System Settings
Account List
| Item Name | Sort |
|---|---|
| Account Name | × |
| Item Name | Description |
|---|---|
| Account Name | Name of the login account. When clicked, the Update Account page for the account is displayed. |
| Item Name | Description |
|---|---|
| Page Top | |
| Add Account | Go to Add Account page. |
| Account List | |
| Delete Selected | Delete all the checked accounts. |
| Edit | Go to Update Account page for the account. |
| Delete | Delete the account. |
NoteDefault account "manager" cannot be deleted.
Add Account
| Item Name | Description |
|---|---|
| Account Name (Mandatory) | Name of the login account. Maximum length is 64 characters. Allowed characters are as follows. a-z, A-Z, 0-9, ' - _ . |
| Password | Login password for the account. Click the "Edit" button to configure password. |
| Permission | |
| Modify authentication database | Check this to grant permission to change authentication database to the account. |
| Configure system settings | Check this to grant permission to change system configurations to the account. |
| Item Name | Description |
|---|---|
| Password | |
| Edit | Open Password Configuration dialog to configure the account's password. |
| Page Bottom | |
| Submit | Add a new account with the input information. |
| Cancel | Cancel the operation for adding a new account. |
NoteWhen you forget all the passwords for user accounts with "Configure system settings AMF Security mini must be initialized if you forget Password for all Accounts that have the "Configure system settings" check box, including the default "manager". Please make sure that you keep your passwords safely and never forget them.
Password Configuration
| Item Name | Description |
|---|---|
| Password (Mandatory) | Login password for the account. Password must be 6 to 64 characters long. Allowed characters are as follows. a-z, A-Z, 0-9, ! # $ % & ' * + - / = ? ^ _ ` { | } ~ . |
| Confirm Password (Mandatory) | Enter the password again. |
| Item Name | Description |
|---|---|
| Page Bottom | |
| Submit | Configure the input password. |
| Cancel | Cancel the operation for configuring a password. |
Update Account
| Item Name | Description |
|---|---|
| Account Name (Mandatory) | Name of the login account. Maximum length is 64 characters. Allowed characters are as follows. a-z, A-Z, 0-9, ' - _ . |
| Password | Login password for the account. Click the "Edit" button to configure password. |
| Modify authentication database | Check this to grant permission to change authentication database to the account. |
| Configure system settings | Check this to grant permission to change system configurations to the account. |
| Item Name | Description |
|---|---|
| Password | |
| Edit | Open Password Configuration dialog to configure the account's password. |
| Page Bottom | |
| Submit | Update the account with the input information. |
| Cancel | Cancel the operation for updating the account. |
NoteAccount name and permissions of the default account "manager" cannot be changed.
NoteWhen you forget all the passwords for user accounts with "Configure system settings AMF Security mini must be initialized if you forget Password for all Accounts that have the "Configure system settings" check box, including the default "manager". Please make sure that you keep your passwords safely and never forget them.
Password Configuration
| Item Name | Description |
|---|---|
| Password (Mandatory) | Login password for the account. Password must be 6 to 64 characters long. Allowed characters are as follows. a-z, A-Z, 0-9, ! # $ % & ' * + - / = ? ^ _ ` { | } ~ . |
| Confirm Password (Mandatory) | Enter the password again. |
| Item Name | Description |
|---|---|
| Page Bottom | |
| Submit | Configure the input password. |
| Cancel | Cancel the operation for configuring a password. |
Network Settings
View and change network configurations for the AMF Security mini system.
Services
| Item Name | Description |
|---|---|
| Web Server Protocol | Protocol (HTTP or HTTPS) to use for the web interface. Default is HTTPS. |
| Web Server Port Number | TCP port number that AMF Security mini's web interface is listening on. Valid range is 1 to 65535. Default is 443. |
NoteOnly TLS 1.1 and TLS 1.2 are supported for HTTPS.
NoteAMF Security mini is using several ports internally. Refer to Appendix's TCP or UDP port number used inside AMF Security mini for the ports used by AMF Security mini.
| Item Name | Description |
|---|---|
| Submit | Save the input Services configurations. |
SSL Certificate
Register the SSL server certificate of the Web server (AMF Security mini) and the SSL server certificate of the whitelist authentication server installed in AMF Security mini.If you want external applications to interact with AMF Security mini via HTTPS, you may have to install an SSL server certificate issued by a trusted certificate authority (CA).
