Virtual Machine Interface Overview
Focus
Focus
Advanced WildFire Powered by Precision AI™

Virtual Machine Interface Overview

Table of Contents

Virtual Machine Interface Overview

Where Can I Use This?What Do I Need?
  • WildFire Appliance
  • WildFire License
The VM interface (labeled 1 on the back of the appliance) is used by WildFire to improve malware detection capabilities. The interface allows a sample running on the WildFire virtual machines to communicate with the Internet so that the WildFire appliance can better analyze the behavior of the sample file to determine if it exhibits characteristics of malware.
  • While it is recommended that you enable the VM interface, it is very important that you do not connect the interface to a network that allows access to any of your servers/hosts because malware that runs in the WildFire virtual machines could potentially use this interface to propagate itself.
  • This connection can be a dedicated DSL line or a network connection that only allows direct access from the VM interface to the Internet and restricts any access to internal servers/client hosts.
  • The VM interface on WildFire appliances operating in FIPS/CC mode is disabled.
The following illustration shows two options for connecting the VM interface to the network.
Virtual Machine Interface Example
  • Option-1 (recommended)—Connect the VM interface to an interface in a dedicated zone on a firewall that has a policy that only allows access to the Internet. This is important because malware that runs in the WildFire virtual machines can potentially use this interface to propagate itself. This is the recommended option because the firewall logs will provide visibility into any traffic that is generated by the VM interface.
  • Option-2—Use a dedicated Internet provider connection, such as a DSL, to connect the VM interface to the Internet. Ensure that there is no access from this connection to internal servers/hosts. Although this is a simple solution, traffic generated by the malware out the VM interface will not be logged unless you place a firewall or a traffic monitoring tool between the WildFire appliance and the DSL connection.