Configure Network Exit
Geographic location is often an important issue for malware analysis. Some types of malware behave differently depending on geographic location, while other types may target a specific area. Similar in concept to VPN, the Network Exit setting (v2.4.3 and later) makes any outgoing network that is generated during sample analysis appear to exit from that location. Configuration files are automatically distributed and there is no need for suport staff to manually install or update them.
Note |
If you were previously using tg-tunnel, you must allow outbound traffic to 4.14.36.142:21413 and 63.97.201.68:21413 before installing v2.4.3; otherwise, that traffic only needs to be permitted before enabling remote exit use. |
Procedure
Step 1 |
In the OpAdmin portal, click Configuration > Network Exit. |
||
Step 2 |
In the Network Exit Mode field, choose Local Only, Remote Only, Allow Both, or Simulated Only. This field determines the Network Exit options that will be available in the application, such as when submitting samples in the UI. If you select Local Only or Remote Only, the application only makes those options available to users. If you select Simulated Only, the API and UI users cannot select any option to send network traffic from virtual machines to destinations outside of the local Threat Grid Appliance. Accessing private networks, even for DNS lookup, is not allowed even for Network Exit. All malware traffic comes out of the Dirty interface, using the Dirty DNS server configured.
|