2.12. VM Firewall¶
VM Firewall is a service that controls communication among VMs.
The following features are available for VM Firewall.
|VM Firewall||A feature that controls communication among the target VMs.|
You can specify following conditions per each rule.
|Action Type||Selectable from “Allow” or “Deny”|
|Direction||Selectable from “Outgoing” or “Incoming”|
|Frame Type||Selectable from “IP”, “ARP” or “Other”|
|Protocol||Selectable from “ICMP”, “TCP” or “UDP”|
|Source IP address||You can specify Source IP address and subnet mask. Multiple IP addresses or an IP address range is possible for IP address.|
|Source Port number||You can specify source Port number.|
|Destination IP address||You can specify Destination IP address and subnet mask. Multiple IP addresses or an IP address range is possible for IP address.|
|Destination Port number||You can specify Destination Port number can be specified.|
2.12.3. Restrictions¶Restrictions relating to OS and resources
- The following table shows the system requirements of software agent. Availability of service providing also depends on supported OS of Enterprise Cloud itself and kernel version of Linux OS. You should ask NTT Com Group about availability.
|Memory size||Minimum Value: 512 MB|
|Disk size||Minimum Value: 1GB|
|OS||Windows||Windows 8 (32bit/64bit)|
|Windows server 2012 (64bit)|
|Windows 7 (32bit/64bit)|
|Windows server 2008 R2 (64bit)|
|Windows Server 2008 (32bit/64bit)|
|Windows Vista (32bit/64bit)|
|Windows Server 2003 SP1 (32bit/64bit) with patch “Windows Server 2003 Scalable Networking Pack”|
|Windows XP (32bit/64bit)|
|Linux||Red Hat 5 (32bit/64bit)|
|Red Hat 6 (32bit/64bit)|
|CentOS 5 (32bit/64bit)|
|CentOS 6 (32bit/64bit)|
|SuSE 10 (32bit/64bit)|
|SuSE 11 (32bit/64bit)|
|Ubuntu 10.04 LTS (64bit)|
|Ubuntu 12.04 LTS (64bit)|
- You are responsible for the installation of agents to their VMs.
- You cannot use other antivirus software than VM Anti-Virus together with this service. Make sure to uninstall other antivirus software before using this service.
- Do not upload agents by mounting ISO image files or CD/DVD drives, when uploading it to the VMs.
- When the target VM is in a segment which is not directly connected to the vFW/INA, an additional server segment is required to directly connect the vFW/INA and the VM.
- Only NTT Com Group can specify rule names of VM Firewall; you cannot specify them.
- You are responsible for activation confirmation (constant monitoring) of agents.
- Please set IPv6 to ON or OFF correctly when using VM Anti-Virus.
- Traffic below is blocked in any mode settings.
- TCP connections over 100,000
- UDP connections over 100,000
- Unusual traffic which is not based on RFC or suspected to be inaccurate.
- No IP header
- Source IP and Destination IP are the same
- Text which is not available for URI
- Using character “/” over 100
- Using ”../../” above route
- And there will be blocking resulting from the shortage of compute resource.
- Please use a VM without this service installed for Create Template feature of Private Catalog menu. If a template is created from a VM where the agent is installed or installation and activation is completed, when a VM is replicated from that template, this service will no longer be available for the newly replicated VM and the VM used for creating that template. The same applies when used for image backup.
- VM Firewall does not guarantee that the provided VM Firewall feature has integrity or accuracy, or is suitable for your use.
- The following information might be provided to the developers or distributors of the devices making up the VM Firewall feature.
- Configuration information obtained from providing VM Firewall
- Configuration information obtained from controlling VM Firewall
- We cannot guarantee recovery from failures that might occur due to incompatibility between the VM Firewall feature and your environment, or failures that occur due to your operations other than those specified by NTT Com group.