If you want to encrypt the control session with the AMF Application Proxy Whitelist, obtain the SSL server certificate from a trusted certificate authority and upload it to AMF Security mini.
"SSL Certificate" section shows a summary of the installed SSL server certificate.
- If your CA provides you with intermediate CA certificates or cross root CA certificates in addition to your server certificate, concatenate those certificates into a single file then upload the file to AMF Security mini. Contact the CA for detailed information on how to concatenate certificate files.
- To install a certificate file, it must meet the following requirements.
Table 14: SSL Certificate Requirements
Type X.509, RFC6818 Encryption PEM (Privacy Enhanced Mail) Extension .crt
| Item Name | Description |
|---|---|
| Role | Displays Web (Web server) or WhiteList (Authentication server). |
| Common Name (CN) | Displays the common name of the web server (AMF Security mini) or authentication server (AMF Security mini). |
| Organization (O) | Displays the name of the organization to which the Web server (AMF Security mini) or authentication server (AMF Security mini) belongs. |
| Expiry Date [UTC] | Expiration date of the certificate. |
| Item Name | Description |
|---|---|
| Detail | The detailed information of the registered SSL server certificate is displayed. |
| Upload | Register the SSL server certificate in AMF Security mini. |
| Delete | Delete the installed SSL server certificate and restore the default certificate which is self-signed by AMF Security mini. |
Logging Settings
NoteWhen you change the log settings, the connection with the connected switch is temporarily disconnected.
◼ Log Output
You can view and configure levels for various types of logs.
| Item Name | Description |
|---|---|
| Device Authentication Result | Minimum level for device authentication logs to be output. Default is Informational. |
| OpenFlow Controller | Not supported in this version. |
| OpenFlow Protocol Packets | Not supported in this version. |
| GUI Operation | Minimum level for the web interface logs to be output. Default is Informational. |
| Trap Monitor | Minimum level for the trap monitor logs to be output. Default is Informational. |
| Escape double quotation characters in quoted string | Escape double quotes in the log message. Default is disabled. |
◼ Syslog
| Item Name | Description |
|---|---|
| Syslog Server | Set the IPv4 address or hostname and UDP port number of the external Syslog server that sends the log. The forwarding destination should be in the form of "A.B.C.D:P" where the A.B.C.D is an IPv4 address and P is a port number. Multiple Syslog servers can be specified by separating each address by a semicolon (;). A colon (:) and a port number can be omitted if the host is listening on the default syslog port (514). |
NoteAMF Security mini is using several ports internally. Refer to Appendix's TCP or UDP port number used inside AMF Security mini for the ports used by AMF Security mini.
| Item Name | Description |
|---|---|
| Page Bottom | |
| Submit | Save the input logging configurations. |
Date / Time Settings
| Item Name | Description |
|---|---|
| Current Date / Time | Display system date. |
| Item Name | Description |
|---|---|
| Timezone | Display the system timezone Default is UTC. Click the "Edit" button to set the timezone. |
| Item Name | Description |
|---|---|
| Edit | Display the Select Timezone dialog and set the system timezone. |
Select Timezone
| Item Name | Description |
|---|---|
| Timezone | Select the timezone from the dropdown list. |
| Item Name | Description |
|---|---|
| Submit | Save the selected timezone. |
System Information
NoteWhen changing the host name, the connection with the connecting AMF master is temporarily disconnected.
◼ System Information
| Item Name | Description |
|---|---|
| Hostname | Hostname of the system Default is "sesc". To change the hostname, enter a new hostname and click the "Update" button. Max 63 characters. Allowed characters are as follows. a-z, A-Z, 0-9, - Hyphen (-) cannot be used for the first letter. |
| Database Synchronization | Not supported in this version. "Disabled" is always displayed. |
| Item Name | Description |
|---|---|
| Refresh | Update the hostname. |
◼ Software Info
| Item Name | Description |
|---|---|
| Version | Version and build number (internal version) of the installed AMF Security mini software. |
| Build Time [UTC] | Build date and time of the installed AMF Security mini software. |
◼ System Settings
| Item Name | Description |
|---|---|
| Size | Displays the file size of system setting data. |
| Updated Date / Time | Displays the date and time when the system setting data was updated. |
| Item Name | Description |
|---|---|
| Export | Download system configuration for backup. |
| Import | Import and restore system settings. |
| Reset | Returns the system settings to the default settings. |
Manually backup, configure or delete those elements.
