An endpoint protection gateway may appear on commercial documents as a “security gateway”, “endpoint protection appliance”, “PC/server protection appliance” or “mobile security appliance”. In an actual import dossier, a minor mismatch in main function, network ports, Wi‑Fi/4G/5G module, VPN/encryption, firewall capability, endpoint management, software licence, goods condition or bundled subscription may change the HS classification and specialised-management policy. If the dossier is only reviewed after ETA (Estimated Time of Arrival), the shipment may be required to supplement catalogue, datasheet, cyber information security permit, civil cryptography documents, test report, C/O or customs-value explanation for software, resulting in clearance delay and DEM/DET charges. This guide provides an E2E (End-to-End) map for reviewing HS code, duty, cyber security policy, civil cryptography, customs documents, clearance workflow and pre-ETA risks.

QUICK FACT

Item	Review direction for endpoint protection gateway	Operational note
Product name	Endpoint protection gateway / endpoint security appliance	Not automatically applicable to firewall, VPN gateway, WAF, DLP, SIEM or a general server installed with security software.
Reference HS	8517.62.49 – other apparatus for receiving, converting, transmitting or regenerating data in a wired/digital network.	Review 8517.62.99 or heading 8471 if the product is essentially an ADP/server appliance.
Suggested taxes	Main review route 8517.62.49: ordinary import duty 5%; MFN duty 0%; VAT 10%; FTA rate generally 0% if valid C/O is accepted. Alternative routes to review: 8517.62.59 / 8517.62.99 / 8471.50.90 depending on structure and principal function.	See the detailed tax table below; verify the tariff at the declaration date and based on the actual C/O dossier.
Specialised policy	May trigger cyber information security import permit, civil cryptography review or ICT conformity if the actual model has relevant functions.	Do not conclude that no permit is required before reviewing the actual catalogue, datasheet, firmware/licence and import purpose.
Core documents	Invoice, Packing List, B/L/AWB, catalogue, datasheet, model list, licence/subscription, C/O and security-function description.	Model, serial number, security functions and licence details must be consistent across commercial documents, technical files and labelling.

Legal note: An endpoint protection gateway is highly dependent on model, firmware, licence, encryption functions and cyber security policy. Catalogue, datasheet, model and actual import purpose must be reviewed before finalising HS code, taxes and permits.

SCOPE OF APPLICATION

This article applies only to endpoint protection gateway in hardware/appliance form used to protect, administer or control security for PCs, servers, mobile devices or endpoints in an enterprise network.

Covered scope

Enterprise endpoint protection gateway appliance.
PC/server protection appliance with embedded firmware or security software.
Mobile security gateway/appliance for endpoint security management.
Appliance with LAN/WAN ports, policy management, threat prevention, malware filtering or endpoint control.

Not automatically covered

Firewall, UTM, IPS/IDS, DDoS appliance, SIEM, WAF or email security.
VPN appliance, encrypted gateway, crypto appliance or key-management device.
General server installed with antivirus/EDR software.
Software licence imported separately without physical appliance.

New goods, used goods, refurbished goods, samples, warranty replacement, project cargo, EPE/FDI imports or products bundled with multi-year subscription/licence may require different handling. If the device includes wireless module, encryption software, VPN, SSL inspection, HDD/SSD, adapter, battery or accessories, each component should be reviewed separately.

CLASSIFICATION & PRODUCT IDENTIFICATION

Main function

Review whether the device mainly transmits/switches network data, protects endpoints, manages security policy, filters malware, controls access or distributes endpoint policies.

Technical configuration

Check CPU, RAM, storage, Ethernet/SFP ports, console port, throughput, number of managed endpoints, licence, firmware and Wi‑Fi/4G/5G module if any.

Documents to compare

Catalogue, datasheet, user manual, security-function description, licence sheet, model–serial list, label image, packing list and actual product photos.

