Fortinet Document Library

Version:


Table of Contents

FortiSandbox VM on Azure

3.1.0
Download PDF
Copy Link

Optional: Creating a custom VM on Azure

To create a storage blob for the custom image:
  1. Create a new Resource Group in the Azure portal.
  2. Create a Storage Account under the new Resource Group.
  3. Locate your blob key on the Access Keys page.

  4. Create a Blob on the Storage Account.
  5. Go to the Properties page of the Blob and get the URL.

  6. Use the azcopy command in the Azure CLI to copy the prebuilt custom VM to your new blob.
    $ azcopy --source [above_WIN7X86/WIN7X64_link] --destination \
    https://[your _blob_URL]/win7/WIN7X86VM.vhd --dest-key \
    [your_storage_account_key]

  7. Once the windows VHD been copied to your own blob, create a volume from the VHD image in the Azure CLI.
    $ az image create --name win7x86imagetest --resource-group testwinvm --location canadacentral --os-type Windows --source 
    https://customvm.blob.core.windows.net/mywin7/WIN7X86VM.vhd 
To create the custom VM:
  1. In the Azure portal, go to the details page of the created image. Select Create VM.
  2. Follow the Wizard to create a Windows VM, selecting RDP as the inbound port.

  3. Once your VM resource is ready, select the VM name and find the public IP address, then connect to it using RDP (Windows Remote Desktop Protocol).
    • The deployment window will indicate that deployment is underway or has failed, however, this can be ignored as the VM will actually be up and reachable.

    • You can check the VM status screenshot on the Boot Diagnostics page to confirm the status of the VM.

  4. Activate the Windows image through the Windows command prompt:
    slmgr.vbs -ipk 00000-00000-00000-00000-00000
    slmgr.vbs -ato
  5. If required, you can customize the VM.
  6. Shut down the VM (example: cmd: shutdown -s -f -t 5).
    If the VM deployment task is still running, it should be canceled.

  7. In the Resource Group pane for the VM in Azure portal, Delete the virtual machine. Do not delete anything else.
  8. Once deleted, go to the details of the disk assigned to the VM and select Disk Export. Confirm and generate the export download link for the VHD file.

  9. Use the azcopy command in the Azure CLI to import the customized windows VHD image into your Azure blob.
    $ azcopy --source [above_VHD_export_link] --destination \
      https://[your_blob_URL]/win7/customizedWIN7X86VM.vhd \
    --dest-key [your_storage_account_key]
    
  10. The customized Windows VM is now ready for FSA Azure.

    To import your custom VM into FSA Azure, use the vm-customized command in the FSA CLI.
    For example:

    > azure-vm-customized -cn -voWindows7_64 -vnWIN7X64VMvhd -s[Subscription ID] -g[this_resource_group_name] -a[this_storage_account_name] -k[this_storage_account_key] -fcustomwinvm -bcustomizedWIN7X64VM.vhd -r
    
    > azure-vm-customized -cn -voWindows7 -vnWIN7X86VMvhd -s[Subscription ID] -g[this_resource_group_name] -a[this_storage_account_name] -k[this_storage_account_key] -f[this_blob_name] -bcustomizedWIN7X86VM.vhd -r

Optional: Creating a custom VM on Azure

To create a storage blob for the custom image:
  1. Create a new Resource Group in the Azure portal.
  2. Create a Storage Account under the new Resource Group.
  3. Locate your blob key on the Access Keys page.

  4. Create a Blob on the Storage Account.
  5. Go to the Properties page of the Blob and get the URL.

  6. Use the azcopy command in the Azure CLI to copy the prebuilt custom VM to your new blob.
    $ azcopy --source [above_WIN7X86/WIN7X64_link] --destination \
    https://[your _blob_URL]/win7/WIN7X86VM.vhd --dest-key \
    [your_storage_account_key]

  7. Once the windows VHD been copied to your own blob, create a volume from the VHD image in the Azure CLI.
    $ az image create --name win7x86imagetest --resource-group testwinvm --location canadacentral --os-type Windows --source 
    https://customvm.blob.core.windows.net/mywin7/WIN7X86VM.vhd 
To create the custom VM:
  1. In the Azure portal, go to the details page of the created image. Select Create VM.
  2. Follow the Wizard to create a Windows VM, selecting RDP as the inbound port.

  3. Once your VM resource is ready, select the VM name and find the public IP address, then connect to it using RDP (Windows Remote Desktop Protocol).
    • The deployment window will indicate that deployment is underway or has failed, however, this can be ignored as the VM will actually be up and reachable.

    • You can check the VM status screenshot on the Boot Diagnostics page to confirm the status of the VM.

  4. Activate the Windows image through the Windows command prompt:
    slmgr.vbs -ipk 00000-00000-00000-00000-00000
    slmgr.vbs -ato
  5. If required, you can customize the VM.
  6. Shut down the VM (example: cmd: shutdown -s -f -t 5).
    If the VM deployment task is still running, it should be canceled.

  7. In the Resource Group pane for the VM in Azure portal, Delete the virtual machine. Do not delete anything else.
  8. Once deleted, go to the details of the disk assigned to the VM and select Disk Export. Confirm and generate the export download link for the VHD file.

  9. Use the azcopy command in the Azure CLI to import the customized windows VHD image into your Azure blob.
    $ azcopy --source [above_VHD_export_link] --destination \
      https://[your_blob_URL]/win7/customizedWIN7X86VM.vhd \
    --dest-key [your_storage_account_key]
    
  10. The customized Windows VM is now ready for FSA Azure.

    To import your custom VM into FSA Azure, use the vm-customized command in the FSA CLI.
    For example:

    > azure-vm-customized -cn -voWindows7_64 -vnWIN7X64VMvhd -s[Subscription ID] -g[this_resource_group_name] -a[this_storage_account_name] -k[this_storage_account_key] -fcustomwinvm -bcustomizedWIN7X64VM.vhd -r
    
    > azure-vm-customized -cn -voWindows7 -vnWIN7X86VMvhd -s[Subscription ID] -g[this_resource_group_name] -a[this_storage_account_name] -k[this_storage_account_key] -f[this_blob_name] -bcustomizedWIN7X86VM.vhd -r