- Configurations to be backed up, restored and reset.
- Account List
- Network Settings - Services
- Logging Settings
- Date / Time Settings
- Trap Monitor Settings
- Email Notification Settings
- AMF Settings
- Account List
- Configurations not to be backed up, restored and reset.
- Network Settings - SSL Certificate
- AMF Application Proxy Settings - SSL Certificate
- SESC Log
- Action Log
- Network Settings - SSL Certificate
◼ Authentication Data
| Item Name | Description |
|---|---|
| Size | Displays the file size of system setting data. |
| Updated Date / Time | Displays the date and time when the authentication data was updated. |
| Item Name | Description |
|---|---|
| Export | Download authentication data for backup. |
| Import | Import the authentication data and add it to the active AMF Security mini system. |
| Reset | Erase all authentication data. |
| Compact | Rebuild the authentication database. |
NoteAuthentication data file to import should be in CSV format. Refer to CSV File in Appendix for CSV Files.
◼ Services
| Item Name | Description |
|---|---|
| Restart All | Restart AMF Security mini system. |
◼ Technical Support Information
| Item Name | Description |
|---|---|
| Download | Download technical support information for trouble shooting. |
Trap Monitor Settings
This page lets you configure various parameters required for interaction with external applications.You can also setup AMF Security mini to forward SNMP traps and syslog messages to other systems.
NoteTrap monitor only responds to specific set of log messages and SNMP traps. You cannot define actions for arbitrary messages and traps.
◼ Protocols
| Item Name | Description |
|---|---|
| Syslog Port Number | Listening port number to receive syslog messages. Valid range is 1 to 65535. Default is 514. |
| SNMP Trap Port Number | Not supported in this version. |
NoteAMF Security mini is using several ports internally. Refer to Appendix's TCP or UDP port number used inside AMF Security mini for the ports used by AMF Security mini.
◼ Networks
This page lets you configure networks to monitor or not to monitor, syslog, trap host and so on.
If Monitored Networks and Excluded Networks overlap, Exclude Networks have precedence.
NoteSome external applications do not respect settings of Monitored Networks and Excluded Networks.
| Item Name | Description |
|---|---|
| Monitored Networks | IPv4 networks to monitor using syslog and trap messages. Multiple networks can be specified by separating each network by a semicolon (;). If this field is empty or 0.0.0.0/0 is specified, all networks are monitored. Default is 0.0.0.0/0. |
| Excluded Networks | IPv4 networks not to monitor. Multiple networks can be specified by separating each network by a semicolon (;). |
| Syslog Forwarding Destination Hosts | Specify a host to which AMF Security mini forwards the received syslog messages. The forwarding destination should be in the form of "A.B.C.D:P" where the A.B.C.D is an IPv4 address and P is a port number. Multiple hosts can be specified by separating each address by a semicolon (;). A colon (:) and a port number can be omitted if the host is listening on the default syslog port (514). Source IPv4 address of the forwarded messages are the address of AMF Security mini. |
| SNMP Trap Forwarding Destination Hosts | Not supported in this version. |
◼ Device Lookup
Specify a target range of the action to notify.
| Item Name | Description |
|---|---|
| None | Notify actions on MAC address. |
| Device | Notify actions on Device. |
| Tag | Notify actions on Device Tag. |
NoteDevice Lookup is not supported for the AMF Application Proxy's IP-Filter action.
| Item Name | Description |
|---|---|
| Submit | Save the input Trap Monitor Settings configurations. |
◼ Rules
Trap monitor rules can be updated and added through trap monitor rule files.
By default, trap monitor rules for the UTM functions of AT-AR3050S/AT-AR4050S routers are installed.
NoteTrap monitor rule files are provided by our "AMF-SEC Technology Partner Program". Contact our sales engineer for the Technology Partner Program.
- AT-AR3050S/AR4050S
This tab lets you configure trap monitor rules for the UTM functions of AT-AR3050S/AT-AR4050S routers.