Criterion	Document to compare	Risk if wrongly described	Suggested goods description
Product nature	Catalogue, datasheet, front/back photos, network diagram	Wrong HS between network device, server or specialised security appliance	Endpoint protection gateway appliance, model…, for endpoint security in enterprise network, brand new 100%.
Cyber security functions	Security function description, user manual, licence feature list	Missing import permit if the product falls under the regulated cyber security list	State endpoint protection/security management gateway; avoid generic wording such as “network device”.
Encryption/VPN functions	Datasheet, admin guide, encryption/VPN specification	Failure to review civil cryptography policy	State VPN/encryption functions separately if present; do not omit functions shown in the datasheet.
Licence/subscription	Invoice, PO, licence certificate, packing list	Customs-value query or unclear separation between hardware and software rights	Clearly show appliance bundled with licence/subscription if applicable, including term and use conditions.
Goods condition	Invoice, contract, photos, supplier declaration	Risk under used/refurbished IT product regulations	Use “brand new 100%” if new; used goods must be legally reviewed before import.

Operational warning: Generic descriptions such as “security device”, “gateway” or “network appliance” may lead to wrong HS, wrong cyber security/civil cryptography policy, labelling errors and longer explanation during Yellow/Red customs channel.

HS CODE – DUTY – C/O

For an endpoint protection gateway whose main function is to receive, transmit, convert or route data in a network, HS review is usually within heading 8517.62. If the device is essentially an ADP/server unit or a specialised cryptographic product, classification should be reviewed according to its structure and principal function.

DETAILED TAX PROPOSAL TABLE

How to read this table: The figures below are for initial cost planning for an endpoint protection gateway. Final HS classification must be determined based on catalogue, datasheet, hardware structure, principal function, licence/subscription and specialised policy at the customs declaration date.

HS review route	Operational application scenario	Ordinary import duty	MFN duty	VAT	Preferential FTA rate with C/O	Tax-control point
8517.62.49	Main route where the device is a gateway/security appliance for wired carrier-current or wired digital systems, with the principal function of receiving, converting, transmitting or regenerating network data.	5%	0%	10%	Generally 0% if valid C/O satisfies the applicable FTA origin rules.	Evidence must show that network data transmission/gateway function is the principal function: Ethernet/SFP ports, throughput, routing/switching/gateway function, datasheet and manufacturer description.
8517.62.59	Alternative route where the product is another data-transmission apparatus combined with reception, or where the model does not fully fit the wired-system subheading 8517.62.49.	5%	0%	10%	Generally 0% if valid C/O is accepted; check the relevant FTA, C/O form and origin criterion.	Do not use this route to bypass a more specific 8517.62.49 description. Review wireless module, RF function, technical file and manufacturer classification.
8517.62.99	Alternative route where the product remains an apparatus for transmitting/receiving/converting data but does not fit the preceding detailed subheadings.	5%	0%	10%	Generally 0% if valid C/O is accepted by customs.	High explanation risk if the goods description is generic. Prepare classification reasoning and technical evidence for Yellow/Red channel.
8471.50.90	Only consider if the product is essentially an independent ADP/server processing unit, with CPU/RAM/storage/OS as the core nature, and gateway/security functions delivered mainly by software.	5%	0%	10%	Many FTAs may be 0% if the C/O conditions are met; verify the specific agreement.	Separate hardware value and licence/subscription if any; review used/refurbished IT-product policy and civil-cryptography functions.

Tax note: Where the MFN duty is already 0%, preferential C/O may not further reduce import duty in the ordinary scenario, but it can still be relevant for origin proof, commercial requirements or cases where HS/FTA conditions differ. VAT 10% is a reference rate for the product routes above; do not assume VAT reduction unless the VAT policy is reviewed at the declaration date.

REFERENCE HS REVIEW TABLE

Reference HS	Application condition	Risk if misapplied	Documents to compare
8517.62.49	Gateway appliance mainly transmitting/converting/processing network data with embedded endpoint security functions.	Tax reassessment, classification query or additional specialised permits.	Catalogue, datasheet, block diagram, network ports, gateway function and security feature list.
8517.62.99	Consider if the device belongs to data-transmission apparatus but does not fit the detailed wording of 8517.62.49.	Possible amendment request or technical explanation.	Datasheet, ports, user manual and main-function description.
8471.xx	Consider if the product is an ADP/server appliance rather than a network-transmission apparatus.	Different policy and technical/value explanation.	CPU, RAM, storage, OS, installed software, hardware structure and manufacturer description.

