Fortinet Document Library

Version:


Table of Contents

FortiSandbox VM on AWS

3.1.0
Download PDF
Copy Link

Optional: Installing custom VM

Prepare custom VM

FortiSandbox AWS supports custom VMs. The user can provide the VHD image for created customer VM, and FSA firmware can load the VM image and use it for sample analysis.

How to create a custom VM:

Create the VHD image with a virtualization software solution. For example, VirtualBox. Refer to the custom VM section of the FortiSandbox Administration Guide for further details and instruction.

Key components:

Share the VHD file and accessible from SSH/FTP from on public server, or a internal server that can be accessed from the FSA firmware.

Enter firmware CLI

note icon

If you don’t choose the without key pair option, log in using password <InstanceID>.

  1. Before logging in, convert the saved pem file which you downloaded while creating the key pair to ppk file.
  2. Log in to CLI using the Elastic IP you created by entering username as admin and with the ppk file.

  3. In the CLI, run the status command to view the VM status.

Install via CLI

  1. To install the VM via the CLI, go to FSA firmware CLI.
  2. Import the VHD image using CLI command vm-customized.

For further information about the vm-customized command. Please refer to the FortiSandbox CLI Reference Guide available in the Fortinet Document Library.

Submit a test

  1. Navigate to Scan Input > File On-Demand > Submit File. The Submit File dialog box will open.
  2. Click on choose file and upload the file fiddler2setup.exe, and submit. You should receive a Clean rating after you send the file to FortiSandbox if the uploaded file is clean and not harmful.

  3. The file fsa_dropper.vxe, is a fake high-risk sample created by Fortinet. For harmful malicious behavior, FortiSandbox will detect them as High Risk.

  4. Upload any file that might be harmful. For example the fsa_dropper.vxe file. Click on Submit, you will be alerted by FortiSandbox that this file is harmful if it contains any malware.

  5. After uploading files, you can view File On-Demand page and select any file to check.
  6. Click the View File icon to view its details.
To submit a file for risk analysis:
  1. Click on the View File icon of your submitted file for risk analysis.

  2. Click on the file.
  3. Click on Details.
  4. The High-Risk Dropper page will open.

Optional: Installing custom VM

Prepare custom VM

FortiSandbox AWS supports custom VMs. The user can provide the VHD image for created customer VM, and FSA firmware can load the VM image and use it for sample analysis.

How to create a custom VM:

Create the VHD image with a virtualization software solution. For example, VirtualBox. Refer to the custom VM section of the FortiSandbox Administration Guide for further details and instruction.

Key components:

Share the VHD file and accessible from SSH/FTP from on public server, or a internal server that can be accessed from the FSA firmware.

Enter firmware CLI

note icon

If you don’t choose the without key pair option, log in using password <InstanceID>.

  1. Before logging in, convert the saved pem file which you downloaded while creating the key pair to ppk file.
  2. Log in to CLI using the Elastic IP you created by entering username as admin and with the ppk file.

  3. In the CLI, run the status command to view the VM status.

Install via CLI

  1. To install the VM via the CLI, go to FSA firmware CLI.
  2. Import the VHD image using CLI command vm-customized.

For further information about the vm-customized command. Please refer to the FortiSandbox CLI Reference Guide available in the Fortinet Document Library.

Submit a test

  1. Navigate to Scan Input > File On-Demand > Submit File. The Submit File dialog box will open.
  2. Click on choose file and upload the file fiddler2setup.exe, and submit. You should receive a Clean rating after you send the file to FortiSandbox if the uploaded file is clean and not harmful.

  3. The file fsa_dropper.vxe, is a fake high-risk sample created by Fortinet. For harmful malicious behavior, FortiSandbox will detect them as High Risk.

  4. Upload any file that might be harmful. For example the fsa_dropper.vxe file. Click on Submit, you will be alerted by FortiSandbox that this file is harmful if it contains any malware.

  5. After uploading files, you can view File On-Demand page and select any file to check.
  6. Click the View File icon to view its details.
To submit a file for risk analysis:
  1. Click on the View File icon of your submitted file for risk analysis.

  2. Click on the file.
  3. Click on Details.
  4. The High-Risk Dropper page will open.