To receive and monitor syslog messages from AT-AR3050S/AT-AR4050S routers, check the "Enable the monitoring of traps from this host.".
Then, check events which you want to monitor in the "Trap Action Target Trigger" table.
- IP Reputation:Detection of Malware Category
Block traffic from a device when AMF Security mini receives a syslog message indicating that the IP reputation feature on the router detects the device tries to communicate with a destination classified as Malware category (Malware C&C server (CnC), Malware-infected host (Bot) or Mobile C&C Server (Mobile_CnC)).
- IP Reputation:Detection of Spyware Category
Block traffic from a device when AMF Security mini receives a syslog message indicating that the IP reputation feature on the router detects the device tries to communicate a destination classified as Spyware category (drop site (Drop), Spyware C&C server (SpywareCnC) or Mobile Spyware C&C server (Mobile_Spyware_CnC)).
- Malware Protection:Detection of known malware on communicate from LAN to WAN
Block traffic from a device when AMF Security mini receives a syslog message indicating that the malware protection feature on the router detects the known malware on the device.
- Antivirus:Detection of virus on communicate from LAN to WAN
Block traffic from a device when AMF Security mini receives a syslog message indicating that the anti-virus feature on the router detects the known virus on the device.
- Firewall(IDS):Detection of Syn Flood attacks from LAN to WAN
Block traffic from a device when AMF Security mini receives a syslog message indicating that the firewall's IDS feature on the router detects the SYN Flood attack from the device.
- Firewall(IDS):Detection of ICMP Flood attacks from LAN to WAN
Block traffic from a device when AMF Security mini receives a syslog message indicating that the firewall's IDS feature on the router detects the ICMP Flood attack from the device.
- Firewall(IDS):Detection of UDP Flood attacks from LAN to WAN
Block traffic from a device when AMF Security mini receives a syslog message indicating that the firewall's IDS feature on the router detects the UDP Flood attack from the device.
- Firewall(IDS):Detection of TCP Stealth Scan from LAN to WAN
Block traffic from a device when AMF Security mini receives a syslog message indicating that the firewall's IDS feature on the router detects the TCP Stealth Scan attack from the device.
Note
To use those rules, you also have to configure AT-AR3050S/AT-AR4050S. Refer to the AT-AR3050S/AT-AR4050S's documentation for more details.
Table 38: Buttons
Item Name Description Value Open the Rule Setup page.
Table 39: Displayed columns
Item Name Description Version Version of the Trap Monitor Rules
Table 40: Configurable fields
Item Name Description Enable the monitoring of traps from this host. If you want to monitor the device by receiving Syslog message from AT-AR3050S or AT-AR4050S, check the check box. Host Addresses IPv4 address of AT-AR3050S/AT-AR4050S routers. Multiple hosts can be specified by separating each address by a semicolon (;). Default is unspecified (empty) which means that AMF Security mini accepts syslog messages from any IPv4 address. OpenFlow Action Not supported in this version. AMF Action An action to be taken on the AMF network deploying the AMF Application Proxy feature. - Drop Packets: Block traffic from the device at the layer two (MAC) level.
- Link-Down: Shutdown the port where the device is connected.
- Quarantine: Move the port where the device is connected to the quarantine VLAN.
- AMF Dependency: AMF Security mini does not specify an action and lets AMF devices determine its action.
- IP-Filter: Block traffic from the device at the layer 3 (IP) level.
- Log-Only: AMF Security mini does not specify an action and records the device information.
Table 41: Buttons
Item Name Description Page Bottom Submit Save the input Rules configurations. - IP Reputation:Detection of Malware Category
Rule Setup
| Item Name | Description |
|---|---|
| Name | Displays the name of the trap monitoring rule. |
| Item Name | Description |
|---|---|
| Choose File | Select the rule settings file to upload. |
| Upload | Upload the selected rule settings file. |
| Delete | Delete the registered rule settings. |
| Close | Go back to the Trap Monitor Settings page. |
Email Notification Settings
This page lets you configure Email Notifications.You can configure AMF Security mini to notify an administrator with an email when an event such as device authentication or block happens.
AMF Security mini also sends emails to forward the contents of syslog messages and SNMP traps it receives.
NoteEmail notification of syslog and trap messages are always enabled and cannot be disabled.
