This snippet is used in both FortiSandbox AWS and Azure Guide.
For information on setting up a custom VM on AWS, see the custom VM image section in the FortiSandbox Administration Guide to do the following:
- Create a custom VHD image using virtualization software such as VirtualBox.
- Prepare the OS installation package.
- Install software and components on the custom VM image.
- Set up the VM image environment.
- When creating the VM, specify VHD as the disk image format.
- The disk controller must be IDE.
- The disk size must not be over 20GB.
- The OS must have the PV Driver installed. See Upgrade Windows Server Instances (AWS PV Upgrade) and https://s3.amazonaws.com/ec2-windows-drivers-downloads/AWSPV/Latest/AWSPVDriver.zip.
- Share the VHD file to be accessible from SSH/FTP on a public server or an internal server that can be accessed from the FSA firmware.
This snippet is used in both AWS and Azure Guides.Download FortiSandbox Tools from https://fsavm.fortinet.net/vmtools/FortiSandboxAWSTools.zip and put it in the custom VM (such as
C:\). Then add
FSALauncher_x64.exeto an auto-startup program (using the Startup folder or Task Scheduler).
- Configure Windows to auto-login.
Convert the saved
pem file which you downloaded while creating the key pair to a
- Log in to CLI using the Elastic IP you created by entering username as admin and with the
- In the CLI, run the
statuscommand to view the VM status.
To install the custom VM using CLI:
- Go to the FortiSandbox firmware CLI.
- Import the VHD image using the CLI command
For further information about the
vm-customized command, see the FortiSandbox CLI Reference Guide in the Fortinet Document Library.
Test the installation
- Go to Scan Input > File On-Demand > Submit File. The Submit File dialog box will open.
- Select the file
fiddler2setup.exeand click Submit.
If the file you send to FortiSandbox is not harmful, you will receive a Clean rating.
- Upload and submit any file that might be harmful, or example,
FortiSandbox alerts you if the file is harmful if it contains any malware.
- After uploading files, go to File On-Demand and select any file to check.
- Click the View File icon to view its details.
fsa_dropper.vxe is a fake high-risk sample created by Fortinet. FortiSandbox detects harmful, malicious behavior as High Risk.
To submit a file for risk analysis:
- Click the View File icon of your submitted file for risk analysis.
- Click on the file.
- Click Details to open the High-Risk Dropper page.