Fortinet black logo

Administration Guide

Home FortiSandbox 4.4.0 Administration Guide
4.4.0
4.4.5
4.4.4
4.4.3
4.4.2
4.4.1
4.4.0
4.2.7
4.2.6
4.2.5
4.2.4
4.2.3
4.2.2
4.2.1
4.2.0
4.0.5
4.0.4
4.0.3
4.0.2
4.0.1
4.0.0
3.2.4
3.2.3
3.2.2
3.2.1
3.2.0
3.1.5
3.1.4
3.1.3
3.1.2
3.1.1
3.1.0
3.0.7
3.0.6

Configuring VM Images

Configuring VM Images

This topic contains information about the settings in the VM Images page, as well as how to set the default browser, and how to view applications installed on a VM.

The Scan Policy and Object > VM Settings page displays the following information:

VM Settings Information

Description

VM Usage

Click View VM Usage to view usage for the past 24 hours.

Installed Apps

Click View Installed Applications to view applications installed on a VM. For more information, see Viewing applications installed on a VM.

Name

Name of the VM image. The name is unique in the system. If you upload a new VM image of the same name, the current installation is replaced.

To see the VM’s usage chart, click the Chart icon beside the Name.

Status

VM image status such as:

  • In-Use

  • Activated

  • Installed

  • Downloading (shows a progress bar)

  • Installing (shows a progress bar)

  • No License

Clone#

VM clone number. Double-click the number to edit it and then click the green checkmark to save the new number. Click Apply to apply the change. The VM system re-initializes.

The total clone number of all VM images cannot exceed the number of installed Windows licenses. For example, for FSA-2000E, the maximum clone number is 24.

We recommend applying more than 8+clone_number*3 of memory on your FSA unit.

Load#

The used VM clone number. For example, if a cluster primary node is set to use 50% of sandboxing scan power, the load # is half of clone #.

Browser

Set the default browser in Local Windows and Custom VMs. The default browser is Microsoft Internet Explorer.

Extensions

List of all the file types the VM image is associated with. It means files of these types will be scanned by this VM if these types are determined to enter the job queue. The system decides if they need to be sandboxed.

If the sandbox prefiltering is turned off for a file type, it will be scanned inside each associated VM type.

If sandbox prefiltering is turned on, files of this file type will be statically scanned first by an advanced analytic engine and only suspicious ones will be scanned inside associated VM types.

You can define file type and VM association in Scan Policy and Object > Scan Profile. You can double-click the value to access the Scan Profile page to edit the list.

When Windows Cloud VM is used in normal mode, file extensions can be modified and displayed. If it is used in overflow mode, only selected local windows VMs will be displayed.

Upload Custom VM

Upload a Custom VM image from the local. For more information, see Setting up a custom VM .

VM Screenshot

Take a screenshot of a running VM and view the filename the VM is scanning. This is only available for a admin users.

When the user admin clicks the VM Screenshot button, all currently running guest images along with the processed file name will be displayed. Click the VM Screenshot button, then the PNG Link button to view a screenshot of running clones. Clicking on the Refresh button in upper-left corner of the popup window will refresh the running image list.

This feature is useful to troubleshoot issues related to guest images.

This button is only available when login user is admin.

VM Details Information

Description

Enabled VM Types

The maximum number of VM types that can concurrently run. The maximum is four on models other than FSA-3000E. The maximum is six on FSA-3000E.
Local Keys Maximum number of Local VM keys including used key numbers and installed key numbers. The Local VMs are limited by the number of installed Windows keys and custom VM contract seats.

Remote Keys

Maximum number of Remote VM keys including used key numbers and installed key numbers. The Remote VMs are limited by the number of Windows Cloud VM and MacOS Cloud VM contract seats.

Clone Number

Maximum clone number and the number of the installed Windows license. For example:

  • FSA-3000E, the maximum clone number is 56.
  • FSA-2000E, the maximum clone number is 24.
  • FSAVM00, the maximum clone number is 8.To expand the unit's scan power, you can purchase cloud Windows VM subscription. Files can be sent to Fortinet Cloud Sandboxing to scan.

For more information, see .

