A UTM (Unified Threat Management) appliance may combine firewall, VPN, IPS/IDS, antivirus, web filtering and application control in one hardware platform. If it is described merely as a “network device” or “gateway”, the importer may misclassify the HS code, miss cyber security/civil cryptography requirements, fail to separate licence value, or start specialised procedures too late before ETA (Estimated Time of Arrival). This guide provides an E2E (End-to-End) map covering HS code, duties, C/O, specialised policies, documents, customs decision points and pre-ETA risk controls.

QUICK FACT

Item	Fast review point	Operational note
Applicable product	Hardware UTM appliance.	Only for UTM; not automatically applicable to standalone Firewall, NAC, IPS/IDS, DDoS appliance, SIEM or Network Monitoring where the principal function differs.
Reference HS	Review 8471.30.90, 8471.41.90, 8471.49.90, 8517.62.43 and 8517.62.49 depending on the actual technical nature.	Do not classify by the trade name “UTM” alone; review catalogue, datasheet, model, modules, licence and firmware.
Suggested tax	Normal import duty 5%; MFN 0%; VAT 10%; FTA usually 0% with valid C/O.	Reference rates only; re-check at declaration date.
Specialised policy	UTM is listed in the cyber information security import-permit list; civil cryptography, ICT group 2, labelling and used IT goods must also be reviewed where triggered.	Do not conclude “no permit” without reviewing the model and functions.
Key technical documents	Catalogue, datasheet, feature/licence list, admin guide, encryption/VPN statement, model–serial list.	Pay special attention to VPN, IPsec/SSL, antivirus, IPS/IDS, web filtering, application control and encryption.
Timing	Review at least 5–7 working days before ETA.	Late review may cause storage, DEM/DET and project handover delays.

Legal note

All HS codes, duty rates and policies in this article are reference information for dossier preparation. Actual clearance must be reviewed against catalogue, datasheet, model, licence, firmware, encryption function, import purpose and the tariff schedule effective on the declaration date. Do not conclude “no permit required” before a full technical review.

SCOPE OF APPLICATION

This article applies solely to UTM (Unified Threat Management) hardware appliances imported into Viet Nam. UTM may be commercially grouped with Firewall, NAC, IPS/IDS, DDoS appliance, SIEM and Network Monitoring, but the same conclusion must not be applied automatically to those products.

Applicable to appliances for enterprise networks, data centres, branches, factories and IT/OT systems.
Not applicable to pure software delivered online, licence renewal without tangible goods, bare servers, ordinary routers or standalone firewall products with different records.
New, used, refurbished, sample, warranty/RMA, project, EPE/FDI/factory imports may trigger different policies.
If the UTM includes Wi‑Fi/4G/5G, encryption module, VPN, battery, power adapter or dedicated accessories, each component/function must be reviewed.

Review against the actual catalogue, datasheet, model and import purpose.

PRODUCT CLASSIFICATION & IDENTIFICATION

How to identify UTM

UTM is usually a desktop or rackmount security appliance with WAN/LAN/DMZ/SFP ports, security firmware and service licences. It may include firewall, VPN, IPS/IDS, antivirus, anti-spam, web filtering, application control, sandboxing or reporting.

Descriptions to avoid

Generic descriptions such as “gateway”, “router”, “network device” or “security equipment” may create HS, licensing, labelling and post-clearance risks.

