Contents

System Settings

References > System Settings

---

---

Account List

Table 1: Target columns for sort operation

Item Name	Sort
Account Name	×
Account Group ID	×

Table 2: Displayed columns

Item Name	Description
Account Name	Name of the login account. When clicked, the Update Account page for the account is displayed.
Account Group ID	Account group to which the Login Account belongs. When clicked, the Update Account Group page for the account group is displayed. If you delete the account group on the System settings > Account group list page after registering the account group to the login account, the link to the Update Account Group page above is deleted.

Table 3: Buttons

Item Name	Description
Page Top
Add Account	Go to Add Account page.
Account List
Heading Row
Delete Selected	Delete all the checked accounts.
Each Row
Edit	Go to Update Account page for the account.
Delete	Delete the account.

Note

Default account "manager" cannot be deleted.

Add Account

Table 4: Sample Configuration Data

Item Name	Description
Account Name (Mandatory)	Name of the login account. Maximum length is 64 characters. Allowed characters are as follows. a-z, A-Z, 0-9, ' - _ .
Password	Login password for the account. Click "Edit" to configure password.
Email Address	Enter the Email Address associated with the account. If you forget your password, you can recover it by email.
Account Group ID	Select the Account Group ID to which the Login Account belongs.
Permission
Modify authentication database	Check this to grant permission to change authentication database to the account.
Configure system settings	Check this to grant permission to change system configurations to the account.

Table 5: Buttons

Item Name	Description
Password
Edit	Open Password Configuration dialog to configure the account's password.
Page Bottom
Submit	Add a new account with the input information.
Cancel	Cancel the operation for adding a new account.

Note

The AMF Security configurations must be initialized if you forget passwords for all accounts with the permission of "Configure system settings" including the "manager" account. Make sure that you keep your passwords safely and never forget them.
For more information, refer to the AT-VST-APL document posted on our website.

Note

Register your Email Address in your account and set the Email Notification on the System Settings > Email Notification Settings page. This allows you to recover your password by email if you forget it.
Refer to Appendix > If you forget your password for instructions on how to recover your password by email.

Password Configuration

Table 6: Sample Configuration Data

Item Name	Description
Password (Mandatory)	Login password for the account. Password must be 6 to 64 characters long. Allowed characters are as follows. a-z, A-Z, 0-9, ! # $ % & ' * + - / = ? ^ _ ` { | } ~ .
Confirm Password (Mandatory)	Enter the password again.

Table 7: Buttons

Item Name	Description
Bottom of the dialog
Submit	Configure the input password.
Cancel	Cancel the operation for configuring a password.

Update Account

Table 8: Configurable fields

Item Name	Description
Account Name (Mandatory)	Name of the login account. Maximum length is 64 characters. Allowed characters are as follows. a-z, A-Z, 0-9, ' - _ .
Password	Login password for the account. Click "Edit" to configure password.
Email Address	Enter the Email Address associated with the account. If you forget your password, you can recover it by email.
Account Group ID	Select the Account Group ID to which the Login Account belongs.
Permission
Modify authentication database	Check this to grant permission to change authentication database to the account.
Configure system settings	Check this to grant permission to change system configurations to the account.

Table 9: Buttons

Item Name	Description
Password
Edit	Open Password Configuration dialog to configure the account's password.
Page Bottom
Submit	Update the account with the input information.
Cancel	Cancel the operation for updating the account.

Note

Account name and permissions of the default account "manager" cannot be changed.

Note

The AMF Security configurations must be initialized if you forget passwords for all accounts with the permission of "Configure system settings" including the "manager" account. Make sure that you keep your passwords safely and never forget them.
For more information, refer to the AT-VST-APL document posted on our website.

Note

Register your Email Address in your account and set the Email Notification on the System Settings > Email Notification Settings page. This allows you to recover your password by email if you forget it.
Refer to Appendix > If you forget your password for instructions on how to recover your password by email.

Password Configuration

Table 10: Configurable fields

Item Name	Description
Password (Mandatory)	Login password for the account. Password must be 6 to 64 characters long. Allowed characters are as follows. a-z, A-Z, 0-9, ! # $ % & ' * + - / = ? ^ _ ` { | } ~ .
Confirm Password (Mandatory)	Enter the password again.

Table 11: Buttons

Item Name	Description
Bottom of the dialog
Submit	Configure the input password.
Cancel	Cancel the operation for configuring a password.

Account Group List

Table 12: Target columns for search and sort operations

Item Name	Search	Sort
Account Group ID	×	×
Note	×	×

Table 13: Displayed columns

Item Name	Description
Account Group ID	Account group name.
Note	Arbitrary string (comment) for the Account Group.

Table 14: Buttons

Item Name	Description
Page Top
Add Account Group	Go to Add Account Group page.
Export to CSV	Start downloading of a list of account groups in CSV format.
Account Group List
Heading Row
Delete Selected	Delete all the checked account groups.
Each Row
Edit	Go to Update Account Group page for the account group.
Delete	Delete the account group.

