[ATP/FLEX] How to set up Sandboxing on Nebula

Zyxel_Jeff

Nebula Control Center provides Sandboxing that can prevent user from downloading programs or files that concludes malicious content to protect user’s safety. You can create a Sandboxing profile in the security service path on Nebula and this article will guide you on how to deploy it.

Configuration steps

1. Navigate to Configure > Firewall > Security Service to enable the Sandboxing profile and edit it.

2. Configure Sandboxing profile

Enabled – Turn ON/OFF the Sandboxing feature.

Log – Create an event log when the sandboxing DB detects there is a malware content.

Policy – Choose Destroy (to delete the malicious file) or Allow (to forward the malicious file).

Inspect selected downloaded files – If enabling this option, the Nebula device would hold the downloaded file (which has never been inspected before) for 2 seconds to inquiry cloud Sandboxing DB and wait for its response to identify whether it is a malicious file or not. But if the process takes longer than 2 seconds, the inspected file may still be forwarded to the customer.      

File submission options – Define which file type should be inspected by sandboxing. Currently, it supports zip, exe, doc, swf, pdf, rtf file types.

Test Result

Once you download malicious files by accident, the traffic will be blocked.

The event log would show sandboxing message to inform you of the malicious file

name, MD5 hash value, etc.