This document discusses the encapsulation of network traffic on the Advanced Threat Defense appliance.
Reminds me of a working derivate of Sandbox called Fortigate Fortisandbox. Maybe NOT a good term to use in Mcafee marketing guys!
The network segragation example is very simple. Could you add another example showing how to use three network interfaces on the ATD; 1) management interface, 2) service subnet for malware submissions from TIE, NSP, MWG (and DXL if that is possible), 3) dirty malware interface.
BTW. Please write date and version number in the document to distinguish versions from each other.
Thanks for the feedback. We will take a look into adding a section into the Whitepaper discussing a best practice scenario for configuring the NICs.
I believe you can do this by using the route add command to configure Eth1 with an IP address that is routable from the integrated solutions (tie/dxl, nsp, etc), and use that IP on Eth1 as the destination IP for the integrated solutions, and then the 'set malware-intfport' for eth2 for traffic generated from the analyser VMs..with all the other operational settings (DNS, LDAP, etc) on eth0.
I think? It's been a long time I have not used one tbh