Appendix D - Create a Customized Virtual Machine Image Using Pre-Configured VMs
Please note there are multiple methods to create and configure custom Virtual Machines. For AWS and Azure cloud implementations, please consult the FortiSandbox VM on AWS and FortiSandbox VM on Azure Guides.
For FSA-2000E and FSA-3000E, the maximum number of clones for default VMs and optional VMs is limited by the Windows license and the number of stacked licenses provided by Fortinet.
For customized VMs, the maximum number of clones is 20 on FSA-2000E and 48 on FSA- 3000E.
Activate all customized VMs before uploading to the unit. Purchase licenses from Microsoft distributors to do activation.
We recommend the customized VM image size to be less than 10GB.
The guest VM images published by Fortinet might not reflect the user’s working environment. For example, on current Windows 8 and Windows 10 images, no Microsoft Office software is installed. FortiSandbox allows users to create their own guest image, install software running in their environment, and upload the image to the unit to scan files. Specifically, users can create the guest image on top of their Golden Image or Master Image to best simulate their OS installations. This document provides step-by-step instructions on how to create and configure them.
You can choose to use the VMs provided by Fortinet or create your own. If you would like to create your own VM, see Appendix E - Create a Customized Virtual Machine Image Using Your Own ISO.
Fortinet prepared a base set of supported VM images for customers to create their own customized images more easily. These images have complete VirtualBox configurations and necessary software. The customer needs to:
- Download and install Oracle VM Virtual Box 5.1.XX and open the base image and create a clone image of it.
- Activate the base Windows image with valid license key.
- Install software and components that meet their environment on the base image.
For detailed instructions, please refer to steps below. These base images can be downloaded from:
32 or 64 bit image
Their checksum value can be found at: https://fsavm.fortinet.net/vmtools/md5.txt
1. Download, install Oracle VM Virtual Box 5.1, open the base image and create a clone
VirtualBox 5.1 can be downloaded from https://fsavm.fortinet.net/vmtools/VirtualBox-5.1.34-121010-Win.exe. The checksum value can be found at https://fsavm.fortinet.net/vmtools/md5.txt
For help with VirtualBox installation and troubleshooting, please refer to The Virtual Box Manual.
VirtualBox is an open source software and licensed under GNU General Public License V2 license. The detailed information of its license can be found at https://www.virtualbox.org/wiki/Licensing_FAQ
Mac OS is not supported.
2. Install Software and Components on the Customized VM Image
After a clone of the base image is created, the user can install applications and components required in their environment on the clone image. They can be but not limited to the following list:
- .Net Framework
- Microsoft Office suite
- Adobe Acrobat Reader
There are two ways to install them:
- Put their installers on a computer in management network that VM image can download through http, ftp protocols or network share. This requires network settings of VM image to be configured to access hosting computer.
- Package their installation package as an ISO file in the VirtualBox Manager, select the VM image, click Settings button or right click on the VM image name to open Settings page.
Go to the Storage page > Empty optical drive node > disk icon > Chose a virtual CD/DVD disk file, select the ISO file. Then inside the VM image, go to drive D to install the software.
After installation of a software or component, go to Control Panel > Add or Remove Programs on Windows XP or Control Panel > Programs and Features in Windows 7, 8, and 10 to verify that the installation is successful.
Automatic update of software should be disabled. For details, please refer to software’s manual. For example, to disable automatic update on Acrobat Adobe Reader, refer to https://helpx.adobe.com/acrobat/kb/automatic-updates---acrobat-reader.html
Use a text editor and create a meta file, enter in the installed applications for this VM image. The meta file will be used later and its content is displayed in the Scan Profile > Installed Applications of FortiSandbox.
It is recommended that installed software should be launched at least once to make sure they can open smoothly. Certain software needs to be configured to associate with the file types as the default application. For example, Adobe Reader needs to be launched after installation to be the default PDF application.
For Windows 10, the default web browser is Windows Edge which FortiSandbox does not currently support. It is recommended to change the default web browser to be Internet Explorer. To do that:
- Go to Start > Settings > System > Default apps.
- Click Web Browser in the right pane and select Internet Explorer.
Windows OS and other installed software should be activated.
Fortinet is not responsible for software’s support and their license rights.
3. Setup FortiSandbox Tracer Engine Launcher
- Open an editor, such as Notepad and type in the following scripts:
if not exist d:\launcher.bat (
echo Wait for d:\launcher.bat
rem sleep 5
ping -n 5 127.0.0.1 >nul
start /min d:\launcher.bat
- Save the file as
autorun.baton your Desktop.
- Find the
autorun.batfile on your Desktop, and Right-click > Cut.
- On Windows XP and Windows 7, go to Start > All Programs > Startup > Right-click > Open All Users. Windows Explorer will open. Paste the
On Windows 8 and Windows 10, go to Start > Run..., enter shell:startup to open the startup folder. paste the
D:\directory for the
autorun.batfile is created after the VM image is uploaded.
4. Install the Customized VM Image to FortiSandbox and Apply It
- Put the VM image’s
.vdifile and its meta file from Step 4 to a server that supports
In the FortiSandbox CLI interface:
- execute CLI command
Machine uuidcan be found in
.vboxfile of the image build directory, such as
- If a customized VM image of the same name exists on the unit, the installation will fail. Go to the VM Image page and set its clone number to
0. Click Apply to disable existing images. Use
–rto replace the existing one with new one. The Scan Profile settings for the image will be inherited.
- The installation process can take up to one hour, depending on unit model and network speed. If installation fails or stops unexpectedly, execute the command again.
- It is optional to upload the meta file. The information in the meta file will be displayed in the Installed Applications area in Scan Profile page of the FortiSandbox. To install it, execute CLI command
vm-customized -cf -mproduct.list –t<ftp|scp> –s<server_ip> –u<username> -p<password> -f</meta_file_path/meta_file_name> –vn<custom_vm_name> -mproduct.list
custom_vm_nameshould be the same as step a.
- The unit will reboot after installation.
- execute CLI command
- After unit reboots, user can enable it by setting up its clone number to be more than
0in the VM Image page and associate file types in the Scan Profile page to scan files.
For example, the above is a Windows 7 customized image. It has an image file editor called FastStone Image Viewer and it is associated to open JPG files. The user can create a User defined extension for JPG files and associate it to this customized image. Subsequently, all JPG files will be scanned by this customized image and opened by the FastStone Image Viewer.