2.12. VM Firewall


2.12.1. Overview

VM Firewall is a service that controls communication among VMs.

2.12.2. Features

The following features are available for VM Firewall.
Feature Overview
VM Firewall A feature that controls communication among the target VMs.

You can specify following conditions per each rule.
Items Content
Action Type Selectable from “Allow” or “Deny”
Direction Selectable from “Outgoing” or “Incoming”
Frame Type Selectable from “IP”, “ARP” or “Other”
Protocol Selectable from “ICMP”, “TCP” or “UDP”
Source IP address You can specify Source IP address and subnet mask. Multiple IP addresses or an IP address range is possible for IP address.
Source Port number You can specify source Port number.
Destination IP address You can specify Destination IP address and subnet mask. Multiple IP addresses or an IP address range is possible for IP address.
Destination Port number You can specify Destination Port number can be specified.

2.12.3. Restrictions

Restrictions relating to OS and resources

  • The following table shows the system requirements of software agent. Availability of service providing also depends on supported OS of Enterprise Cloud itself and kernel version of Linux OS. You should ask NTT Com Group about availability.
Items Requirements
Memory size Minimum Value: 512 MB
Disk size Minimum Value: 1GB
OS Windows Windows 8 (32bit/64bit)
Windows server 2012 (64bit)
Windows 7 (32bit/64bit)
Windows server 2008 R2 (64bit)
Windows Server 2008 (32bit/64bit)
Windows Vista (32bit/64bit)
Windows Server 2003 SP1 (32bit/64bit) with patch “Windows Server 2003 Scalable Networking Pack”
Windows XP (32bit/64bit)
Linux Red Hat 5 (32bit/64bit)
Red Hat 6 (32bit/64bit)
CentOS 5 (32bit/64bit)
CentOS 6 (32bit/64bit)
SuSE 10 (32bit/64bit)
SuSE 11 (32bit/64bit)
Ubuntu 10.04 LTS (64bit)
Ubuntu 12.04 LTS (64bit)

Restrictions relating to agent installation

  • You are responsible for the installation of agents to their VMs.
  • You cannot use other antivirus software than VM Anti-Virus together with this service. Make sure to uninstall other antivirus software before using this service.
  • Do not upload agents by mounting ISO image files or CD/DVD drives, when uploading it to the VMs.
Restrictions relating to network configuration

  • When the target VM is in a segment which is not directly connected to the vFW/INA, an additional server segment is required to directly connect the vFW/INA and the VM.
Other restrictions

  • Only NTT Com Group can specify rule names of VM Firewall; you cannot specify them.
  • You are responsible for activation confirmation (constant monitoring) of agents.
  • Please set IPv6 to ON or OFF correctly when using VM Anti-Virus.
  • Traffic below is blocked in any mode settings.
    • TCP connections over 100,000
    • UDP connections over 100,000
    • Unusual traffic which is not based on RFC or suspected to be inaccurate.
      • No IP header
      • Source IP and Destination IP are the same
      • Text which is not available for URI
      • Using character “/” over 100
      • Using ”../../” above route
      • And there will be blocking resulting from the shortage of compute resource.
  • Please use a VM without this service installed for Create Template feature of Private Catalog menu. If a template is created from a VM where the agent is installed or installation and activation is completed, when a VM is replicated from that template, this service will no longer be available for the newly replicated VM and the VM used for creating that template. The same applies when used for image backup.
  • VM Firewall does not guarantee that the provided VM Firewall feature has integrity or accuracy, or is suitable for your use.
  • The following information might be provided to the developers or distributors of the devices making up the VM Firewall feature.
    • Configuration information obtained from providing VM Firewall
    • Configuration information obtained from controlling VM Firewall
  • We cannot guarantee recovery from failures that might occur due to incompatibility between the VM Firewall feature and your environment, or failures that occur due to your operations other than those specified by NTT Com group.