ZyWALL Series CLI Reference Guide
346
CHAPTER 41
Sandboxing
This chapter introduces and shows you how to configure sandboxing.
41.1 Sandboxing Overview
The Zyxel Device sandboxing is a security mechanism, which provides a safe environment to separate
running programs from your network and host devices. Unknown or untrusted programs/codes are
executed within an isolated virtual machine (VM) to monitor and analyze the zero-day malware and
advanced persistent threats (APTs) that may evade the Zyxel Device protection, such as anti-malware.
When a file with malicious or suspicious codes is detected, the Zyxel Device can take specific actions on
the threats.
41.2 Sandbox Commands
The following table describes general sandbox commands. You must use the configure terminal
command to enter the configuration mode before you can use these commands.
Table 190 Sandbox Commands
COMMAND DESCRIPTION
sandbox dashboard statistics flush
Clears the collected sandboxing statistics displayed on the web GUI
dashboard.
sandbox file-scanning-log {log |
log-alert | no}
Generates a log, log and alert or neither (no) when a file is being scanned.
sandbox file-send-log {log | log-
alert | no}
Generates a log, log and alert or neither (no) when a file is sent for sandboxing
inspection.
[no] sandbox file-type {archives |
chm | eicar | executables |
macromedia-flash-data | ms-office-
document | pdf | rtf | unknow-
type}
Specifies the type of files to be sent for sandboxing inspection.
The no command sets the Zyxel Device to not send the specified type of files for
sandboxing inspection.
sandbox malicious-action malicious
{allow | destroy} {log | log-alert
| no}
Sets whether the Zyxel Device deletes (destroy) or forwards (allow)
malicious files. This also sets the Zyxel Device to generate a log, log and alert or
neither (no) when a malicious file is detected.
sandbox malicious-action
suspicious {allow | destroy} {log
| log-alert | no}
Sets whether the Zyxel Device deletes (destroy) or forwards (allow)
suspicious files. This also sets the Zyxel Device to generate a log, log and alert or
neither (no) when a suspicious file is detected.
sandbox mdb flush
Removes sandboxing MDB files.
To Next Page
Loading...