Note

Refer to Appendix/CSV File for CSV Files.

Add Account Group

Table 15: Configurable fields

Item Name	Description
Account Group ID (Mandatory)	Account group to which the Login Account belongs. Account Group ID must be unique. Max 255 characters
Note	Arbitrary string (comment) for the Account Group.

Table 16: Buttons

Item Name	Description
Submit	Add a new account group with the input information.
Cancel	Cancel the operation for adding a new account group.

Update Account Group

Table 17: Configurable fields

Item Name	Description
Account Group ID (Mandatory)	Account group to which the Login Account belongs. Account Group ID must be unique. Max 255 characters
Note	Arbitrary string (comment) for the Account Group.

Table 18: Buttons

Item Name	Description
Submit	Go to Update Account Group page for the account group.
Cancel	Cancel the operation for updating the account group.

Network Settings

View and change network configurations for the AMF Security system.

Note

With the following settings, the connection with connected OpenFlow Switch or AMF Master is temporarily disconnected.
・Uploading or deleting the SSL Certificate of the Web server
・Database Synchronization
・Database Synchronization Option Settings

Services

Table 19: Configurable fields

Item Name	Description
Web Server Protocol	Protocol (HTTP or HTTPS) to use for the web interface. Default is HTTPS.
Web Server Port Number	TCP port number that AMF Security's web interface is listening on. Valid range is 1 to 65535. Default is 443.

Note

Only TLS 1.2 and TLS 1.3 are supported for HTTPS.

Note

AMF Security is using several ports internally. Refer to Appendix/TCP or UDP port used by AMF Security for the ports used by AMF Security.

Note

If you specify HTTP as the web server protocol and 80 as the port number when accessing the web setting screen, you are redirected to the web server protocol and port number set above.

Note

The combination of web server protocol and port number HTTPS / 80 is non-configurable (reserved).

Note

If you upgrade to this version with the web server protocol and port number set to HTTPS / 80 in AMF Security softwear version 1.8.1, or if you import the system setting file with the same settings, it is changed to HTTP / 80 settings.

Table 20: Buttons

Item Name	Description
Submit	Save the input services configurations.

SSL Certificate

Register the SSL server certificate of the Web server (AMF Security) and the SSL server certificate of the whitelist authentication server installed in AMF Security.
If you want external applications to interact with AMF Security via HTTPS, you may have to install an SSL server certificate issued by a trusted certificate authority (CA).
If you want to encrypt control session between AMF Master and Whitelist Server (AMF Security), upload an SSL server certificate issued by a trusted certificate authority (CA).

"SSL Certificate" section shows a summary of the installed SSL server certificate.

Use the method best suited for your needs to get the certificate.

• If your CA provides you with intermediate CA certificates or cross root CA certificates in addition to your server certificate, concatenate those certificates into a single file then upload the file to AMF Security. Contact the CA for detailed information on how to concatenate certificate files.
  
  
• To install a certificate file, it must meet the following requirements.
  
  

  Table 21: SSL Certificate Requirements

  Type	X.509, RFC6818
  Encryption	PEM (Privacy Enhanced Mail)
  Extension	.crt

Table 22: Displayed columns

Item Name	Description
Role	Displays Web (Web server) or WhiteList (Authentication server).
Common Name(CN)	Displays the common name of the web server (AMF Security) or authentication server (AMF Security).
Organization(O)	Displays the name of the organization to which the Web server (AMF Security) or authentication server (AMF Security) belongs.
Expiration Date [UTC]	Expiration date of the certificate.

Table 23: Buttons

Item Name	Description
Detail	The detailed information of the registered SSL server certificate is displayed.
Upload	Open the Upload SSL Certificate dialog to register the SSL Certificate with AMF Security.
Delete	Delete the installed SSL server certificate and restore the default certificate which is self-signed by AMF Security.

Note

After setting the AMF Master, AMF Security accepts both unencrypted and encrypted sessions. You cannot disable one of them.

Upload SSL Certificate

This dialog lets you upload your own SSL certificate for the Whitelist Authentication Server.

Table 24: Configurable fields

Item Name	Description
Certificate	Click the "Choose File" button and select the SSL Certificate to upload.
Private Key	Click the "Choose File" button and select the SSL private key to upload.

Table 25: Buttons

Item Name	Description
Submit	Import the specified private key and certificate.
Cancel	Cancel the operation for importing SSL certificate.

Database Synchronization

Set AMF Security to redundant and synchronize the authentication database.
Set up database synchronization on the device used first as the secondary device and then on the device used as the primary device.
Disable database synchronization on the device used first as the secondary device and then on the device used as the primary device.

Note

The Device > Active Device List page and Switches > Active OpenFlow Switch List page show the live information retrieved from OpenFlow Switches managed by AMF Security. Therefore, the information displayed on those pages may differ between the primary and secondary's web interfaces.

Note

AMF Application Proxy Whitelist does not support redundant AMF Security configuration.

