Fortinet Document Library

Version:


Table of Contents

FortiSandbox VM on Azure

3.1.0
Download PDF
Copy Link

Deploying FortiSandbox VM on Azure (Basic)

To deploy FortiSandbox VM on Azure with Windows Cloud VMs:
  1. Search Fortinet FortiSandbox on Azure Marketplace.

    Screenshot displaying the Azure Wizard search for Fortinet Sandbox

  2. Select GET IT Now and confirm the terms of use by selecting Continue.
    The setup wizard will launch.
  3. On the Setup Wizard, select Create to proceed.

    Screenshot displaying the creation of FSA VM in the Azure Wizard

  4. Enter the required information into the Wizard:
    Resource group Create a new resource group.
    Virtual machine name Provide the name for this VM.
    Region Select your VM region.
    Size

    Adjust the VM instance type; recommended Standard A4 v2 for speed and storage capacity.

    Note

    The FSA on Azure uses the temporary disk (freely provided by the VM) to store and process job files. A secondary disk is not required.

    Username A secondary admin user; the default Admin user is always created.
    Authentication type The SSH public key or password being used.

    Screenshot displays Azure Wizard with information required for FSA VM

  5. Select Review + Create.
    Once the Setup Wizard has validated your information, select Create.

    Screenshot displaying validation passed in Azure

  6. Your FortiSandbox VM should become available within five minutes.
    Once available, click the link to go to the virtual machine. You can find the public IP address assigned to the FortiSandbox that you can use for access from HTTPS.

    Screenshot displaying the successful deployment of FSA for Azure

  7. Get the default admin password for the FortiSandbox VM through the Azure CLI.
    The VM-ID UUID is the default password for Admin access.

To apply the VM00 license and enable Windows Cloud VMs:
  1. Log into FortiSandbox with the username admin and the password you retrieved from the CLI in the previous step.
  2. Go to the FortiSandbox Dashboard and select Upload License.
    Once a license file has been loaded, the FortiSandbox Azure instance will be rebooted.

  3. Go to Virtual MachineVM Images and select the WindowsCloudVM.
  4. Select Edit Clone Number to assign a clone number and enable the Windows Cloud VM.

    Note

    As with FortiSandbox appliance, the FSA license must be generated matching the port1 IP of the instance. Go to NetworkInterfaces to check the port1 IP address assigned by Azure.

FortiSandbox VM and WindowsCloudVMs topology

FortiSandbox VM Port Usage

Type

Service

Port

FortiGate OFTP TCP/514
FortiClient File Analysis TCP/514
Others

 

 

 

SSH CLI Management TCP/22
Telnet CLI Management TCP/23
Web Admin TCP/80, TCP/443

OFTP Communication with FortiGate and FortiMail

TCP/514

Third-Party Proxy Server for ICAP Servers (ICAP)

TCP/1344

Third-Party Proxy Server for ICAP Servers (ICAPS)

TCP/11344

FortiGuard

 

FortiGuard Distribution Servers

TCP/8890

FortiGuard Web Filtering Servers

UDP/53, UDP/8888

FortiSandbox Community Cloud

Upload Detected Malware Information

TCP/443, UDP/53

FortiSandbox WindowsCloudVM

Serving WindowsVM on cloud for FSA-VM to perform sandboxing

TCP/443

Deploying FortiSandbox VM on Azure (Basic)

To deploy FortiSandbox VM on Azure with Windows Cloud VMs:
  1. Search Fortinet FortiSandbox on Azure Marketplace.

    Screenshot displaying the Azure Wizard search for Fortinet Sandbox

  2. Select GET IT Now and confirm the terms of use by selecting Continue.
    The setup wizard will launch.
  3. On the Setup Wizard, select Create to proceed.

    Screenshot displaying the creation of FSA VM in the Azure Wizard

  4. Enter the required information into the Wizard:
    Resource group Create a new resource group.
    Virtual machine name Provide the name for this VM.
    Region Select your VM region.
    Size

    Adjust the VM instance type; recommended Standard A4 v2 for speed and storage capacity.

    Note

    The FSA on Azure uses the temporary disk (freely provided by the VM) to store and process job files. A secondary disk is not required.

    Username A secondary admin user; the default Admin user is always created.
    Authentication type The SSH public key or password being used.

    Screenshot displays Azure Wizard with information required for FSA VM

  5. Select Review + Create.
    Once the Setup Wizard has validated your information, select Create.

    Screenshot displaying validation passed in Azure

  6. Your FortiSandbox VM should become available within five minutes.
    Once available, click the link to go to the virtual machine. You can find the public IP address assigned to the FortiSandbox that you can use for access from HTTPS.

    Screenshot displaying the successful deployment of FSA for Azure

  7. Get the default admin password for the FortiSandbox VM through the Azure CLI.
    The VM-ID UUID is the default password for Admin access.

To apply the VM00 license and enable Windows Cloud VMs:
  1. Log into FortiSandbox with the username admin and the password you retrieved from the CLI in the previous step.
  2. Go to the FortiSandbox Dashboard and select Upload License.
    Once a license file has been loaded, the FortiSandbox Azure instance will be rebooted.

  3. Go to Virtual MachineVM Images and select the WindowsCloudVM.
  4. Select Edit Clone Number to assign a clone number and enable the Windows Cloud VM.

    Note

    As with FortiSandbox appliance, the FSA license must be generated matching the port1 IP of the instance. Go to NetworkInterfaces to check the port1 IP address assigned by Azure.

FortiSandbox VM and WindowsCloudVMs topology

FortiSandbox VM Port Usage

Type

Service

Port

FortiGate OFTP TCP/514
FortiClient File Analysis TCP/514
Others

 

 

 

SSH CLI Management TCP/22
Telnet CLI Management TCP/23
Web Admin TCP/80, TCP/443

OFTP Communication with FortiGate and FortiMail

TCP/514

Third-Party Proxy Server for ICAP Servers (ICAP)

TCP/1344

Third-Party Proxy Server for ICAP Servers (ICAPS)

TCP/11344

FortiGuard

 

FortiGuard Distribution Servers

TCP/8890

FortiGuard Web Filtering Servers

UDP/53, UDP/8888

FortiSandbox Community Cloud

Upload Detected Malware Information

TCP/443, UDP/53

FortiSandbox WindowsCloudVM

Serving WindowsVM on cloud for FSA-VM to perform sandboxing

TCP/443