Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Best Practices

    Home FortiSandbox 4.2.0 Best Practices
    4.2.0
    5.0.0
    4.4.0
    4.2.0
    4.0.0
    3.2.0
    3.1.0
    3.0.0

    Setting up a FortiSandbox VM00 as Primary node for high availability

    Setting up a FortiSandbox VM00 as Primary node for high availability

    A popular FortiSandbox HA-cluster deployment is based on using FortiSandbox VM00 as a Primary node and one or more FortiSandbox appliances or virtual machines as Worker nodes. A second FortiSandbox VM00 as a Secondary node is highly recommended to make Sandboxing services fault tolerant and configuration simpler.

    To set up and operate a healthy and scalable cluster with VM00:
    1. H/W Requirements of Primary and Secondary nodes:

      • Minimum configuration: Set up the with minimum of: 4 vCPU, 8 GB RAM and 200 GB SSD drive.
      • Recommended configuration: 16 vCPU, 32 GB RAM and 1 TB SSD drive.
    2. Network Setup:

      • Make sure that network topology, routing and DNS settings of Primary and Secondary nodes are the same.
      • Configure a cluster level failover IP on all ports to provide Sandboxing accessibility (admin-port, api-port, ICAP and MTA/BCC ports).
      • Enable Promiscuous mode in the hypervisor settings (if applicable) to ensure correct operation of failover IP.
    3. Configurations on Primary and Secondary nodes;

      • Do not install Windows VMs on these nodes. If these nodes already have them installed, set VM clone number to zero (0)
    4. Licenses:

      • Make sure to acquire a Sandbox Threat Intelligence subscription for all the nodes.
      • Additional licenses (such as Windows, Office and Custom VM) are not required on both Primary and Secondary nodes.
    Previous
    Next

    Setting up a FortiSandbox VM00 as Primary node for high availability

    Setting up a FortiSandbox VM00 as Primary node for high availability

    A popular FortiSandbox HA-cluster deployment is based on using FortiSandbox VM00 as a Primary node and one or more FortiSandbox appliances or virtual machines as Worker nodes. A second FortiSandbox VM00 as a Secondary node is highly recommended to make Sandboxing services fault tolerant and configuration simpler.

    To set up and operate a healthy and scalable cluster with VM00:
    1. H/W Requirements of Primary and Secondary nodes:

      • Minimum configuration: Set up the with minimum of: 4 vCPU, 8 GB RAM and 200 GB SSD drive.
      • Recommended configuration: 16 vCPU, 32 GB RAM and 1 TB SSD drive.
    2. Network Setup:

      • Make sure that network topology, routing and DNS settings of Primary and Secondary nodes are the same.
      • Configure a cluster level failover IP on all ports to provide Sandboxing accessibility (admin-port, api-port, ICAP and MTA/BCC ports).
      • Enable Promiscuous mode in the hypervisor settings (if applicable) to ensure correct operation of failover IP.
    3. Configurations on Primary and Secondary nodes;

      • Do not install Windows VMs on these nodes. If these nodes already have them installed, set VM clone number to zero (0)
    4. Licenses:

      • Make sure to acquire a Sandbox Threat Intelligence subscription for all the nodes.
      • Additional licenses (such as Windows, Office and Custom VM) are not required on both Primary and Secondary nodes.
    Previous
    Next