed. When the user clicks on it, all downloaded images will start installing. After installation, the system will reboot automatically. Users can also click the Remove button to delete a downloaded image.

    After an image is installed, its license key will be checked. If no key is available, the image's status will be installed but disabled, until the key is installed and the image is activated. After the image is activated, users can start using it by setting its clone number to be greater than 0. Thereafter, the Image's status will become activated.

    The following options are available:

    Edit Clone Number

    Select a VM Image and select Edit Clone Number from the toolbar to edit the entry. Click the green checkmark to save the new number. Then, click the Apply button to apply the changes.

    Delete VM

    Select a VM Image and select Delete VM from the toolbar to delete the entry. The default set of four Windows VMs cannot be deleted. Deleted VMs will only be deleted after the system reboots.

    Undelete VM

    After deleting a VM you have the option to Undelete the VM to recover it. After the system reboots and the delete action has been completed, the user cannot undelete a VM.

    VM Screenshot

    Select to take a screenshot of a running VM, and the file name the VM is scanning. The button is only available for admin user.

    The following information is displayed:

    Enabled VM Types

    Max number of VM types that can concurrently run. It cannot exceed four on models other than FSA-3000E. On FSA-3000E, the number is six.

    Keys

    Max number of keys. This includes used key numbers and installed key numbers.

    Clone Number

    Max Clone number. It is the number of the installed Windows license. For example:

    • FSA-3000D, the maximum clone number is 28.
    • FSA-1000D, the maximum clone number is 8.
    • FSA-3500D, the maximum clone number is 8.
    • FSA-3000E, the maximum clone number is 56.
    • FSA-2000E, the maximum clone number is 24.
    • FSAVM00, the maximum clone number is 8. To expand the unit's scan power, you can purchase cloud Windows VM subscription. Files can be sent to Fortinet Cloud Sandboxing to scan.

    Name

    Name of the VM Image. The name is unique in the system. If the user uploads a new VM image of the same name, the current installation will be replaced.

    A Chart icon is located beside the Name column on the left side. When you click on the Chart icon, the VM’s usage chart will appear.

    Version

    VM Image version. If a new version of an image is published on the Fortinet Image Server, a New Version Available icon will appear. Users can download, install and activate it.

    Status

    		 VM Image status. A VM image can be one of the following statuses:
    • Ready to Download
    • Ready to Upgrade
    • Downloading (shows a progress bar)
    • Ready to Install (Install or Remove downloaded image)
    • Installing
    • Installed (Disabled)
    • Installed (No Key Available)
    • Activated

    Enabled

    If an image's clone number is 0, it is disabled. Otherwise it is enabled.

    Clone#

    VM Clone number. The user can double click the number to edit it, then click the green check mark to save the new number. Click Apply to apply the change. The VM system will initialize again. The total clone number of all VM images cannot exceed the number of installed Windows license(s). For example, for FSA-3000D, the maximum clone number is 28.

    Load#

    The used VM clone number. For example, if a cluster primary (master) node is set to use 50% of sandboxing scan power, the load # is half of clone #.

    Extensions

    List of all the file types the VM image is associated with. It means files of these types will be scanned by this VM if these types are determined to enter the job queue. The system decides if they need to be sandboxed.

    If the sandbox prefiltering is turned off for a file type, it will be scanned inside each associated VM type.

    If sandbox prefiltering is turned on, files of this file type will be statically scanned first by an advanced analytic engine and only suspicious ones will be scanned inside associated VM type.

    File type and VM association can be defined in the Scan Policy > Scan Profile page. Users can double click the value to access the Scan Profile page to edit the list.

    Enabled clone numbers will be checked against allocated CPU and memory resources. If they are not enough, a warning message will appear and the setting will be denied.
    Previous
    Next