Check point	Documents to compare	Risk if misstated	Suggested description
Trade name and model	Catalogue, datasheet, quote, PO, invoice	Misnaming as router/firewall/server may lead to wrong HS and policy.	“UTM security appliance, model…, for enterprise network security”.
Principal function	Datasheet, feature matrix, admin guide	Unclear principal function leads to disputes between firewall, gateway, ADP server or network equipment.	State unified security functions such as firewall/VPN/IPS/web filtering/antivirus as applicable.
VPN/encryption	Encryption statement, licence list, user manual	May trigger civil cryptography requirements.	State whether VPN, IPsec, SSL VPN, TLS inspection or encryption module exists.
Cyber security functions	Security feature list, certificates, product brief	May require import permit if within applicable cyber security list.	Attach feature list and explanation where necessary.
Interfaces and wireless	RJ45/SFP/WAN/LAN, Wi‑Fi/4G/5G datasheet	Wireless modules may trigger conformity/quality policies.	Separate wireless and non-wireless versions.
Condition	Contract, condition statement, serial/label photos	Used/refurbished goods may face used IT import restrictions.	Declare brand new or actual condition accurately.
Licence/subscription	Invoice, licence certificate, BOM	Licence value may raise customs valuation questions.	Clearly separate hardware, licence, subscription and support if bundled.

HS CODE – DUTY – C/O

For UTM, the HS code should not be determined only from the trade name “UTM”. When cross-checking the list of cyber information security products subject to import permit, UTM is identified as multi-function threat management equipment (UTM), with HS directions to review including 8471.30.90, 8471.41.90, 8471.49.90, 8517.62.43 and 8517.62.49. If the device is a dedicated network appliance, heading 8517.62 is normally reviewed first; if it is actually an ADP machine/system running security software, heading 8471 must be considered.

DETAILED REFERENCE TAX TABLE

Reference HS	Actual application condition	Normal duty	MFN duty	VAT	Preferential duty with C/O
8517.62.49	Priority review where UTM is a network security appliance/security gateway transmitting, receiving and converting IP data and not fitting a more specific subheading.	5%	0%	10%	Usually 0% with a valid preferential C/O; where MFN is already 0%, C/O may not further reduce import duty but remains relevant for origin records.
8517.62.43	Review where technical structure/function matches controllers/adaptors, gateways, bridges, routers or similar apparatus under heading 8517.62.	5%	0%	10%	Apply the relevant FTA and C/O if the origin criteria are met.
8471.30.90	Only where the UTM is in the form of a portable ADP machine weighing not more than 10 kg and meeting heading 84.71 conditions.	5%	0%	10%	Requires catalogue/datasheet evidence of ADP nature; do not use for a dedicated network appliance.
8471.41.90	Only where the device is an ADP machine in the same housing with at least a CPU, input unit and output unit.	5%	0%	10%	Requires clear classification reasoning based on hardware, OS, interfaces and principal function.
8471.49.90	Only where the UTM is an ADP system made of several functional units, not a dedicated network appliance.	5%	0%	10%	Compare BOM, system configuration, CPU/RAM/storage, OS and actual operation.

REFERENCE HS REVIEW TABLE

Reference HS	Condition for use	Risk of wrong classification	Documents to compare
8517.62.49	UTM is a dedicated network security appliance for data transmission/reception/conversion, with unified threat management as the principal function.	Customs may reclassify if actual function or structure differs.	Catalogue, datasheet, admin guide, feature list, port photos.
8517.62.43	The device is technically a controller/adaptor, gateway, bridge, router or similar apparatus in a data network.	Wrong use may affect cyber security policy, duty and C/O.	Port datasheet, network topology, transmission/reception description.
8471.30.90	The device is a portable ADP machine under heading 84.71.	May be rejected if the product is actually a rackmount/desktop UTM appliance.	Datasheet, device photos, weight, CPU/RAM/storage, screen/keyboard if any.
8471.41.90	The device is an ADP machine in one housing with CPU, input/output units and security software.	May be challenged if the principal function is network security gateway.	BOM, hardware configuration, OS, interfaces, operation documents.
8471.49.90	The device is an ADP system with several functional units, not a dedicated network appliance.	Incorrect nature description may lead to HS consultation or additional duty.	System diagram, configuration, technical documents, import purpose.

C/O risk

Where MFN is already 0%, C/O may not further reduce import duty, but the C/O form, origin criteria, goods description, HS code, invoice number, value and transport route should still be reviewed for preferential treatment, trade records and post-clearance audit.

