7.5. Application Filtering¶
Note
- Application Filtering is used via Service Interconnectivity. You need to apply separately for Service Interconnectivity.
7.5.1. Available Features¶
| Feature | Overview |
| Application Filtering | A feature that categorizes applications, and blocks communication from specified applications. |
7.5.2. Application Filtering Feature¶
Note
- Please check the following website for the controllable applications.
- The communication addressed to Server Segments targeted for detection is set so that it is routed by vFirewall/Integrated Network Appliance to the Service Interconnect Gateway used for Application Filtering.
- The communication from the Virtual Machine is set so that it is routed by the Virtual Machine on the Server Segment targeted for detection to the Service Interconnect Gateway used for Application Filtering.
- If you perform Ping monitoring on the Virtual Machine, you will require an additional Server Segment for direct connection between vFirewall/Integrated Network Appliance and the Virtual Machine.
Note
- Please do not connect the Server Segments targeted for detection directly to vFirewall/Integrated Network Appliance.
| Item | Performance | Remarks | |
|---|---|---|---|
| Per service | Maximum(5 services used) | ||
| Traffic Processing Capacity | 200 Mbps | 1 Gbps | The total value of uplink and downlink. |
| Number of concurrent sessions | 40,000 | 200,000 | The number of sessions that can be connected simultaneously. |
Note
- You can increase the traffic volume up to 1 Gbps, 200,000 sessions (when 5 services used) by applying additional services. When using more than 2 of service, please contact each NTT Communications affiliate beforehand.
7.5.3. Important Points¶
Used IP Addresses- In order to connect the Service Interconnect Gateway with Application Filtering, you must have two IP address blocks available. If the IP address block is already being used, we might ask you to change it.
- NTT Communications will manage the assigned IP address blocks, and assign IP addresses to the devices that require them.
When the actual traffic volume exceeds the contracted traffic volume, the excess traffic might be discarded.
Packets which break TCP/UDP/IP protocol rules or abnormal packets are discarded as a standard function regardless of customer’s configuration.
(Examples)
- When the IP header is cut off in the middle
- When the Port number is 0 (zero)
- When the TCP flag combination is abnormal and others
If devices making up this feature are replaced due to malfunction etc., you will not be able to check device logs or event reports from prior to the replacement via the Security Web Portal. In addition, if the regular server and the standby server are switched for a redundantly configured device and they are restored without replacing the device, you cannot check the log or the event reports for the period during which the switching occurred from the Security Web Portal.
Application Filtering does not guarantee that the Application Filtering feature has integrity or accuracy, or is suitable for your use. Furthermore, the suitability of the application identification algorithms provided by the developers or distributors of the devices making up the Application Filtering feature is not guaranteed.
The following information might be provided to the developers or distributors of the devices making up the Application Filtering feature.
- Configuration information obtained from providing application filtering
- Information concerning controls etc., for Application Filtering
We cannot guarantee recovery from failures that might occur due to incompatibility between Application Filtering and your environment, or failures that occur due to your operations other than those specified by NTT Communications.
There may be times when the customer’s environment is affected by maintenance services. An advance notice will be sent when there are possible effects to the customer’s environment. This is not applied when we judge the maintenance work urgent to continue service.