NoteWhen changing the email notification settings, the connection with the connecting AMF Member is temporarily disconnected.
AMF Security mini queues the Notification Emails by the following rules and tries to resend them upon failure.
- When an event occurs, AMF Security mini queues up to 100 emails for the event in the first 10 seconds after the event.
- Queued emails are sent out as a single email after 10 seconds.
- If 100 or more events occur in 10 seconds after the first event, AMF Security mini queues them too.
- A Queue is created for each event types of Email Notification Settings.
- AMF Security mini attempts up to four retries, i.e. AMF Security mini tries to send an email up to 5 times.
◼ Email Notification Settings
You can enable or disable email notification for each event with checkboxes.
- Send Email Notification on Authentication Success
- Send Email Notification on UnAuth Authentication Success
- Send Email Notification on Block Event
- Send Email Notification on Quarantine Event
- Send Email when Switch License Exceeded
- Send Email when Database Synchronization Status has changed
Note"Send Email Notification on Block Event" or the "Send Email Notification on Quarantine Event" is checked, AMF Security mini also sends notification email when a device is blocked or quarantined by AMF Application Proxy.
◼ SMTP Server Settings
| Item Name | Description |
|---|---|
| SMTP Server | IPv4 address of a SMTP server which AMF Security mini uses to send out emails. |
| SMTP Port | Listening port of the SMTP server. |
| Sender | Mail address of the sender. |
| Receiver | Mail address of the recipient. Multiple addresses can be specified by separating them with a semicolon (;). |
| Username | Username for SMTP authentication. |
| Password | Password for SMTP authentication. |
| Encryption | Check this to use TLS connection to the SMTP server. |
| Language | Select a language used in emails. |
NoteAMF Security mini is using several ports internally. Refer to Appendix's TCP or UDP port number used inside AMF Security mini for the ports used by AMF Security mini.
NoteIf your browser is configured to use Japanese, some part of emails is written in Japanese even if Language setting for Email Notification is English. If both browser and Email Notification are configured to use English, mail body is written in English. Note that strings contained in authentication data or messages received from an external application are left unchanged.
NoteWhen you want AMF Security mini to send notification emails when a device is blocked by the AMF Application Proxy with "Drop Packets", "Link-Down" or "IP-Filter" action, check "Send Email Notification on Block Event" .
| Item Name | Description |
|---|---|
| SMTP Server Settings | |
| Send Test Email | Send a test email. |
| Page Bottom | |
| Submit | Save the SMTP server settings. |
SESC Log
This page shows log messages generated by AMF Security mini service. The latest 1000 messages are displayed in this page.You can view messages for a specific date by selecting a date at the right side of the page.
| Item Name | Description |
|---|---|
| Clear All Logs | Clear all log messages. |
| Download | Download the latest log messages (max 300000 messages). |
| Refresh | Refresh SESC Log page. |
Action Log
This page shows AMF Security mini services' log messages related to actions.On this page, you can search by item.
| Item Name | Description |
|---|---|
| Date / Time | Date / Time the action was applied to a device. |
| MAC Address | MAC address of the device. |
| Device ID | Device ID |
| Device IPv4 Address | IPv4 address of the device. |
| Device Tag | Device Tag |
| Connected Switch ID | ID of the switch to which the device is connected. |
| Connected Switch IPv4 Address | IPv4 address of the connected switch |
| Connected Port ID | ID of the port to which the device is connected. |
| Connected Port Number | Port number of the port to which the device is connected. |
| Status | Type of action applied to the device. |
| VLAN ID | VLAN ID to which the device belongs |
| Network ID | Network ID to which the device belongs |
| Action ID | ID of the action applied to the device |
| Priority | Priority of the action applied to the device |
| Action Originator | Originator of the action applied to the device |
| Reason | Reason of the action applied to the device. |
| Item Name | Description |
|---|---|
| Refresh | Refresh the Action Log page. |
| Download | Download the latest log messages. |
| Clear Action Log | Deletes action logs. |
| Item Name | Search | Filter | Sort |
|---|---|---|---|
| Duration | × | − | − |
| MAC Address | × | − | − |
| Device IPv4 Address | × | − | − |
| Device Tag | × | − | − |
| Action Originator | × | − | − |
| Status | − | × | − |
18 Jan 2021 10:56