Fortinet Document Library

Version:


Table of Contents

FortiSandbox VM on AWS

3.1.0
Download PDF
Copy Link

Preparing network connection for FortiSandbox VM

Creating a private subnet

The Private Subnet (IPv4 CIDR 10.0.1.0/24) is connected to all VM clones and FSA-VM.

  1. Click Create Subnet and configure the following information.
    • For Name tag, enter a name. For example, private_FortiSandbox.
    • For VPC, select the VPC you created.
    • For IPv4 CIDR block, enter 10.0.1.0/24 (for private subnet).

  2. Click Yes, Create.

Creating a NAT gateway and setting the route table

The AWS security team recommends the following:

  • Do not use NAT/Internet Gateway for private subnet. You can use it temporarily for testing but do not use it for running real malware.
  • Use AWS VPN or AWS Direct Connect to route out of an egress point to a third-party Internet provider.
To create a NAT Gateway:
  1. Under Virtual Private Cloud, select NAT Gateways.
  2. Click Create NAT Gateway and select the public subnet you created.
  3. For Subnet, select the Elastic IP you created.

  4. Click Create a NAT Gateway.
  5. For Virtual Private Cloud, select Route Tables.
  6. Click Create Route Table and configure the following. Then click Yes, Create.
    • For Name Tag, enter a name.
    • For VPC, select the VPC you created.

  7. Go to Subnet Associations.
  8. Click Edit, select the public subnet, then click Save.

  9. Go to Routes and click Add Another Route.
    • For Destination, enter 0.0.0.0/0.
    • For Target, select the Internet Gateway for public subnet you created.
  10. Click Save.
  11. Repeat these steps to create a route table for your private subnet.

Creating and attaching DHCP options to VPC

  1. Under Virtual Private Cloud, select DHCP Options Sets.
  2. Click Create DHCP options set and configure the following:
    • For Name, enter a name. For example, dhcp_fortisandbox.
    • For Domain name servers, enter the primary IP address you provided when creating eth1 of FortiSandbox. If auto-assigned, enter the IP address from Instance Details.

  3. Click Create DHCP options set.
  4. Go back to Your VPCs; then right-click the VPC entry you created and select Edit DHCP Options Set.

  5. Choose the DHCP Options Set you created and click Save.

Preparing network connection for FortiSandbox VM

Creating a private subnet

The Private Subnet (IPv4 CIDR 10.0.1.0/24) is connected to all VM clones and FSA-VM.

  1. Click Create Subnet and configure the following information.
    • For Name tag, enter a name. For example, private_FortiSandbox.
    • For VPC, select the VPC you created.
    • For IPv4 CIDR block, enter 10.0.1.0/24 (for private subnet).

  2. Click Yes, Create.

Creating a NAT gateway and setting the route table

The AWS security team recommends the following:

  • Do not use NAT/Internet Gateway for private subnet. You can use it temporarily for testing but do not use it for running real malware.
  • Use AWS VPN or AWS Direct Connect to route out of an egress point to a third-party Internet provider.
To create a NAT Gateway:
  1. Under Virtual Private Cloud, select NAT Gateways.
  2. Click Create NAT Gateway and select the public subnet you created.
  3. For Subnet, select the Elastic IP you created.

  4. Click Create a NAT Gateway.
  5. For Virtual Private Cloud, select Route Tables.
  6. Click Create Route Table and configure the following. Then click Yes, Create.
    • For Name Tag, enter a name.
    • For VPC, select the VPC you created.

  7. Go to Subnet Associations.
  8. Click Edit, select the public subnet, then click Save.

  9. Go to Routes and click Add Another Route.
    • For Destination, enter 0.0.0.0/0.
    • For Target, select the Internet Gateway for public subnet you created.
  10. Click Save.
  11. Repeat these steps to create a route table for your private subnet.

Creating and attaching DHCP options to VPC

  1. Under Virtual Private Cloud, select DHCP Options Sets.
  2. Click Create DHCP options set and configure the following:
    • For Name, enter a name. For example, dhcp_fortisandbox.
    • For Domain name servers, enter the primary IP address you provided when creating eth1 of FortiSandbox. If auto-assigned, enter the IP address from Instance Details.

  3. Click Create DHCP options set.
  4. Go back to Your VPCs; then right-click the VPC entry you created and select Edit DHCP Options Set.

  5. Choose the DHCP Options Set you created and click Save.