Appendix D - Create a custom VM image using pre-configured VMs
For FSA-2000E and FSA-3000E, the maximum number of clones for default VMs and optional VMs is limited to the Windows license and the number of stacked licenses provided by Fortinet.
For custom VMs, the maximum number of clones is 20 on FSA-2000E and 48 on FSA-3000E.
Activate all custom VMs before uploading to the unit. Purchase licenses from Microsoft distributors to do activation.
We recommend that custom VM image size to be smaller than 10GB.
The guest VM images published by Fortinet might not reflect the user’s working environment. For example, the current Windows 8 and Windows 10 images do not have Microsoft Office software installed. You can create your own guest image, install software running in your environment, and upload the image to the unit to scan files. You can create the guest image on top of your Golden Image or Master Image to best simulate your OS installations. This document provides instructions on how to create and configure them.
You can use the VMs provided by Fortinet or create your own. If you want to create your own VM, see Appendix E - Create a custom VM image using your own ISO.
Fortinet has a base set of supported VM images for customers to create their own customized images more easily. These images have complete VirtualBox configurations and necessary software. The customer needs to:
You can download base images from:
32 or 64 bit image
Their checksums are in https://fsavm.fortinet.net/vmtools/md5.txt
Download VirtualBox from https://download.virtualbox.org/virtualbox/5.2.34/VirtualBox-5.2.34-133893-Win.exe. The checksum is in https://fsavm.fortinet.net/vmtools/md5.txt.
For help with VirtualBox installation and troubleshooting, see the VirtualBox Manual.
VirtualBox is an open source software and licensed under GNU General Public License V2 license. The detailed information of its license can be found at https://www.virtualbox.org/wiki/Licensing_FAQ
Mac OS is not supported.
After a clone of the base image is created, the user can install applications and components required in their environment on the clone image. They can be but not limited to the following list:
- .Net Framework
- Microsoft Office suite
- Adobe Acrobat Reader
There are two ways to install them:
- Put their installers on a computer in management network that VM image can download through http, ftp protocols or network share. This requires network settings of VM image to be configured to access hosting computer.
- Package their installation package as an ISO file in the VirtualBox Manager, select the VM image, click Settings button or right-click the VM image name to open Settings page.
Go to the Storage page > Empty optical drive node > disk icon > Chose a virtual CD/DVD disk file, select the ISO file. Then inside the VM image, go to drive D to install the software.
After installation of a software or component, go to Control Panel > Programs and Features to verify that the installation is successful.
Automatic update of software should be disabled. For details, please refer to software’s manual. For example, to disable automatic update on Acrobat Adobe Reader, refer to https://helpx.adobe.com/acrobat/kb/automatic-updates---acrobat-reader.html.
Use a text editor and create a meta file, enter in the installed applications for this VM image. The meta file will be used later and its content is displayed in the Scan Profile > Installed Applications of FortiSandbox.
It is recommended that installed software should be launched at least once to make sure they can open smoothly. Certain software needs to be configured to associate with the file types as the default application. For example, Adobe Reader needs to be launched after installation to be the default PDF application.
For Windows 10, the default web browser is Windows Edge which FortiSandbox does not currently support. It is recommended to change the default web browser to be Internet Explorer. To do that:
- Go to Start > Settings > System > Default apps.
- Click Web Browser in the right pane and select Internet Explorer.
Windows OS and other installed software should be activated.
Fortinet is not responsible for software’s support and their license rights.
- Open an editor, such as Notepad and type in the following scripts:
if not exist d:\launcher.bat (
echo Wait for d:\launcher.bat
rem sleep 5
ping -n 5 127.0.0.1 >nul
start /min d:\launcher.bat
- Save the file as
autorun.baton your Desktop.
- Find the
autorun.batfile on your Desktop, and Right-click > Cut.
- On Windows 7, go to Start > All Programs > Startup > Right-click > Open All Users. Windows Explorer will open. Paste the
On Windows 8 and Windows 10, go to Start > Run..., enter shell:startup to open the startup folder. paste the
D:\directory for the
autorun.batfile is created after the VM image is uploaded.
- Put the VM image’s
.vdifile and its meta file from Step 4 to a server that supports
In the FortiSandbox CLI interface:
- execute CLI command
Machine uuidis in the
.vboxfile of the image build directory, such as
On Ubuntu, use the command
VboxManage list vms.
- If a customized VM image of the same name exists on the unit, the installation will fail. Go to the VM Image page and set its clone number to
0. Click Apply to disable existing images. Use
–rto replace the existing one with new one. The Scan Profile settings for the image will be inherited.
- The installation process can take up to one hour, depending on unit model and network speed. If installation fails or stops unexpectedly, execute the command again.
- It is optional to upload the meta file. The information in the meta file will be displayed in the Installed Applications area in Scan Profile page of the FortiSandbox. To install it, execute CLI command
vm-customized -cf –t<ftp|scp> –s<server_ip> –u<username> -f</meta_file_path/meta_file_name> –vn<custom_vm_name>
custom_vm_nameshould be the same as step a.
- The unit will reboot after installation.
- execute CLI command
- After unit reboots, user can enable it by setting up its clone number to be more than
0in the VM Image page and associate file types in the Scan Profile page to scan files.
For example, the above is a Windows 7 customized image. It has an image file editor called FastStone Image Viewer and it is associated to open JPG files. The user can create a User defined extension for JPG files and associate it to this customized image. Subsequently, all JPG files will be scanned by this customized image and opened by the FastStone Image Viewer.