2.8. UTM¶
2.8.1. Overview¶
2.8.2. Features¶
| Feature | Overview |
| IPS/IDS | A function that detects and/or prevents illegal communication. |
| Anti Virus | A function that detects and/or prevents viruses from HTTP, FTP, SMTP, POP3, and IMAP communications. |
| Web Filter | A URL filtering function for HTTP communications. |
| Spam Filter | A function to determine whether or not the receiving email message is spam in POP3 and IMAP communications. |
| Plan | Traffic Processing Capacity |
Plan |
|---|---|---|
| Compact | Max 200 Mbps | The total value of uplink and downlink. The values are best-effort. |
| Large | Max 400 Mbps |
2.8.2.1. IPS/IDS¶
| Items | Overview |
| Direction | The direction specified by the customer |
| Protocol | TCP/IP |
| Items | Overview |
| IPS/IDS functions | Set up whether or not to use the IPS/IDS functions |
| Direction of inspected communication | Specify the direction of the inspected communication |
| Actions when detecting fraudulent communications | Select from IPS mode and IDS mode
|
2.8.2.2. Anti Virus¶
| Items | Content | |
|---|---|---|
| Communications | Direction | The direction specified by the customer |
| Protocol | The protocols specified by the customer from HTTP, FTP, SMTP, POP3, and IMAP | |
| Port Number | The port number specified by the customer | |
| File | File Size | Files that are 3MB and under |
| Compressed files | Number of times | Inspects only files that have been compressed 12 times or less |
| Format | arj, cab, gzip, lha, lzh, msc, rar, tar, zip | |
| File size | Inspects only files with extracted file size of 3MB or less | |
| Items | Content | |
|---|---|---|
| Anti Virus function | Set up whether or not to use the Anti Virus function | |
| Communications | Direction | Specify the direction of the inspected communication |
| Protocol | Select the protocols from HTTP, FTP, SMTP, POP3, and IMAP | |
| Port number | Specify the port number of each protocol | |
| Actions when detecting viruses | Select from “AntiVirus_Block” and “AntiVirus_Monitor”
|
|
2.8.2.3. Web Filter¶
| Items | Overview |
| Direction | Communications from vFW/INA via UTM to the virtual machine |
| Protocol | HTTP |
| Port Number | The port number specified by the customer |
| Items | Content |
| Web Filter Function | Specify or not whether to use the Web Filter function |
| Port Number of the Inspected Communications | Specify the port number |
| Blocked Categories | Select the website category to be blocked.
Block: Blocks the access and has log output
|
| hite List and Black List | Set up the white list and black list. The number of settings is up to 100 URLs for each. |
2.8.2.4. Spam Filter¶
| Items | Overview |
| Direction | Direction specified by the customer |
| Protocol | POP3 and IMAP |
| Port Number | Port number specified by the customer |
| Items | Content | |
|---|---|---|
| Spam Filter function | Set up whether or not to use the Spam Filter function | |
| Communications | Direction | Specify the direction of the inspected communications |
| Port Number | Specify the port number for each protocol | |
| White List and Black List | Set up the white list and black list. The number of settings is up to 100 URLsfor each | |
2.8.3. Restrictions¶
Restrictions in non-Japanese Data Centers- One global IP address per one UTM service is necessarily assigned to monitoring use for UTM server. When you order 2 UTM services, two global IP address is assigned by NTT operator. Therefore please make sure that you prepare the required quantity of global IP addresses when ordering.
- Do not change NAT rules for UTM service configured to vFW/INA by NTT Com Group.
- IP address set as Default gateway in Server Segment setting cannot be assigned on UTM interface.
- If you perform Ping monitoring on the VM, you will require an additional Server Segment for direct connection between vFW/INA and the VM.
- Do not connect the target server segments directly to the vFW/INA.
- Do not change default gateway setting of UTM via Security Web Portal. It can be changed by service order form for changing.
- It is necessary to construct a proxy server on the EC service when applying the Web Filter to the communications connected to the internet from VPN of the EC service.
- To display the block screen and the like, service communication using TCP 8008, 8010, and 8020 ports cannot be used for communications that go through the Web Filter.
- For HTTP communications, the block screen will not be displayed if the domain stated in the Common Name in the server certificate on the accessed site is a domain belonging to the blocked category. (It will be displayed as a browser error.)
- For IMAP, there are times when ‘Spam’ cannot be added in the email subject title. This is not caused by UTM specification but a restriction by IMAP action. For IMAP, an email subject title is downloaded on the client first and a message body is downloaded next. So when it is determined as spam due to an URL in the message body, ‘Spam’ cannot be added in the email subject title. With IMAP, it is possible to add ‘Spam’ on the email subject title when the email address is determined to be spam.
It is absolutely necessary to have a contract for either vFirewall or Integrated Network Appliance.
You cannot switch plan from Compact to Large or the other way after the service begin.
The appliance that runs this service operates on a single structure. The platform is a dual configuration where it will switch in five to ten minutes after rebooting on the backup platform during failures.
This service needs a dedicated compute resource pool. (The pool will be designed when applying for UTM.) This service cannot be configured on an existing compute resource pool.
Customers cannot configure a virtual machine on the compute resource pool operating this service.
The dedicated compute resource pool for this service cannot be extended or reduced.
Changes in resource allocations for the virtual machine that operates this service cannot be done from the customer portal. (Only we can change it as it is virtual machine controlled by us.)
It will switch to a conserve (Protect) mode when the usage rate of the UTM memory exceeds 80 percent. It will pass without inspecting new sessions when it is in conserve mode (for Anti Virus, Web Filter, and Spam Filter functions). Also conserve mode will automatically be released when the memory usage rate is 80 percent and under.
The virtual machine operating the UTM cannot use private catalogues, backup and VM security services.
- Packets which break TCP/UDP/IP protocol rules or abnormal packets are discarded as a standard function regardless of customer’s configuration.(examples)
- When the IP header is cut off in the middle
- When the port number is 0 (zero)
- When the TCP flag combination is abnormal and others
- Illegal packets due to encapsulation and others
UTM does not guarantee that the UTM feature has integrity or accuracy, or is suitable for your use. Furthermore, the suitability of the algorithms that detect unauthorized/cyber-attack communications provided by the developers or distributors of the devices making up the UTM feature is not guaranteed.
The following information might be provided to the developers or the distributors of the devices making up UTM features.
- Configuration information obtained through providing UTM
- Information on UTM control
We cannot guarantee recovery from failures that might occur due to incompatibility between UTM and your environment, or failures that occur due to your operations other than those specified by NTT Com Group.