User Guide: AMF Security version 2.5.0 for VST-VRT

Configuring AT-AR3050S/AT-AR4050S

Appendix > Configuring AT-AR3050S/AT-AR4050S

Supported UTM Features
Configuring AR Router

Advanced VPN Access Router AT-AR3050S/AT-AR4050S series (AR Router) is the next generation firewall router with the rich set of security features such as firewall, IPS/IDS, anti-virus, malware-protection and IP reputation in addition to the VPN router functions. AMF Security can use the threat information provided by the AR Router to control the OpenFlow Switches so that it can dynamically manage and operate client devices connected to the switches.



Supported UTM Features

AMF Security can use the threat information detected by the AR Router's following UTM functions.
Note
AMF Security can utilize the UTM features even when the UTM offload is enabled.

◼ IP Reputation
Using the IP reputation database, it controls packets from or to the specific IP Address. AMF Security can use the following categories.

Table 1: IP Reputation Categories supported by AMF Security
Category Category Name
(NAME parameter)		 Description
Malware CnC
Malware C&C Server		 C&C Server which sends command to the known malware (bot). This category contains the domains and IPs which are observed and DGA predicted.
Bot
Malware-infected Host		 A host observed checking in to a command and control server, or exhibiting clear indications of unwanted and criminal code on the host.
Mobile_CnC
Mobile C&C Server		 Known CnC for Mobile specific Family
Spyware Drop
Leaked Information Site		 Drop site for logs or stolen credentials. Differentiated from CnC servers, but sometimes overlapping. Does not include droppers being served or other exe movement.
SpywareCnC
Spyware C&C Server		 Servers and domains observed being used to serve or track user activity. It is more likely to be a destination for information collected by software such as toolbars, games, and free screen savers, rather than regular ad serving sites.
Mobile_Spyware_CnC
Mobile Spyware C&C Server		 Spyware CnC specific to mobile devices
Note
To use this feature, license is required for AR Router.

◼ Firewall
AR Router has the stateful inspection firewall which identifies the start and end of the IP traffic flows and perform dynamic packet filtering on the flow information. AMF Security can handle the information about the following attacks detected by AR Router in addition to the Firewall events.

Table 2: Attacks supported by AMF Security
Attack Description
Syn Flood Detected when the number of TCP SYN packets in a second from the specific IPv4 Address reaches the threshold.
ICMP Flood Detected when the number of ICMP packets in a second from the specific IPv4 Address reaches the threshold.
UDP Flood Detected when the number of UDP packets in a second from the specific IPv4 Address reaches the threshold.
TCP Stealth Scan Detected when an invalid TCP packets (IPv4 only).

◼ Malware Protection
AR Router can inspect data in the application-layer of the packets going through the router and block or notify when the known malware is detected.
All the threat detected by this feature can be used by AMF Security.
Note
To use this feature, license is required for AR Router.

◼ Antivirus
AR Router can scan the file included in HTTP responses going through the router and block or notify when the known virus is detected.
All the threat detected by this feature can be used by AMF Security.
Note
To use this feature, license is required for AR Router.
Note
Antivirus is supported on AT-AR4050S only.


Configuring AR Router

Refer to the AR Router's documentation for its configurations.
AR Router manuals are available on our website.


(C) 2023 Allied Telesis, Inc. All rights reserved.

C613-04150-00 Rev A

19 Apr 2023 14:12