Configure the Dirty Line Network for Content Analysis
Article ID: 176170
Content Analysis Software - CACAS-S400CAS-S500
NOTE: This section is not applicable to Content Analysis VA and CAS S200 because these models do not support on-box sandboxing.
The IntelliVM profiles use the dirty line network to access the Internet during analysis.
This connection should not pass through your organization's security measures.
You will need to set up this network before configuring it below.
Although Content Analysis can perform on-box sandboxing without a dirty line network, it is not recommended.
In the On-box Sandboxing screen (Services > Sandboxing > On-box Sandboxing), locate the Dirty Line Network panel.
If you don't have a separate dirty line network, choose Same as Backend for the IP Settings. This option forces the IntelliVMs to use the Backend interface instead of the dirty line interface. The Backend interface is connected to your organization's LAN and is used for the UI connection, system and pattern updates, and base-image activation. This means that your organization's security measures will be applied to the sample analysis and malicious traffic will potentially go through the primary interface.
To configure the dirty line interface:
a.Choose Static for the IP Settings .
b.For Network Interface, select the interface that your dirty line network is connected to (for example, 1:1). Check the Requirements for Dirty Line Interface below.
c.For Default Gateway, enter the IP address of the gateway for the dirty line network. Symantec recommends that you use a separate Internet gateway than your primary ISP.
Click Save Changes.
Requirements for Dirty Line Interface:
The interface specified must be on a dedicated subnet.
No other interfaces can be on the same subnet as the dirty line.
The selected interface will be unavailable for management traffic.