Note

When an OpenFlow packet control flow (flow entry) is updated, such as when an authenticated node moves to another port, multiple logs indicating that the flow entry has been deleted may be recorded. However, it does not affect the authentication behavior.

Note

Database synchronization settings are not included in the file exported (downloaded) on the System Settings > System Information page. Therefore, after importing the system settings file, set the database synchronization again.

Note

Both systems must synchronize their clocks with the same NTP Server. The NTP Server is set on the AT-VST-APL setting page. For more information, refer to the AT-VST-APL document posted on our website.
Also, the timezone of both systems must have the same settings.

Note

If the system time is changed by a certain amount after synchronization started, there may be a case where the authentication data cannot be changed any further.
If it happens, disable synchronization on both systems, adjust system clocks correctly, then enable synchronization again.

Table 26: Displayed columns

Item Name	Description
Node	Displays the database synchronization node as Local or Peer.
IPv4 Address	The set IPv4 Address is displayed.
Status	Displays the status of database synchronization as Primary, Secondary, Not Ready, or Down.

Table 27: Buttons

Item Name	Description
Enable	Open the Database Synchronization Node Settings dialog.
Disable	Disable authentication database synchronization. Only when database synchronization is enabled, the "Enable" button changes to the "Disable" button.
Reconnect	Reconnect to the authentication database.

Database Synchronization Node Settings

Table 28: Configurable fields

Item Name	Description
Local IPv4 Address	Set the currently set AMF Security IPv4 Address.
Peer IPv4 Address	Remote IPv4 Address to use for synchronization.

Table 29: Buttons

Item Name	Description
Enable as Primary	AMF Security works as the primary.
Enable as Secondary	AMF Security works as a secondary.
Close	Go back to the Network Settings page.

Database Synchronization Option Settings

Table 30: Configurable fields

Item Name	Description
Don't send error response against authentication database modification request by API via the Secondary host.	Suppress error logs generated by the secondary AMF Security system.
Suppress duplicated syslog messages and mail from secondary host.	Suppress duplicated log messages by disabling log transmission on the secondary AMF Security system.

Table 31: Buttons

Item Name	Description
Submit	Save the settings.

Logging Settings

Note

With this setting, the connection with connected OpenFlow Switch or AMF Master is temporarily disconnected.

◼ Log Output
You can view and configure levels for various types of logs.

Table 32: Configuration fields for Log Output

Item Name	Description
Device Authentication Result	Minimum level for device authentication logs to be output. Default is Informational.
OpenFlow Controller	Minimum level for the OpenFlow protocol logs to be output. Default is Informational.
OpenFlow Protocol Packets	Minimum level for the OpenFlow packet logs to be output. Default is Disable (do not output any log of this type).
GUI Operation	Minimum level for the web interface logs to be output. Default is Informational.
Trap Monitor	Minimum level for the trap monitor logs to be output. Default is Informational.
Escape double quotation characters in quoted string	Escape double quotes in the log message. Default is disabled.

◼ Syslog

Table 33: Configuration Parameters for Syslog

Item Name

Description

Syslog Server

Set the IPv4 Address or hostname and UDP port number of the external Syslog server that sends the log. The forwarding destination should be in the form of "A.B.C.D:P" where the A.B.C.D is an IPv4 Address and P is a port number. Multiple Syslog servers can be specified by separating each address by a semicolon (;). A colon (:) and a port number can be omitted if the host is listening on the default syslog port (514). Examples: 192.168.1.100 (IPv4 Address only) 192.168.1.100:60514 (Specify port number) 192.168.1.100; 192.168.2.100 (multiple settings separated by semicolons) example100.co.jp (Hostname) The following IPv4 Address formats with leading 0 (zero) can be entered, but they are not supported. 192.168.001.001 172.016.0.1

Note

The encoding method of the transmitted Syslog data is "UTF-8".

Note

AMF Security is using several ports internally. Refer to Appendix/TCP or UDP port used by AMF Security for the ports used by AMF Security.

Table 34: Buttons

Item Name	Description
Page Bottom
Submit	Save the input logging configurations.

Date / Time Settings

Note

After performing this setting, AMF Security restarts. Therefore, the connection between the connected OpenFlow Switch or AMF Master is temporarily disconnected.

Note

If you change the time zone setting, AMF Security restarts, but after that, you need to restart (stop and start) the AMF Security application on the AT-VST-APL setting page for the setting to take effect. For more information, refer to the AT-VST-APL document posted on our website.

After that, the timezone setting is retained.

◼ System Time

Table 35: Displayed columns

Item Name	Description
Current Date / Time	Display system date.

Table 36: Displayed columns

Item Name	Description
Timezone	Display the system timezone. Default is UTC.

Table 37: Buttons

Item Name	Description
Edit	Display the Select Timezone dialog and set the system timezone.

Select Timezone

Table 38: Configurable fields

Item Name	Description
Timezone	Select the timezone from the dropdown list.