C/O risk: Preferential C/O may be rejected if the form, origin criterion, goods description, model, HS code or invoice/packing list consistency is incorrect. Review the draft C/O before issuing the original.

APPLICABLE SPECIALISED POLICIES

Goods situation	Possible policy	Documents to check	Authority/portal if identifiable	Recommended timing	Risk note
Standard endpoint/security gateway	Review import permit for cyber information security products.	Catalogue, security features, licence list, model list.	Ministry of Information and Communications / relevant authority under current rules.	Before booking or before ETA.	If regulated and permit is missing, the shipment may be held.
Device with VPN, encryption, key management, SSL inspection or crypto engine	Possible civil cryptography review.	Encryption specification, admin guide, datasheet.	Civil cryptography authority under current regulations.	Before purchase/import.	Do not exclude only because the commercial name is “gateway”.
Device with Wi‑Fi/Bluetooth/4G/5G	Possible ICT/telecom quality inspection and conformity certification/declaration.	RF test report, frequency/power/antenna datasheet.	Telecom authority/public service portal or assigned agency.	Before ETA.	Review Circular 29/2025/TT-BKHCN and applicable QCVN.
Used/refurbished goods	Review used IT products prohibited/controlled for import.	Invoice, contract, photos, serial, year of manufacture, condition.	Customs/specialised authority.	Before purchase.	High risk if refurbished status is detected only after arrival.
Bundled licence/subscription	Review customs value, software rights and goods description.	Invoice, PO, licence certificate, contract, activation terms.	Customs authority.	Before invoice issuance.	Licence value may be queried if it affects the price actually paid/payable.

LEGAL DOCUMENTS TO REVIEW

Document group	Document	Issuing authority	Effectiveness/application timing	Role in procedure	Key points	Review note
Tariff	Decree 26/2023/ND-CP	Government	Effective from 15 July 2023	Reference for MFN import tariff.	Import tariff schedule by HS code.	Verify at declaration date.
Cyber security	Decree 108/2016/ND-CP	Government	Effective from 01 July 2016	Framework for cyber information security products/services business conditions.	Conditions and regulated products/services.	Review if the appliance falls within the cyber security product scope.
Cyber security	Circular 13/2018/TT-BTTTT, Circular 10/2022/TT-BTTTT and consolidated document 13/VBHN-BTTTT	Ministry of Information and Communications	TT13 effective 01 Dec 2018; TT10 effective 15 Sep 2022	List and licensing dossier for imported cyber information security products.	Regulated list, licensing procedures and dossiers.	Important for firewall, IPS/IDS, DLP, VPN, endpoint security or similar functions.
Civil cryptography	Decree 211/2025/ND-CP	Government	Check effectiveness at application date	Civil cryptography management.	Products and technical characteristics if encryption is regulated.	Apply only when HS, goods description and cryptographic technical features match the list.
ICT group 2	Circular 29/2025/TT-BKHCN	Ministry of Science and Technology	Effective from 31 Dec 2025	List of potentially unsafe ICT/telecom products.	Appendix I/II and principles for multi-function products.	Applicable if the model includes regulated wireless/ICT functions.
Used IT goods	Circular 26/2025/TT-BKHCN	Ministry of Science and Technology	Effective from 31 Oct 2025	Import rules for used IT products on prohibited list.	Used IT goods and specific handling cases.	Critical for refurbished, demo and warranty replacement goods.
Labelling	Decree 43/2017/ND-CP and Decree 111/2021/ND-CP	Government	Currently applicable; review amendments	Goods labelling and Vietnamese supplemental label.	Mandatory label contents, origin and responsible entity.	Labels must match model, origin and specifications.

Application rule: Do not invent legal bases or conclude exemption from permits without sufficient technical documents. If policy depends on model, function or specification, state that further review based on actual dossier is required.

VIEW / DOWNLOAD ORIGINAL LEGAL DOCUMENTS

Businesses should search documents by number on the official legal-document portals, the Government portal or the issuing authority’s website. Additional verification on the official legal portal or the issuing authority’s website is recommended before application.

