Fortinet black logo

Setting up a FortiSandbox VM00 as Primary node for high availability

Copy Link
Copy Doc ID 82606edb-b6b8-11ec-9fd1-fa163e15d75b:330135
Download PDF

Setting up a FortiSandbox VM00 as Primary node for high availability

A popular FortiSandbox HA-cluster deployment is based on using FortiSandbox VM00 as a Primary node and one or more FortiSandbox appliances or virtual machines as Worker nodes. A second FortiSandbox VM00 as a Secondary node is highly recommended to make Sandboxing services fault tolerant and configuration simpler.

To set up and operate a healthy and scalable cluster with VM00:
  1. H/W Requirements of Primary and Secondary nodes:

    • Minimum configuration: Set up the with minimum of: 4 vCPU, 8 GB RAM and 200 GB SSD drive.
    • Recommended configuration: 16 vCPU, 32 GB RAM and 1 TB SSD drive.
  2. Network Setup:

    • Make sure that network topology, routing and DNS settings of Primary and Secondary nodes are the same.
    • Configure a cluster level failover IP on all ports to provide Sandboxing accessibility (admin-port, api-port, ICAP and MTA/BCC ports).
    • Enable Promiscuous mode in the hypervisor settings (if applicable) to ensure correct operation of failover IP.
  3. Configurations on Primary and Secondary nodes;

    • Do not install Windows VMs on these nodes. If these nodes already have them installed, set VM clone number to zero (0)
  4. Licenses:

    • Make sure to acquire a Sandbox Threat Intelligence subscription for all the nodes.
    • Additional licenses (such as Windows, Office and Custom VM) are not required on both Primary and Secondary nodes.

Setting up a FortiSandbox VM00 as Primary node for high availability

A popular FortiSandbox HA-cluster deployment is based on using FortiSandbox VM00 as a Primary node and one or more FortiSandbox appliances or virtual machines as Worker nodes. A second FortiSandbox VM00 as a Secondary node is highly recommended to make Sandboxing services fault tolerant and configuration simpler.

To set up and operate a healthy and scalable cluster with VM00:
  1. H/W Requirements of Primary and Secondary nodes:

    • Minimum configuration: Set up the with minimum of: 4 vCPU, 8 GB RAM and 200 GB SSD drive.
    • Recommended configuration: 16 vCPU, 32 GB RAM and 1 TB SSD drive.
  2. Network Setup:

    • Make sure that network topology, routing and DNS settings of Primary and Secondary nodes are the same.
    • Configure a cluster level failover IP on all ports to provide Sandboxing accessibility (admin-port, api-port, ICAP and MTA/BCC ports).
    • Enable Promiscuous mode in the hypervisor settings (if applicable) to ensure correct operation of failover IP.
  3. Configurations on Primary and Secondary nodes;

    • Do not install Windows VMs on these nodes. If these nodes already have them installed, set VM clone number to zero (0)
  4. Licenses:

    • Make sure to acquire a Sandbox Threat Intelligence subscription for all the nodes.
    • Additional licenses (such as Windows, Office and Custom VM) are not required on both Primary and Secondary nodes.