Table 39: Buttons

Item Name	Description
Submit	Save the selected timezone.

OpenFlow Settings

Note

With this setting, the connection with connected OpenFlow Switch or AMF Master is temporarily disconnected.

Table 40: Configurable fields

Item Name	Description
OpenFlow TCP Port Number	TCP port number on which AMF Security's OpenFlow controller is waiting for control plane connections. Valid range is 1 to 65535. Default is 6653.
OpenFlow Session Timeout	Configure a timeout (in seconds) to disconnect an OpenFlow session with an irresponsive switch. When AMF Security does not receive any message from an OpenFlow Switch for half of this timeout value, AMF Security sends Echo request message to the switch. If the switch does not respond to the Echo request within the timeout period, AMF Security automatically closes the session with the switch. Valid range is 20 to 300. Default is 30.
Default Upstream Port	Default setting for OpenFlow Switch's upstream port. If no upstream port is specified in a configuration for an OpenFlow Switch, the default upstream port is used as upstream port on the OpenFlow Switch. Specify it with a port name or an OpenFlow port number. Default is unspecified (empty) which means that the OpenFlow port with the smallest OpenFlow port number on a switch is used as upstream port.
Quarantine VLAN ID	VLAN ID of the quarantine network where quarantined devices are placed. Valid range is 0 to 4094. Default is 4089.
Flow Lifetime (Hard Timeout)	Configure the default flow lifetime (in seconds) on the switch. When this amount of time has passed since a flow is created for a device, the flow is automatically deleted from OpenFlow Switches even though the device is still sending traffic. Valid range is 0 to 65535. Default is 65535. Specifying 0 means that flows are never timed out. This value is used when a security policy for a device does not have Schedule. This value may be preceded by a Schedule's End Date / Time. This value is used as it is when the interval between the successful authentication and a scheduled End Date / Time is less than 65535 seconds. If the interval between the successful authentication and a scheduled End Date / Time is larger than or equals to 65535 seconds, actual timeout is set to 65535 seconds.
Flow Lifetime fluctuation	Configure a maximum fluctuation value for Flow Lifetime (in seconds). When set to non-zero value (X), actual flow lifetime value is calculated by subtracting a random fluctuation value between 0 and X from the Default Flow Lifetime. This value must be less than the Flow Lifetime value and in the range between 0 and 600 (Only 0 is valid when the Default Flow Lifetime is 0). Default is 0. (The Default Flow Lifetime is used as is). For example, when the Flow Lifetime fluctuation is set to 600 seconds, actual flow lifetime set to flow entries is determined by subtracting a random value between 0 and 600 from the Default Flow Lifetime (If the Default Flow Lifetime is 65535 (default), actual flow lifetime can be any value in the range between 64935 and 65535).
Reject Flow Lifetime	Flow lifetime in seconds for devices which failed to authenticate. Valid range is 0 to 65535. Default is 30. Specifying 0 means that reject flows are never created.
Flow Idle Timeout (Idle Timeout)	An amount of time that should have passed without any traffic from a device before the flow for the device is deleted automatically. Valid range is 0 to 65535. Default is 300. Specifying 0 means that flows are never deleted even though no traffic is seen from devices.
Encrypt the OpenFlow control session.	Check this to encrypt control plane traffic between AMF Security and OpenFlow Switches. TLS is used for encryption. To use encrypted control plane, you also have to configure OpenFlow Switches to use encryption.
Discard packets generated by OpenFlow Switches.	Check this to install flows on the OpenFlow Switches that discard packets originated from the OpenFlow Switch themselves.
Reject Flow is operated same as normal flow.	Configure the timer and deletion behavior of Reject flows. Default is disabled. Unchecked: The timer is set to Reject Flow Lifetime. OpenFlow Switches does not notify AMF Security when they delete the flow entry. Checked: The timer is set to Default Flow Lifetime and Flow Idle Timeout is used. OpenFlow Switches notify AMF Security when they delete the flow entry.

Note

AMF Security is using several ports internally. Refer to Appendix/TCP or UDP port used by AMF Security for the ports used by AMF Security.

Note

Default Upstream Port is applied to unregistered OpenFlow Switches When you are using both AlliedWare plus switches and AT-TQ wireless access points as OpenFlow Switches, configuring the Default Upstream Port disturbs flow entry registration due to the difference in the port number structure between AlliedWare Plus and AT-TQ series.
When you use non-minimum number OpenFlow port as upstream port on AlliedWare Plus Devices, individually configure the upstream port on each OpenFlow Switch.
Refer to Switches > Add OpenFlow Switch for instructions on how to register OpenFlow Switches.

Note

The "Quarantine VLAN ID" setting is the same as the "Quarantine VLAN ID" on the AMF > TQ Settings page.

Note

The "Flow Lifetime" setting is the same as the "session-timeout" on the AMF > AMF Application Proxy Settings page.

Table 41: Buttons

Item Name	Description
Page Bottom
Submit	Save the input OpenFlow configurations.

