Fortinet Document Library

Version:


Table of Contents

FortiSandbox VM on Azure

3.1.0
Download PDF
Copy Link

Deploying FortiSandbox VM on Azure (Basic)

To deploy FortiSandbox VM on Azure with Windows Cloud VMs:
  1. Go to Azure Marketplace and search for Fortinet FortiSandbox.

    Screenshot displaying the Azure Wizard search for Fortinet Sandbox

  2. Select a software plan and then click Create to start the setup wizard.

    If you select Fortinet FortiSandbox-VM for Azure BYOL, you must provide your own licenses.

    Screenshot displaying the Azure Wizard search for Fortinet Sandbox

  3. In the setup wizard, click Create.
  4. Configure the virtual machine.

    Screenshot displays Azure Wizard with information required for FSA VM

    Resource group Create a new resource group.
    Virtual machine name Name of the VM.
    Region VM region.
    Size

    Select the VM instance type. We recommend Standard A4 v2 for speed and storage capacity.

    FortiSandbox on Azure uses the temporary disk (provided free by the VM) to store and process job files. A secondary disk is not required.

    Authentication type Click Password or SSH public key.
    Username Enter a secondary admin user; the default Admin user is always created.
  5. Click Review + Create.
  6. When the setup wizard has validated your information, click Create.

    Wait a few minutes for the FortiSandbox VM to become available.

    Screenshot displaying validation passed in Azure

  7. When the VM is available, click Go to resource to go to the VM.

    Screenshot displaying the successful deployment of FSA for Azure

  8. Use the Public IP address assigned to the FortiSandbox to access from HTTPS.

  9. Get the default admin password for the FortiSandbox VM using the Azure CLI command az vm list –output tsv -g [Your resource group].

    The VM-ID UUID is the default password for Admin access.

To apply the VM00 license and enable Windows Cloud VMs:
  1. Log into FortiSandbox with the username admin and the password you retrieved from the CLI in the previous step.
  2. Go to FortiSandbox > Dashboard and click Upload License to upload your license.

    When a license file is loaded, the FortiSandbox Azure instance reboots.

    When the FortiSandbox Azure instance finishes rebooting, the VM License icon changes to green.

  3. Go to Virtual Machine > VM Images and select the WindowsCloudVM.
  4. Click Edit Clone Number to assign a clone number and enable the Windows Cloud VM.

    Note

    As with FortiSandbox appliance, the FortiSandbox license must be generated matching the port1 IP of the instance. Go to Network > Interfaces to check the port1 IP address assigned by Azure.

FortiSandbox VM and Windows Cloud VMs topology

FortiSandbox VM Port Usage

Type

Service

Port

FortiGate OFTP TCP/514
FortiClient File Analysis TCP/514
Others

 

 

 

SSH CLI Management TCP/22
Telnet CLI Management TCP/23
Web Admin TCP/80, TCP/443

OFTP Communication with FortiGate and FortiMail

TCP/514

Third-Party Proxy Server for ICAP Servers (ICAP)

TCP/1344

Third-Party Proxy Server for ICAP Servers (ICAPS)

TCP/11344

FortiGuard

 

FortiGuard Distribution Servers

TCP/8890

FortiGuard Web Filtering Servers

UDP/53, UDP/8888

FortiSandbox Community Cloud

Upload Detected Malware Information

TCP/443, UDP/53

FortiSandbox WindowsCloudVM

Serving WindowsVM on cloud for FSA-VM to perform sandboxing

TCP/443

Deploying FortiSandbox VM on Azure (Basic)

To deploy FortiSandbox VM on Azure with Windows Cloud VMs:
  1. Go to Azure Marketplace and search for Fortinet FortiSandbox.

    Screenshot displaying the Azure Wizard search for Fortinet Sandbox

  2. Select a software plan and then click Create to start the setup wizard.

    If you select Fortinet FortiSandbox-VM for Azure BYOL, you must provide your own licenses.

    Screenshot displaying the Azure Wizard search for Fortinet Sandbox

  3. In the setup wizard, click Create.
  4. Configure the virtual machine.

    Screenshot displays Azure Wizard with information required for FSA VM

    Resource group Create a new resource group.
    Virtual machine name Name of the VM.
    Region VM region.
    Size

    Select the VM instance type. We recommend Standard A4 v2 for speed and storage capacity.

    FortiSandbox on Azure uses the temporary disk (provided free by the VM) to store and process job files. A secondary disk is not required.

    Authentication type Click Password or SSH public key.
    Username Enter a secondary admin user; the default Admin user is always created.
  5. Click Review + Create.
  6. When the setup wizard has validated your information, click Create.

    Wait a few minutes for the FortiSandbox VM to become available.

    Screenshot displaying validation passed in Azure

  7. When the VM is available, click Go to resource to go to the VM.

    Screenshot displaying the successful deployment of FSA for Azure

  8. Use the Public IP address assigned to the FortiSandbox to access from HTTPS.

  9. Get the default admin password for the FortiSandbox VM using the Azure CLI command az vm list –output tsv -g [Your resource group].

    The VM-ID UUID is the default password for Admin access.

To apply the VM00 license and enable Windows Cloud VMs:
  1. Log into FortiSandbox with the username admin and the password you retrieved from the CLI in the previous step.
  2. Go to FortiSandbox > Dashboard and click Upload License to upload your license.

    When a license file is loaded, the FortiSandbox Azure instance reboots.

    When the FortiSandbox Azure instance finishes rebooting, the VM License icon changes to green.

  3. Go to Virtual Machine > VM Images and select the WindowsCloudVM.
  4. Click Edit Clone Number to assign a clone number and enable the Windows Cloud VM.

    Note

    As with FortiSandbox appliance, the FortiSandbox license must be generated matching the port1 IP of the instance. Go to Network > Interfaces to check the port1 IP address assigned by Azure.

FortiSandbox VM and Windows Cloud VMs topology

FortiSandbox VM Port Usage

Type

Service

Port

FortiGate OFTP TCP/514
FortiClient File Analysis TCP/514
Others

 

 

 

SSH CLI Management TCP/22
Telnet CLI Management TCP/23
Web Admin TCP/80, TCP/443

OFTP Communication with FortiGate and FortiMail

TCP/514

Third-Party Proxy Server for ICAP Servers (ICAP)

TCP/1344

Third-Party Proxy Server for ICAP Servers (ICAPS)

TCP/11344

FortiGuard

 

FortiGuard Distribution Servers

TCP/8890

FortiGuard Web Filtering Servers

UDP/53, UDP/8888

FortiSandbox Community Cloud

Upload Detected Malware Information

TCP/443, UDP/53

FortiSandbox WindowsCloudVM

Serving WindowsVM on cloud for FSA-VM to perform sandboxing

TCP/443