Fortinet Document Library

Version:


Table of Contents

FortiSandbox VM on AWS

3.1.0
Download PDF
Copy Link

Preparing VM subnet for FortiSandbox

Creating a private subnet

The Private Subnet ( IPv4 CIDR 10.0.1.0/24) is connected to all VM clones and FSA-VM.

  1. Click Create Subnet. The Create Subnet dialog box will open.

  2. Under the Name Tag field, enter a name. For example, private_FortiSandbox.
  3. Under VPC, select the VPC you created.
  4. In the IPv4 CIDR block field, enter 10.0.1.0/24 (for private subnet).
  5. Click on Yes, Create.

Creating a NAT gateway and setting the route table

note icon

The NAT/Internet Gateway for Private subnet is not recommended by AWS security team, and should be temporary for testing and not running real malware

note icon

AWS security recommends to use AWS VPN or AWS Direct Connect to route out of an egress point to any third party Internet provider.

To create a NAT Gateway:
  1. Under Virtual Private Cloud select NAT Gateways.
  2. Click Create NAT Gateway and select the public subnet you created.
  3. Under the Subnet drop down, select the Elastic IP you created.

  4. Click Create a NAT Gateway.
  5. Under Virtual Private Cloud select Route Tables.
  6. Click Create Route Table for the public subnet.
  7. In the Name Tag field, enter a name.
  8. In the VPC field, select the VPC you created. Click Yes, Create.

  9. Go to Subnet Associations.
  10. Click Edit, select the public subnet, then click Save.

  11. Go to Routes, click Add Another Route
  12. In the Destination field, enter 0.0.0.0/0.
  13. In the Target field, select the Internet Gateway for public subnet you created.
  14. Click Save.
  15. Repeat the steps to create a route table for your private subnet.

Creating and attaching DHCP options to VPC

  1. Under Virtual Private Cloud, select DHCP Options Sets.
  2. Click Create DHCP Options Sets.
  3. Under the Name Tag field, enter a name. For example, dhcp_fortisandbox.
  4. In the Domain Name Servers field, enter the primary IP address you provided when creating eth1. If auto-assigned, enter the IP address from Instance Details.

  5. Click Yes, Create.
  6. Go back to Your VPCs. Right click the VPC entry you created and select Edit DHCP Options Set.

  7. Choose the created DHCP options set and click Save.

 

Preparing VM subnet for FortiSandbox

Creating a private subnet

The Private Subnet ( IPv4 CIDR 10.0.1.0/24) is connected to all VM clones and FSA-VM.

  1. Click Create Subnet. The Create Subnet dialog box will open.

  2. Under the Name Tag field, enter a name. For example, private_FortiSandbox.
  3. Under VPC, select the VPC you created.
  4. In the IPv4 CIDR block field, enter 10.0.1.0/24 (for private subnet).
  5. Click on Yes, Create.

Creating a NAT gateway and setting the route table

note icon

The NAT/Internet Gateway for Private subnet is not recommended by AWS security team, and should be temporary for testing and not running real malware

note icon

AWS security recommends to use AWS VPN or AWS Direct Connect to route out of an egress point to any third party Internet provider.

To create a NAT Gateway:
  1. Under Virtual Private Cloud select NAT Gateways.
  2. Click Create NAT Gateway and select the public subnet you created.
  3. Under the Subnet drop down, select the Elastic IP you created.

  4. Click Create a NAT Gateway.
  5. Under Virtual Private Cloud select Route Tables.
  6. Click Create Route Table for the public subnet.
  7. In the Name Tag field, enter a name.
  8. In the VPC field, select the VPC you created. Click Yes, Create.

  9. Go to Subnet Associations.
  10. Click Edit, select the public subnet, then click Save.

  11. Go to Routes, click Add Another Route
  12. In the Destination field, enter 0.0.0.0/0.
  13. In the Target field, select the Internet Gateway for public subnet you created.
  14. Click Save.
  15. Repeat the steps to create a route table for your private subnet.

Creating and attaching DHCP options to VPC

  1. Under Virtual Private Cloud, select DHCP Options Sets.
  2. Click Create DHCP Options Sets.
  3. Under the Name Tag field, enter a name. For example, dhcp_fortisandbox.
  4. In the Domain Name Servers field, enter the primary IP address you provided when creating eth1. If auto-assigned, enter the IP address from Instance Details.

  5. Click Yes, Create.
  6. Go back to Your VPCs. Right click the VPC entry you created and select Edit DHCP Options Set.

  7. Choose the created DHCP options set and click Save.