System Information

This page lets you perform maintenance operations such as backup, restore and system restart.

Note

With the following settings, the connection with connected OpenFlow Switch or AMF Master is temporarily disconnected.
・Hostname
・System Settings - Import
・System Settings - Reset
・Services - Restart All

Note

System settings export and import features are intended for pure backup and restore. Do not modify an exported file nor imported a modified file using the feature.
When importing System Settings, you can specify a file with any extension as long as the contents of the file are correct.

◼ System Information

Table 42: Configurable fields

Item Name	Description
Hostname	Hostname of the system Default is "sesc". To change the hostname, enter a new hostname and click "Update". Max 63 characters. Allowed characters are as follows. a-z, A-Z, 0-9, - Hyphen (-) cannot be used for the first letter.
Serial Number	This is the Serial Number set for AMF Security.
Database Synchronization	Status of database synchronization. One of Disabled, Syncing or Disconnected.

Note

You need this Serial Number to issue your AMF Security license.
The Serial Number is created during AMF Security installation, so the Serial Number changes to a new one if:
・After updating from AMF Security software version 1.8.1 to this version, remove and reinstall this version of AMF Security on AT-VST-APL
・Remove the AMF Security application on AT-VST-APL and install the AMF Security application again
・Restore (migrate) the AMF Security application to AT-VST-APL in another chassis

If you reset the system settings, the serial number is not be changed.

Table 43: Buttons

Item Name	Description
Refresh	Update the hostname.

◼ Software Info

Table 44: Displayed columns

Item Name	Description
Version	Version and build number (internal version) of the installed AMF Security software.
Build Time	Build date and time of the installed AMF Security software.

◼ System Settings

Table 45: Configurable fields

Item Name	Description
Size	Displays the file size of system setting data.
Updated Date / Time	Displays the date and time when the system setting data was updated.

Table 46: Buttons

Item Name	Description
Export	Download system configuration for backup.
Import	Import and restore system settings.
Reset	Reset system configuration to factory default.

Some system settings that are exported, imported, or reset are not covered.
Manually backup, configure or delete those elements.

• Configurations to be backed up, restored and reset.
  
  • Account List
    
  • Network Settings - Services
    
  • Network Settings - Database Synchronization (Reset System Settings only)
    
  • Network Settings - Database Synchronization Option Settings
    
  • Logging Settings
    
  • Date / Time Settings
    
  • OpenFlow Settings
    
  • Trap Monitor Settings
    
  • Email Notification Settings
    
  • AMF Settings
    
  • TQ Settings
    
  
  
• Configurations not to be backed up, restored and reset.
  
  • Network Settings - SSL Certificate
    
  • Trap Monitor Settings - Uploaded Rules
    
  • Licenses (include the Base and Addon licenses)
    
  • AMF - SSL Certificate
    
  • AMF Security Log
    
  • Action Log
    

◼ Authentication Data

Table 47: Configurable fields

Item Name	Description
Size	Displays the file size of the authentication data.
Updated Date / Time	Displays the date and time when the authentication data was updated.

Table 48: Buttons

Item Name	Description
Export	Download authentication data for backup.
Import	Import authentication data from a CSV file.
Reset	Delete all authentication data on this system.

Note

Authentication Data file to import should be in CSV format. Refer to Appendix/CSV File for CSV Files.

Note

The Start Date / Time and End Date / Time of the schedule included in the Authentication Data are the date and time of the currently set timezone.
For details, refer to Policy settings > About the start date and time and end date and time of the schedule.

Note

When you import and update authentication data, AMF Security resets packet control flows for the devices which are contained in the authentication data.

Note

The method of uploading authentication data of AT-SESC software version 1.3.x or earlier cannot remove the network, location, and schedule settings from the security policy set for the device that has already been registered. To delete, delete the device once and then upload the authentication data, or update the security policy directly on the Device > Update Device page.

◼ Services

Table 49: Buttons

Item Name	Description
Restart All	Only restart AMF Security related services. The server on which AMF Security runs is not restarted, only AMF Security related application processes are restarted.

◼ Technical Support Information

Table 50: Buttons

Item Name	Description
Download	Download technical support information for trouble shooting.

Trap Monitor Settings

This page lets you configure various parameters required for interaction with external applications.
You can also setup AMF Security to forward SNMP traps and syslog messages to other systems.

Note

Trap monitor only responds to specific set of log messages and SNMP traps. You cannot define actions for arbitrary messages and traps.

Note

With this setting, the connection with connected OpenFlow Switch or AMF Master is temporarily disconnected.

◼ Protocols

Table 51: Configurable fields

Item Name	Description
Syslog Port Number	Listening port number to receive syslog messages. Valid range is 1 to 65535. Default is 514.
SNMP Trap Port Number	Listening port number to receive SNMP traps. Valid range is 1 to 65535. Default is 162.

Note

AMF Security is using several ports internally. Refer to Appendix/TCP or UDP port used by AMF Security for the ports used by AMF Security.

