Datasheet
INTC-7816-01 02/2008 Page 12 of 18
SSL VPNs help to offer secure connectivity into company resources from any Web-enabled personal
computer (“PC”), without the need for a dedicated client VPN application. This allows remote workers to
access company resources from an Internet-connected PC. In contrast to traditional Internet Protocol
Security (“IPsec”) VPNs, SSL VPNs do not require installation of specialized client software on users’
computers.
IBM supports SSL VPN implementations through an enablement model. IBM will work with the Customer
to configure and test the first five SSL VPN users. Following successful connectivity for these five users,
it will be the Customer’s responsibility to perform user administration for individuals requiring an SSL VPN
connection. IBM will provide the Customer with a demonstration of the user management capabilities of
the deployed firewall platform (if applicable), and provide the appropriate access levels and software
required to complete the setup.
2.3.4 Web Filtering
The terms and conditions set forth in this section entitled “Web Filtering” will apply only to Customers who
have contracted for the MSS for UTM Content package.
Web filtering is designed to address potential objectionable Internet content. Using content analysis
technology, the managed Agent can provide policy-based content control.
Enabling Web filtering may require additional licensing for the Agent which shall be the sole responsibility
of the Customer.
Configuration
In order for Web filtering to be effective, the Agent must be placed in a location where user Web traffic
passes through the device(s) prior to reaching the intended destination. This allows the Web filtering
module to compare the requested URL against the content database to validate the requested destination
is authorized.
During the initial setup and deployment process, IBM will work with the Customer to create a policy that is
customized to the organization’s specific needs. Following is a general overview of features that extend
across all supported Web filtering solutions:
● Category lists – a selection of content categories to block;
● Destination white lists – specific sites that should be allowed even if they exist within a denied
content category;
● Destination blacklists – specific sites that should be blocked even if they exist within an allowed
content category; and
● Source white list – specific IP addresses that should be excluded from content filtering.
2.3.5 Antispam
The terms and conditions set forth in this section entitled “Antispam” will apply only to Customers who
have contracted for the MSS for UTM Content package.
The integrated antispam capabilities of many Agents check inbound and outbound e-mail messages for
known spam signatures, patterns, and behaviors. The Agent must be placed in a location where e-mail
passes through the device prior to reaching the mail gateway. This helps prevent undesirable messages
from impacting the performance and availability of the mail gateway. While the core function of antispam
technology is to eliminate unsolicited advertisements, most antispam technology also filters phishing
attempts (i.e., e-mails designed to fool users into releasing their private data). Typically, phishing e-mails
claim to be from a legitimate service, but refer the user to a malicious Web site which collects the user’s
personal data.
The antispam policy can typically be configured to white list or blacklist specific e-mail addresses and
domains, as desired. Such configurations are designed to allow for e-mail messages from these e-mail
addresses and domains to always pass, or always be deleted by the antispam module, respectively. IBM
will work directly with the Customer to collect data required for IBM to construct customized white and
blacklists tailored to the specific needs of the Customer.
Enabling antispam functionality may require additional licensing from the Agent’s vendor, which shall be
the sole responsibility of the Customer.