0

I have a quick question. This is more of a concept question than an actual problem, but basically what I'm trying to do is set up a malware analysis lab on one of my company's computers. I already have a base Windows machine with a bunch of VMs for analyzing the malware. Where my problem comes in is that I want the malware I'm analyzing to be able to go out to the internet so it can function properly, but have no chance of reaching the internal network. I am using the Watchguard XTM 2 Series firewall, and would like some input on how I can achieve this. What is the best way to go about doing this? Something like a DMZ so malware traffic can go in and out on the internet, but not come into our main network? I couldnt find any tutorials on how to configure it correctly, but I can do some more searching once I know what I want to do is right. Thank you!

ToxicProxy
  • 23
  • 2

1 Answers1

1

Connect your lab to the Optional interface. That should provide the separation you need. Note that you won't have direct connectivity to the Optional interface from the Trusted interface unless you allow it in your rule set, which would defeat the purpose of segregating the lab.

joeqwerty
  • 109,901
  • 6
  • 81
  • 172
  • Thanks for the reply! Just one more question to make sure. I have Port 0 set up as my External. That gets plugged into the router. Then I set my Optional-1 to Port 2. Just plug the PC with the VMs on it into Port 2 and you think that will be enough? Sorry for the dumb questions, just trying to learn all of this stuff. It can get overwhelming real fast! – ToxicProxy Jun 16 '15 at 20:42
  • I don't remember which port number corresponds to which interface, but connect the External interface into your router, connect the Trusted interface into your production network and plug the Optional interface into your lab network. I believe you're right though, eth0 is External, eth1 is Trusted and eth2 is Optional. – joeqwerty Jun 16 '15 at 20:45
  • Perfect. Thank you so much man! I really appreciate it! – ToxicProxy Jun 16 '15 at 20:52
  • Glad to help... – joeqwerty Jun 16 '15 at 20:54