◼ Networks
Specify the monitored or unmonitored network, Syslog message, and SNMP Trap transfer destination host.
If Monitored Networks and Excluded Networks overlap, Exclude Networks have precedence.

Note

Some external applications do not respect settings of Monitored Networks and Excluded Networks.

Table 52: Configurable fields

Item Name	Description
Monitored Networks	IPv4 networks to monitor using syslog and trap messages. Multiple networks can be specified by separating each network by a semicolon (;). If this field is empty or 0.0.0.0/0 is specified, all networks are monitored. Default is 0.0.0.0/0.
Excluded Networks	IPv4 networks not to monitor. Multiple networks can be specified by separating each network by a semicolon (;).
Syslog Forwarding Destination Hosts	Specify a host to which AMF Security forwards the received syslog messages. The forwarding destination should be in the form of "A.B.C.D:P" where the A.B.C.D is an IPv4 Address and P is a port number. Multiple hosts can be specified by separating each address by a semicolon (;). A colon (:) and a port number can be omitted if the host is listening on the default syslog port (514). Source IPv4 Address of the forwarded messages are the address of AMF Security.
SNMP Trap Forwarding Destination Hosts	Specify a host to which AMF Security forwards the received trap messages. The forwarding destination should be in the form of "A.B.C.D:P" where the A.B.C.D is an IPv4 Address and P is a port number. A colon (:) and a port number can be omitted if the host is listening on the default trap port (162). Multiple hosts can be specified by separating each address by a semicolon (;). Source IPv4 Address of the forwarded messages are the address of AMF Security.

◼ Device Lookup
Specify a target range of the action to notify.

Table 53: Configurable fields

Item Name	Description
None	Notify actions on MAC Address.
Device	Notify actions on Device.
Tag	Notify actions on Device Tag.

Note

Device Lookup is not supported for AMF Application Proxy's IP-Filter action.

Note

When the action is applied to the target device by the IP Address of the device, the IP Address is displayed as "ip =" in the "MAC Address" item of the Device > Active Device List page. This IP Address is the IP Address that caused the action to be applied.

Table 54: Buttons

Item Name	Description
Submit	Save the settings.

◼ Rules
Trap monitor rules can be updated and added through trap monitor rule files.
By default, trap monitor rules for the UTM functions of AT-AR3050S/AT-AR4050S routers are installed.

Note

Trap monitor rule files are provided by our "AMF-SEC Technology Partner Program". Contact our sales engineer for the Technology Partner Program.

• AT-AR3050S/AR4050S
  This tab lets you configure trap monitor rules for the UTM functions of AT-AR3050S/AT-AR4050S routers.
  

  

  To receive and monitor syslog messages from AT-AR3050S/AT-AR4050S routers, check "Enable the monitoring of traps from this host.".
  Then, check events which you want to monitor in the "Trap Action Target Trigger" table.
  
  
  • IP Reputation: Detection of Malware Category
    Block traffics from a device when AMF Security receives a syslog message indicating that the IP reputation feature on the router detects the device tries to communicate with a destination classified as Malware category (Malware C&C server (CnC), Malware-infected host (Bot) or Mobile C&C Server (Mobile_CnC)).
    
    
  • IP Reputation: Detection of Spyware Category
    Block traffics from a device when AMF Security receives a syslog message indicating that the IP reputation feature on the router detects the device tries to communicate a destination classified as Spyware category (drop site (Drop), Spyware C&C server (SpywareCnC) or Mobile Spyware C&C server (Mobile_Spyware_CnC)).
    
    
  • Malware Protection: Detection of known malware on communicate from LAN to WAN
    Block traffics from a device when AMF Security receives a syslog message indicating that the malware protection feature on the router detects the known malware on the device.
    
    
  • Antivirus: Detection of virus on communicate from LAN to WAN
    Block traffics from a device when AMF Security receives a syslog message indicating that the anti-virus feature on the router detects the known virus on the device.
    
    
  • Firewall(IDS): Detection of Syn Flood attacks from LAN to WAN
    Block traffics from a device when AMF Security receives a syslog message indicating that the firewall's IDS feature on the router detects the SYN Flood attack from the device.
    
    
  • Firewall(IDS): Detection of ICMP Flood attacks from LAN to WAN
    Block traffics from a device when AMF Security receives a syslog message indicating that the firewall's IDS feature on the router detects the ICMP Flood attack from the device.
    
    
  • Firewall(IDS): Detection of UDP Flood attacks from LAN to WAN
    Block traffics from a device when AMF Security receives a syslog message indicating that the firewall's IDS feature on the router detects the UDP Flood attack from the device.
    
    
  • Firewall(IDS): Detection of TCP Stealth Scan from LAN to WAN
    Block traffics from a device when AMF Security receives a syslog message indicating that the firewall's IDS feature on the router detects the TCP Stealth Scan attack from the device.
    
