ON PREMISES SOLUTIONS

Deploy Network Security virtual appliance

This section describes how to deploy Network Security Virtual Appliance, a Sandbox Analyzer component that captures network traffic and submits suspicious samples for behavioral analysis.

To deploy the Network Security Virtual Appliance:

  1. Log in to the GravityZone Control Center.

  2. Go to the Network > Packages page.

  3. Select the Network Security Virtual Appliance check box from the table.

  4. Click the Download button at the upper-left side of the page and select the (VMware OVA) option.

  5. Use your virtualization management tool (for example, vSphere Client) to import the downloaded OVA file into your virtual environment.

  6. In the deployment wizard, select the network interface card (NIC) used for communication with GravityZone and the NIC used for capturing traffic.

  7. Power on the appliance.

  8. From your virtualization management tool, access the console interface of GravityZone SVE SVA Network Security Virtual Appliance.

  9. When prompted for credentials, use root for username and sve for password.

  10. Access the configuration menu by running the following command:

    /opt/bitdefender/bin/nsva-setup
    sandbox-op-nsva.png
  11. Go to Communication server configuration menu option.

  12. Specify the IP address or hostname, and the port of a GravityZone Communication Server.

    Use the following syntax: http://<IP/Hostname>:<Port>. The default port is 8443.

  13. Save the configuration.

Configure Network Sensor to detonate .pcap files

The network sensor can extract content from network capture files (pcap) and automatically send it for detonation to the Sandbox Analyzer instance.

To detonate content from .pcap files:

  1. Log into Network Security virtual appliance.

  2. When prompted for credentials, use root for username and sve for password.

  3. Run the following command:

    /opt/bitdefender/bin/scan-pcap <local pcap path>

    In the above command, <local pcap path> represents the location where the pcap file is uploaded in the Network Security Virtual Appliance.

For other details about using the network sensor, refer to the Policies > Sandbox Analyzer chapter from the GravityZone Administrator's Guide.