Network-Based Security(Managed FW/UTM/WAF) - Documents
- Service introduction
- Support information
- Does Security Incident Report function cause an increase in the load or a decrease in performance on the device?ECL2.0, Network-based Security / Specification
- Is it possible to change the execution privilege such as ReadOnly restriction to a specific user with Security menu (Managed Firewall etc)?ECL2.0, Host-based Security, Network-based Security / Specification
As for security menu (ManagedUTM, Managed Firewall) and backup menu, it is not covered by API permission management function, so it is not possible to perform Read Only and access restrictions on specific users.
- Is there communication impact when changing the settings of Managed Firewall / UTM and Managed WAF?ECL2.0, Network-based Security / Operation, Specification
– When changing plans or changing device interface settings
There is a connectivity impact due to device restart, so please note the timing of the work.
– When changing routing settings / object settings
Since restarting of the device does not occur, there is no connectivity impact in the setting items not related to connectivity.
- In Managed Firewall / UTM with HA configuration, Is there any impact of the device restart at the time of plan changes?ECL2.0, Network-based Security / Operation, Specification
The Managed Firewall / UTM device with the HA configuration will not reboot at the same time, but communication interruption of about 10 minutes will occur before the plan change is completed.
- Is it possible to purchase two single-configuration Managed Firewall / UTM and create a redundant configuration?ECL2.0, Network-based Security / Construction, Specification
No. According to the specification of this service, if you use Managed Firewall / UTM in redundant configuration, it is necessary to apply with HA configuration when you order the service.
Also, you can not change from single configuration to HA configuration once you order the service.
- Let me know the network routing when Mangaed UTM / WAF signature is updated?ECL2.0, Network-based Security / Specification
Signature update of Mangaed UTM / WAF is carried out via the management network connected by our company.
Therefore, customers can use it without considering the routing.
Please note that the method of confirming the signature update of Managed UTM / WAF is not disclosed on the service specification.
- How to check the “Signatures Disabled Id” list?ECL2.0, Network-based Security / Operation, Specification
We will explain with the default Template_Signature_Profile as an example.
From device management screen,
Protection Profile > Signature Profile > Template_Signature_Profile
it is possible to check the list with “Signatures Disabled Id”
* When it is hard for you to see it in narrow display frame, click the “Edit” button and check it in the editing screen.
To return to the device management screen, click “Cancel” to close the screen.
- Is it possible to change “Signature Class” in signature profile setting of Managed WAF?ECL2.0, Network-based Security / Operation, Specification
- Is it possible to connect a plurality of VPN gateway to one of the Managed Firewall?ECL2.0, Network-based Security, VPN Connectivity / Construction, Specification
Yes, it it possible.
However, depending on the specification of the VPN gateway, when multiple VPN gateways are connected to the same logical network, it is impossible to communicate because the MAC addresses are duplicated.
(Excerpt) The problem of this inappropriate configuration was solved through maintenance works on January 16, 2018, and thus the configuration is currently usable. Managed Firewall and Managed UTM generated before January 16, 2018 are also usable. However, if multiple VPN gateways are connected with the same logical network, duplication of MAC addresses results in communication failure due to the specifications of VPN gateways.
- What are the criteria for detecting and defending malicious traffic in IPS / IDS function of Managed UTM?ECL2.0, Network-based Security / Operation, Specification