NOTE: This section is not applicable to Content Analysis VA and CAS S200 because these models do not support on-box sandboxing.

• Content Analysis on-box sandboxing provides three task firewall options for the IntelliVM analysis environment. Note that these firewall options are not to be confused with the firewall security system on your network.

1. Isolated — No network connectivity
2. Limited — Prevents communications on ports 25 (mail), 139 (NetBIOS), and 445 (SMB)
3. Unlimited — Full network access

• Which firewall setting to use depends on the tradeoffs you are willing to make, as well as your organization's policies and risk tolerance.
• The more network access you allow, the better fidelity of test results because of the wider range of network activities that are recorded. On the other hand, executing live malware samples carries the risk that the sample will attempt to attack internal or external hosts. The default firewall type is Isolated.

NOTE: Which firewall option you choose also depends on whether you configure a dirty line network. If you define a static dirty line network interface, you can safely choose the Unlimited option.