    

  Note

  To use those rules, you also have to configure AT-AR3050S/AT-AR4050S. Refer to the AT-AR3050S/AT-AR4050S's documentation for more details.

  
  
  

  Table 55: Buttons

  Item Name	Description
  Value	Open the Rule Setup page.

  
  
  

  Table 56: Displayed columns

  Item Name	Description
  Version	Version of the Trap Monitor Rules

  
  
  

  Table 57: Configurable fields

  Item Name	Description
  Enable the monitoring of traps from this host.	If you want to monitor the device by receiving Syslog message from AT-AR3050S or AT-AR4050S, check the check box.
  Host Addresses	IPv4 Address of AT-AR3050S/AT-AR4050S routers. Multiple hosts can be specified by separating each address by a semicolon (;). Default is unspecified (empty) which means that AMF Security accepts syslog messages from any IPv4 Address.
  OpenFlow/TQ Action	In the OpenFlow Switch and the TQ's AMF Application Proxy under AMF Security control, select the action to control the communication of the corresponding device. Drop Packets: Block traffics from the device at the layer two (MAC) level. Quarantine: Move the device to the quarantine network. Log-Only: AMF Security does not notify you of the action and does not control the communication of the device. Output only the log of the applicable device.
  AMF Action	Select an action to use the AW+ AMF Application Proxy to instruct the device to block communication. Drop Packets: Block traffics from the device at the layer two (MAC) level. Link-Down: Shutdown the port where the device is connected. Quarantine: Move the device to the quarantine VLAN. AMF Dependency: AMF Security does not specify an action and lets AMF devices determine its action. IP-Filter: Block traffics from the device at the layer 3 (IP) level. Log-Only: AMF Security notifies the action of the log, but only outputs the log without controlling the communication of the corresponding device.

  Note

  The behavior of the "Quarantine" action depends on the firmware version of your AlliedWare Plus device.
  ・Version 5.5.0-1.x or earlier: Move the port to which the device is connected to the isolation VLAN
  ・Version 5.5.0-2.x or later: Moves the MAC Address of the corresponding device to the isolation VLAN

  Note

  If you also use the "Quarantine" action on the whitelist port, your Proxy Node and Edge Nodes must have AlliedWare Plus firmware version 5.5.0-2.x or later installed.

  
  

  Table 58: Buttons

  Item Name	Description
  Page Bottom
  Submit	Save the settings.

Rules

Table 59: Displayed columns

Item Name	Description
Name	Name of the Trap Monitor Rules

Table 60: Buttons

Item Name	Description
Choose File	Select the rule settings file to upload.
Upload	Upload the selected rule settings file.
Delete	Delete the registered rule settings.
Close	Go back to the Trap Monitor Settings page.

Email Notification Settings

This page lets you configure Email Notifications.
You can configure AMF Security to notify an administrator with an email when an event such as device authentication or block happens, when you forget your password, or when your license expires.
AMF Security also sends emails to forward the contents of syslog messages and SNMP traps it receives.

Note

Email notification of syslog and trap messages are always enabled and cannot be disabled.

Note

With this setting, the connection with connected OpenFlow Switch or AMF Master is temporarily disconnected.

Note

To recover your password if you forget it, you need to register your Email Address on the Add Account page or Update Account page in advance.

AMF Security queues the Notification Emails by the following rules and tries to resend them upon failure.

• When an event occurs, AMF Security queues up to 100 emails for the event in the first 10 seconds after the event.
  
• Queued emails are sent out as a single email after 10 seconds.
  
• If 100 or more events occur in 10 seconds after the first event, AMF Security queues them too.
  
• A Queue is created for each event types of Email Notification Settings.
  
• AMF Security attempts up to four retries, i.e. AMF Security tries to send an email up to 5 times.
  

To enable Email Notifications, check the "Enable Email Notification" on the page.

Note

An email regarding the license expiration date is sent after making this setting and the SMTP Server Settings.

◼ Email Notification Settings
You can enable or disable email notification for each event with checkboxes.

• Send Email Notification on Authentication Success
  
• Send Email Notification on UnAuth Authentication Success
  
• Send Email Notification on Authentication Failed
  
• Send Email Notification on Edge Device Detect Event
  
• Send Email Notification on Block Event
  
• Send Email Notification on Quarantine Event
  
• Send Email when Switch License Exceeded
  
• Send Email when Database Synchronization Status has changed
  

Note

"Send Email Notification on Block Event" or "Send Email Notification on Quarantine Event" is checked, AMF Security also sends notification email when a device is blocked or quarantined by AMF Application Proxy.
If you want to notify by email in the OpenFlow Action / AMF Action Log, check "Send Email Notification on Block Event".

