ATD 4.2 made the following changes, which prevents the management interface from being used for potentially malicious or dirty traffic:
- Dirty DNS traffic – This traffic Includes DNS lookups for URL download, from the sandbox VM for analysis, and from the VM for activation, in which you activate Microsoft Windows and Microsoft Office. This traffic is sent to the Malware DNS server via the Malware Interface port.
- If Malware DNS is not set, no DNS lookups are made, and URL download fails.
- Other dirty traffic – All other dirty traffic from/to the sandbox VM, and from/to the VM for activation, follows the Malware Interface port setting.
IMPORTANT: You can assign the Malware Internet Port to any one of mgmt, intfport 1, intfport 2, and intfport 3. If you configure your mgmt port as Malware Internet Port, the dirty traffic is still sent via mgmt port in ATD 4.2 and later.
To separate dirty traffic from your management network, use the mgmt port only for management, and then assign the Malware Internet Port to either intfport 1, 2, or 3.