Set the default browser

Set the default browser in Local Windows and Custom VMs. The default browser is Microsoft Internet Explorer.

Supported Browsers and minimum required version:
  • Google Chrome v75.0.3770.80
  • Mozilla Firefox v90.0
  • Microsoft Edge v86.0.622.61
  • Microsoft Internet Explorer
Local Windows VM:

Chrome, FireFox and Edge are not listed if the installed version on the VM is lower than minimum required.

Optional VM:

The Browser setting is only available in the following Optional VMs. These VMs are only available in version 4.2:

  • WIN10O16V4
  • WIN7X86SP1O16V3

  • WIN10O19V1

Download the applicable VM and apply a Windows license accordingly.

Custom VM:

All browsers are listed regardless of whether the browser is installed on the VM. If the configured browser is not installed, the URL will be opened by the default browser. If the configured browser is installed but does not meet the required version, the URL will opened but cannot be scanned properly.

On the Job Detail, the browser used in the VM can be viewed in the Process Information under the Tree View tab.

To set the default browser in a Custom VM:
  1. Go to Scan Policy and Object > VM Settings.
  2. In the Browser column, click the OriginalDefault dropdown, and select a browser from the list.

Remote VM:

This feature is not supported in Remote (Windows, MacOS and Android Cloud VMs) and Local Linux VMs.

Viewing applications installed on a VM

The applications list is available in Default VMs and Optional VMs by default. You can use a meta file to upload a list of applications installed on a custom VM.

To view the applications list for Default and Optional VMs:

  1. Go to Scan Policy and Object > VM Settings. The Installed Apps: <vm-name> dialog opens.

  2. In the Default VMs or Optional VMs section, click View installed apps.

To upload an applications list for Custom VMs:

  1. Go to Scan Policy and Object > VM Settings.

  2. In the Custom VMs section, click View installed apps. The Installed Apps: <vm-name> dialog opens.

  3. Click Choose Fileand navigate to the meta file location.

    Meta file requirements:

    • Apostrophes (') and quotation marks (") are not supported.
    • The maximum number of characters in per line is120.
    • The maximum number of lines in a meta file is 50.
  4. Click Upload meta file. The application list will be displayed in the in theInstalled Apps: <vm-name> dialog.

After the meta file uploaded,

Tooltip

The application list is also available in the VM Association tab.

To view the list, go to Scan Policy and Object >Scan Profiles >VM Association and select a Custom VM.
Previous
Next

Configuring VM Images

This topic contains information about the settings in the VM Images page, as well as how to set the default browser, and how to view applications installed on a VM.

The Scan Policy and Object > VM Settings page displays the following information:

VM Settings Information

Description

VM Usage

Click View VM Usage to view usage for the past 24 hours.

Installed Apps

Click View Installed Applications to view applications installed on a VM. For more information, see Viewing applications installed on a VM.

Name

Name of the VM image. The name is unique in the system. If you upload a new VM image of the same name, the current installation is replaced.

To see the VM’s usage chart, click the Chart icon beside the Name.

Status

VM image status such as:

  • In-Use

  • Activated

  • Installed

  • Downloading (shows a progress bar)

  • Installing (shows a progress bar)

  • No License

Clone#

VM clone number. Double-click the number to edit it and then click the green checkmark to save the new number. Click Apply to apply the change. The VM system re-initializes.

The total clone number of all VM images cannot exceed the number of installed Windows licenses. For example, for FSA-2000E, the maximum clone number is 24.

We recommend applying more than 8+clone_number*3 of memory on your FSA unit.

Load#

The used VM clone number. For example, if a cluster primary node is set to use 50% of sandboxing scan power, the load # is half of clone #.

Browser

Set the default browser in Local Windows and Custom VMs. The default browser is Microsoft Internet Explorer.

Extensions

List of all the file types the VM image is associated with. It means files of these types will be scanned by this VM if these types are determined to enter the job queue. The system decides if they need to be sandboxed.

If the sandbox prefiltering is turned off for a file type, it will be scanned inside each associated VM type.

If sandbox prefiltering is turned on, files of this file type will be statically scanned first by an advanced analytic engine and only suspicious ones will be scanned inside associated VM types.

