Network-based Security - FAQ
- In Managed Firewall / UTM log analysis function, please tell me the meaning of each item displayed in the field of Raw log.ECL2.0, Network-based Security
The main items in the Raw log and their meanings are as follows.[type =]
Represents the type of log.[subtype =]
For traffic logs, [type = traffic] is displayed. For security logs, [type = utm] is displayed.
Represents the type of log.[srcip =]
For traffic logs, [subtype = forward] is displayed. For security logs, UTM functions detected [subtype = ips etc.] are displayed.
Displays the source IP address.[srcintf =]
Displays the interface for which communication has been entered (received) on the Managed Firewall / UTM.[dstip =]
Displays the destination IP address.[dstintf =]
Displays the interface for which communication has been output (sent) on Managed Firewall / UTM.[proto =]
Displays the protocol number described in the IP header.[action =]
ICMP: [proto = 1], TCP: [proto = 6] and UDP: [proto = 17].
Displays the process result of the corresponding communication in Managed Firewall / UTM.[policyid =]
When communication is permitted, UDP / ICMP: [action = accept] and TCP: [action = close].
# When TCP communication ends, the log is output as [action = close].
Displays the Policy ID of Firewall Policy that matched communication with Managed Firewall / UTM.[trandisp = dnat]
Displayed when SourceNAT or DestinationNAT is applied.[tranip =]
For SourceNAT, [trandisp = snat] is displayed. For DestinationNAT, [trandisp = dnat] is displayed.
Displays the IP address translated when Destination NAT is applied.[tranport =]
Displays the port number (translated by Port Forward) when Destination NAT is applied.[duration =]
# If you do not set Port Forward, the destination port will be displayed as [tranport =].
Displays the time (in seconds) from the start of communication to the end.
- On "Web filter function" of Managed UTM, is it possible to set a white list format in which all deny is set for Web access and only permitted URLs are registered?ECL2.0, Network-based Security
It can be realized by setting as below. However, wildcards can not be used in Global URL List. Please check the tutorial for details.
1 URL:AAA.co.jp Type:simple Action:exempt
2 URL:BBB.co.jp Type:simple Action:exempt
3 URL:* Type:wildcard Action:block
- Is there the SSL inspection function for Managed UTM and Managed WAF?ECL2.0, Network-based Security
Managed UTM can not examine SSL encrypted communication.
In Managed WAF, it is possible to decrypt SSL encrypted communication and check communication. In the case of using the decryption function, it is necessary for the customer to prepare the certificate and set it from the security control panel.
- What is "Session Count" in Managed Firewall / UTM device KPI summary display?ECL2.0, Network-based Security
- Is there any sample of INCIDENT REPORTS that can be created on Managed Firewall / UTM service?ECL2.0, Network-based Security
You can find a sample of INCIDENT REPORTS on following page.
Reference：Security Tutorial - Managed Firewall / Managed UTM - INCIDENT REPORTS
- The ping from the virtual server to the VIP of the managed firewall was not successful.ECL2.0, Network-based Security
"The same IP address is assigned to the virtual server and the virtual IP address of VRRP on Managed Firewall"
When DHCP is enabled, one unused address is assigned from the IP address assignment pool for [DHCP Port] to be connected to the DHCP server.
When you apply for Managed Firewall or Managed UTM with HA configuration, the virtual IP address used for VRRP redundancy is registered in "Allowed Address Pair" of "Port function(Port)", but is not registered in "Fixed IP address". It is not covered by automatic address assignment management.
・Set the oldest IP address of the DHCP pool to the virtual IP address of VRRP of Managed Firewall.
・Set the IP address, set as the virtual IP address of VRRP of Managed Firewall, to "Port function(port)"
Reference：Service Descriptions - Logical Network
- Does Security Incident Report function cause an increase in the load or a decrease in performance on the device?ECL2.0, Network-based Security
- Is it possible to change the execution privilege such as ReadOnly restriction to a specific user with Security menu (Managed Firewall etc)?ECL2.0, Host-based Security, Network-based Security
As for security menu (ManagedUTM, Managed Firewall) and backup menu, it is not covered by API permission management function, so it is not possible to perform Read Only and access restrictions on specific users.
- Is there communication impact when changing the settings of Managed Firewall / UTM and Managed WAF?ECL2.0, Network-based Security
- When changing plans or changing device interface settings
There is a connectivity impact due to device restart, so please note the timing of the work.
- When changing routing settings / object settings
Since restarting of the device does not occur, there is no connectivity impact in the setting items not related to connectivity.
- In Managed Firewall / UTM with HA configuration, Is there any impact of the device restart at the time of plan changes?ECL2.0, Network-based Security
The Managed Firewall / UTM device with the HA configuration will not reboot at the same time, but communication interruption of about 10 minutes will occur before the plan change is completed.
Upgrade of Managed UTM does not require restart of the device.