◼ SMTP Server Settings

Table 61: Configurable fields

Item Name	Description
SMTP Server	Set the IPv4 Address or Hostname of the SMTP server used for sending emails. Examples: 192.168.1.100 (IPv4 Address) example-smtp.co.jp (Hostname) The following IPv4 Address formats with leading 0 (zero) can be entered, but they are not supported. 192.168.001.001 172.016.0.1
SMTP Port	Listening port of the SMTP server.
Sender	Mail address of the sender.
Receiver	Mail address of the recipient. Multiple addresses can be specified by separating them with a semicolon (;).
Username	Username for SMTP authentication.
Password	Password for SMTP authentication.
Encryption	Check this to use TLS connection to the SMTP server.
Language	Select a language used in emails.

Note

AMF Security is using several ports internally. Refer to Appendix/TCP or UDP port used by AMF Security for the ports used by AMF Security.

Note

If your browser is configured to use Japanese, some part of emails is written in Japanese even if Language setting for Email Notification is English. If both browser and Email Notification are configured to use English, mail body is written in English. Note that strings contained in authentication data or messages received from an external application are left unchanged.

Note

When you want AMF Security to send notification emails when a device is blocked by the AMF Application Proxy with "Drop Packets", "Link-Down" or "IP-Filter" action, check "Send Email Notification on Block Event" .

Note

Encryption only supports STARTTLS. Note that the commonly used SMTP port number is 587.

Table 62: Buttons

Item Name	Description
SMTP Server Settings
Send Test Email	Send a test email.
Page Bottom
Submit	Save the SMTP server settings.

License

You have to install proper licenses before you start using AMF Security.
There are two types of licenses: "Base" and "Addon".

• You always need the Base license to run AMF Security.
  OpenFlow and AMF Application Proxy do not work until the base license is installed.
  
• The Addon license is for adding an OpenFlow switch. AMF Application Proxy works with a Base license only, no Addon license for nodes is required.
  Although you can install Addon licenses before installing the Base license, AMF Security does not work until the Base license is installed.
  

Note

If you do not have a license file, contact our sales engineer.
To obtain the license file, you need the AMF Security serial number displayed on the System Settings > System Information page.

Note

Purchase a license to use OpenFlow.

Note

For the license, also refer to Accessing Management Interface/Starting Configuration > Installing Licenses.

Table 63: Displayed columns

Item Name	Description
The maximum number of concurrent OpenFlow Switch connections	The maximum number of OpenFlow Switches which can be supported by the installed licenses.
Name	Name of the license.
Expiration Date	Displays the license years.
Status	The license status. Available: The license that is currently active. Before Contact Period: The license is before the start date and time of the expiration date. - : Licenses inherited from AMF Security software version 1.8.1 always display "-".
Number of Switches	Number of OpenFlow Switches supported by the license.

Table 64: Buttons

Item Name	Description
Add	The License Installation dialog is displayed.
Refresh	Check the expiration date of the license. If the installed license is within the expiration date but the "Status" is not "Available", click this button.
Delete	Delete the license. Only licenses inherited from AMF Security software version 1.8.1 can be removed. The license installed with this version cannot be deleted.

License Installation

Table 65: Buttons

Item Name	Description
Choose File	Select the license file to install.
Submit	Install the selected license file.
Cancel	Go back to the License page.

AMF Security Log

This page shows log messages generated by AMF Security service. The latest 1000 messages are displayed in this page.
You can view messages for a specific date by selecting a date at the right side of the page.

Table 66: Buttons

Item Name	Description
Clear All Logs	Clear all log messages.
Download	Download the latest log messages.
Refresh	Refresh the AMF Security Log page.

Action Log

This page shows AMF Security services' log messages related to actions.
It is possible to filter messages by each field's content.

Note

Depending on the specifications of the Web browser, it may not be possible to display all action logs on this page. In that case, download and check the action log.

Note

Clearing the action log temporarily disconnects the connected OpenFlow switch from the AMF Master.

Table 67: Displayed columns

Item Name	Description
Date / Time	Date / Time the action was applied to a device.
MAC Address	MAC Address of the device.
Device ID	Device ID
Device IPv4 Address	IPv4 Address of the device.
Device Tag	Device Tag
Connected Switch ID	ID of the switch to which the device is connected.
Connected Switch IPv4 Address	IPv4 Address of the connected switch
Connected Port ID	ID of the port to which the device is connected.
Connected Port Number	Port number of the port to which the device is connected.
Status	Type of action applied to the device.
VLAN ID	VLAN ID to which the device belongs
Network ID	Network ID to which the device belongs
Action ID	ID of the action applied to the device
Priority	Priority of the action applied to the device
Action Originator	Originator of the action applied to the device
Reason	Reason of the action applied to the device.

Table 68: Buttons

Item Name	Description
Refresh	Refresh the Action Log page.
Download	Download the latest log messages.
Clear Action Log	Deletes action logs.

Table 69: Target columns for search, filter and sort operations

Item Name	Search	Filter	Sort
Duration	×	−	−
MAC Address	×	−	−
Device IPv4 Address	×	−	−
Device Tag	×	−	−
Action Originator	×	−	−
Status	−	×	−

---

(C) 2023 Allied Telesis, Inc. All rights reserved.

C613-04150-00 Rev A

19 Apr 2023 14:12