Decree 26/2023/ND-CP Consolidated Doc. 13/VBHN-BTTTT Circular 29/2025/TT-BKHCN Decree 211/2025/ND-CP

CUSTOMS CLEARANCE DOCUMENT SET

Commercial documents

Commercial Invoice.
Packing List.
Bill of Lading/Air Waybill.
Sales Contract/Purchase Order if any.
Certificate of Origin – C/O if preferential duty is claimed.
Catalogue/Datasheet, product photos, original label, model–serial list.

Specialised documents if applicable

Import permit for cyber information security product.
Civil cryptography permit if the product falls within the regulated scope.
Quality inspection, conformity certification/declaration for ICT if applicable.
Test report, technical file and security feature list.
Labelling dossier, licence certificate and activation sheet.

Document group	Required documents	Used for	Usually prepared by	Common errors	Pre-ETA check
Commercial	Invoice, Packing List, Contract/PO, B/L/AWB	Declaration, value, quantity and delivery terms	Purchasing, Docs, Forwarder	Generic name, missing model/serial/origin	Cross-check goods name, model, quantity, origin and Incoterms.
Technical file	Catalogue, datasheet, admin guide, security function description	HS and specialised-policy review	Engineering, supplier, Compliance	VPN/encryption/firewall/endpoint functions not shown clearly	Request official datasheet for the exact model.
Licence file	Licence certificate, subscription term, activation sheet, PO	Customs value and hardware/software separation	Purchasing, IT, Legal	Hardware and licence bundled without clear term/value	Separate appliance and licence/subscription if any.
C/O	C/O, draft C/O, origin criterion, related invoice	Preferential duty claim	Supplier, Purchasing, Docs	Wrong form, HS, model or description	Review draft C/O before original issuance.
Specialised permits	Cyber security/civil cryptography permits, test report, ICT conformity if any	Clearance, market circulation and post-clearance audit	Compliance, testing body, importer	Permit not ready before ETA; test report does not match model	Finalise specialised policy before departure from origin.

Consistency rule: Goods name, quantity, model, serial number, origin, specifications, security functions, licence and label must match commercial documents, technical files, specialised dossiers and the customs declaration.

KEY CLEARANCE DECISION POINTS

Decision point	Question to answer	Evidence	Consequence if unclear	Recommended handling
HS classification	Is it a data-transmission gateway, security appliance or ADP server?	Catalogue, datasheet, block diagram, photos	Explanation, amendment or classification analysis	Confirm principal function and HS direction before ETA.
Cyber security permit	Is the model on the list of cyber information security products subject to import permit?	Security feature list, datasheet, licence sheet	Shipment may not be cleared/circulated without dossier	Review the list and prepare permit dossier before arrival.
Civil cryptography	Does the device include regulated encryption, VPN, key management or crypto engine?	Encryption spec, admin guide, datasheet	Permit or technical explanation may be requested	Review separately when encryption is present.
Licence/value	Does bundled licence/subscription affect customs value?	Invoice, PO, contract, activation sheet	Customs-value query or supplementary documents	Clearly show hardware, licence, term and value.
Condition	Is it new, refurbished, demo or warranty replacement?	Invoice, contract, photos, serial	Used IT goods policy risk	Do not import used/refurbished goods without legal conclusion.

PRACTICAL E2E WORKFLOW

Step 1: Pre-ETA review

Confirm HS, cyber security/civil cryptography policy, tax, C/O, labelling, goods condition, licence and specialised-management requirement.

Step 2: Lock documents and technical files

Finalise Invoice, Packing List, B/L/AWB, catalogue, datasheet, security feature list, model–serial list and licence/subscription.

Step 3: Apply for permits if required

Prepare cyber security permit, civil cryptography dossier, ICT quality inspection/conformity if the actual model falls within scope.

Step 4: Lodge customs declaration

Green channel: system clearance under conditions. Yellow: document check. Red: document and physical inspection. Common queries include HS, value, C/O, model, licence and specialised policy.

Step 5: Clear, deliver and archive

Deliver to warehouse, complete supplemental labelling/conformity mark if any, retain permit, value evidence, catalogue, C/O, declaration and post-clearance explanation file.