You can define file type and VM association in Scan Policy and Object > Scan Profile. You can double-click the value to access the Scan Profile page to edit the list.

When Windows Cloud VM is used in normal mode, file extensions can be modified and displayed. If it is used in overflow mode, only selected local windows VMs will be displayed.

Upload Custom VM

Upload a Custom VM image from the local. For more information, see Setting up a custom VM .

VM Screenshot

Take a screenshot of a running VM and view the filename the VM is scanning. This is only available for a admin users.

When the user admin clicks the VM Screenshot button, all currently running guest images along with the processed file name will be displayed. Click the VM Screenshot button, then the PNG Link button to view a screenshot of running clones. Clicking on the Refresh button in upper-left corner of the popup window will refresh the running image list.

This feature is useful to troubleshoot issues related to guest images.

This button is only available when login user is admin.

VM Details Information

Description

Enabled VM Types

The maximum number of VM types that can concurrently run. The maximum is four on models other than FSA-3000E. The maximum is six on FSA-3000E.
Local Keys Maximum number of Local VM keys including used key numbers and installed key numbers. The Local VMs are limited by the number of installed Windows keys and custom VM contract seats.

Remote Keys

Maximum number of Remote VM keys including used key numbers and installed key numbers. The Remote VMs are limited by the number of Windows Cloud VM and MacOS Cloud VM contract seats.

Clone Number

Maximum clone number and the number of the installed Windows license. For example:

  • FSA-3000E, the maximum clone number is 56.
  • FSA-2000E, the maximum clone number is 24.
  • FSAVM00, the maximum clone number is 8.To expand the unit's scan power, you can purchase cloud Windows VM subscription. Files can be sent to Fortinet Cloud Sandboxing to scan.

For more information, see .

Set the default browser

Set the default browser in Local Windows and Custom VMs. The default browser is Microsoft Internet Explorer.

Supported Browsers and minimum required version:
  • Google Chrome v75.0.3770.80
  • Mozilla Firefox v90.0
  • Microsoft Edge v86.0.622.61
  • Microsoft Internet Explorer
Local Windows VM:

Chrome, FireFox and Edge are not listed if the installed version on the VM is lower than minimum required.

Optional VM:

The Browser setting is only available in the following Optional VMs. These VMs are only available in version 4.2:

  • WIN10O16V4
  • WIN7X86SP1O16V3

  • WIN10O19V1

Download the applicable VM and apply a Windows license accordingly.

Custom VM:

All browsers are listed regardless of whether the browser is installed on the VM. If the configured browser is not installed, the URL will be opened by the default browser. If the configured browser is installed but does not meet the required version, the URL will opened but cannot be scanned properly.

On the Job Detail, the browser used in the VM can be viewed in the Process Information under the Tree View tab.

To set the default browser in a Custom VM:
  1. Go to Scan Policy and Object > VM Settings.
  2. In the Browser column, click the OriginalDefault dropdown, and select a browser from the list.

Remote VM:

This feature is not supported in Remote (Windows, MacOS and Android Cloud VMs) and Local Linux VMs.

Viewing applications installed on a VM

The applications list is available in Default VMs and Optional VMs by default. You can use a meta file to upload a list of applications installed on a custom VM.

To view the applications list for Default and Optional VMs:

  1. Go to Scan Policy and Object > VM Settings. The Installed Apps: <vm-name> dialog opens.

  2. In the Default VMs or Optional VMs section, click View installed apps.

To upload an applications list for Custom VMs:

  1. Go to Scan Policy and Object > VM Settings.

  2. In the Custom VMs section, click View installed apps. The Installed Apps: <vm-name> dialog opens.

  3. Click Choose Fileand navigate to the meta file location.

    Meta file requirements:

    • Apostrophes (') and quotation marks (") are not supported.
    • The maximum number of characters in per line is120.
    • The maximum number of lines in a meta file is 50.
  4. Click Upload meta file. The application list will be displayed in the in theInstalled Apps: <vm-name> dialog.

After the meta file uploaded,

Tooltip

The application list is also available in the VM Association tab.

To view the list, go to Scan Policy and Object >Scan Profiles >VM Association and select a Custom VM.
Previous
Next