PRE-ETA RISK CHECKLIST

Risk	Consequence	Pre-ETA control	Documents to check
Confusing endpoint gateway with firewall/VPN/crypto appliance	Wrong HS and permit policy	Confirm principal function based on datasheet and feature list	Catalogue, datasheet, admin guide
Omitting encryption/VPN functions	Civil cryptography issue or further explanation	Review encryption/VPN/SSL inspection before purchase	Encryption specification, user manual
Missing cyber security permit if regulated	Clearance delay and storage charges	Review regulated list and prepare permit dossier before ETA	Security feature list, licence sheet
Invoice bundles hardware and licence unclearly	Customs-value query	Clarify hardware, licence, subscription and term	Invoice, PO, contract, activation sheet
Model mismatch across documents	C/O/specialised dossier may be rejected	Lock official model and cross-check all documents	Invoice, Packing List, catalogue, draft C/O
Goods condition not reviewed	Used IT goods restriction	Obtain confirmation of brand-new goods or legal review for exceptions	Contract, invoice, photos, serial

FAQ

1. Does an endpoint protection gateway require an import permit?

It may, if the actual model is a cyber information security product subject to import permit or includes regulated civil-cryptography functions. Review the actual catalogue, datasheet and feature list.

2. Can it be declared simply as “security gateway”?

Not recommended. The description should state principal function, model, goods condition and licence/subscription if any to reduce HS, value and policy risks.

3. Is HS 8517.62.49 definitive?

No. It is a reference direction for network data-transmission gateway. Final HS depends on structure, principal function, technical specifications and actual dossier.

4. Can C/O reduce duty?

Yes, if the C/O form, origin criterion, goods description, HS and consistency with commercial documents are accepted by customs.

5. Is bundled software licence included in customs value?

It may be queried if the licence is required for device operation or is part of the price actually paid/payable. Review invoice, contract and activation terms.

6. Is warranty replacement handled the same as commercial import?

It still requires customs declaration and policy review. Warranty, demo, refurbished or project goods may require a different document set.

EXECUTION SUPPORT FROM TGIMEX

This article provides an operational map for HS, taxes, documents and specialised policies for endpoint protection gateway. For an actual shipment, the business should still review catalogue, datasheet, model, commercial documents, origin, licence, security functions and import purpose.

E2E coordination capability

TGIMEX has an agency network in more than 60 countries and is a member of WCA, WCA China Global, VLA and HNLA, with capabilities in ocean, air, road/rail transport, customs clearance, C/O, import permits, warehousing and domestic delivery.

Support scope

Pre-ETA review: HS, cyber security/civil cryptography policy, C/O, duty, labelling, catalogue/datasheet/model.
Compliance dossier control.
International logistics coordination, ETA tracking, pre-alert and transport documents.
Customs declaration and explanation for HS, value, origin and specialised policies.
Post-clearance file retention and labelling/conformity review if applicable.

For shipments likely to involve specialised inspection, permits, C/O or labelling requirements, businesses should not wait until arrival to review the dossier. A small mismatch among Invoice, Packing List, catalogue, datasheet, C/O, licence or label may trigger supplementary documents, clearance delay or unplanned storage cost.

TGIMEX supports businesses in setting up an E2E import plan: pre-ETA policy review, document checking, international transport coordination, customs declaration, clearance handling, domestic delivery and post-clearance file retention. This approach helps control schedule, cost and compliance risk from the preparation stage.

Có liên quan

QUICK CONSULTATION

NEED TO REVIEW IMPORT PROCEDURES OR A SHIPPING PLAN?

Send us the product name, shipping route, current dossier, or implementation request in advance so we can suggest a suitable approach that is practical, focused, and aligned with your shipment.

CALL NOW

HOTLINE 0963 856 664 / 0982 135 393

EMAIL info@tgimex.com

SUITABLE FOR International shipping · Customs procedures · Import licenses · B2B logistics

ELECTRICAL – ELECTRONICS – IT EQUIPMENT

F&B

MACHINERY

HOUSEHOLD GOODS

COSMETICS – PERSONAL CARE