APPLICABLE SPECIALISED POLICIES

Goods situation	Possible policy	Documents to check	Authority/portal if identifiable	Recommended timing	Risk note
Standard UTM without wireless	Customs, duty, labelling; review cyber security/civil cryptography functions.	Invoice, PL, B/L/AWB, catalogue, datasheet, feature list.	Customs authority; relevant public service/specialised portal if triggered.	Before ETA.	Do not assume normal clearance before reviewing VPN/encryption/security functions.
VPN/IPsec/SSL/encryption	Civil cryptography and/or cyber security policy may apply.	Encryption statement, admin guide, licence, datasheet.	Relevant specialised authority under current rules.	Before shipment or upon receiving datasheet.	Late handling may cause storage cost.
IPS/IDS, antivirus, web/application control	May fall under cyber information security product import control.	Feature matrix, product brochure, licence bundle.	Specialised portal if permit applies.	5–7 days before ETA.	“UTM bundle” usually requires functional explanation.
Wi‑Fi/4G/5G or wireless module	ICT/telecom conformity, radio or quality policies may apply.	Radio datasheet, test report, model list.	Public service portal/NSW/specialised authority where applicable.	Before purchase.	Wireless version differs from non-wireless version.
Used/refurbished/RMA	Used IT import restrictions or special conditions may apply.	Condition statement, warranty contract, serial photos, purpose.	Customs/specialised authority depending on case.	Before purchase/shipment.	Never declare brand new if actually refurbished/RMA.
EPE/FDI/factory import	Review usage purpose, contract, valuation, licence and record retention.	PO, contract, use purpose, project code, internal records.	Managing customs office.	Before ETA.	Wrong import purpose may affect post-clearance/finalisation.

LEGAL DOCUMENTS TO REVIEW

Document group	Document name/number	Issuing authority	Effective date/application	Role	Key point	Review note
Law	Customs Law 2014	National Assembly	Currently applied; check amendments	Customs dossier, declaration, inspection and post-clearance basis.	Customs records, classification, valuation and inspection.	Review with implementing decrees/circulars.
Law	Law on Export and Import Duties 2016	National Assembly	Currently applied; check amendments	Basis for import duty and preferential treatment.	Duty rate, incentives and origin.	Does not replace tariff lookup at declaration date.
Decree	Decree 26/2023/ND-CP	Government	Effective 15/07/2023	Preferential export/import tariff schedule.	Chapter 84/85 depending on actual HS.	Check amendments at application date.
Decree	Decree 211/2025/ND-CP	Government	Effective 09/09/2025	Civil cryptography management framework.	Licensing/list review where encryption functions apply.	Review by model and VPN/encryption function.
Circular	Circular 29/2025/TT-BKHCN	Ministry of Science and Technology	Effective 31/12/2025	List of potentially unsafe IT/telecom goods.	Appendices/list where UTM functions are covered.	Review by model, radio module and actual function.
Circular	Circular 26/2025/TT-BKHCN	Ministry of Science and Technology	Effective 31/10/2025	Used IT goods import control.	Used IT list and exceptions.	Critical for used/refurbished/RMA goods.
Decree	Decree 43/2017/ND-CP; Decree 111/2021/ND-CP	Government	Currently applied	Imported goods labelling and Vietnamese sub-labels.	Mandatory label information.	Check original label and sub-label before distribution.
Specialised document	Consolidated cyber security product import list / applicable ATTT list	Specialised authority	Review current version at import time	Compare UTM with Network-based Firewall, IPS/IDS, security gateway if applicable.	List, HS, product description, licensing cases.	Do not invent clauses; record “review by actual dossier” if uncertain.

VIEW / DOWNLOAD ORIGINAL LEGAL TEXTS

Enterprises can search by document number on official legal portals, the Government portal or the issuing authority’s website. Enterprises should cross-check on official legal databases or issuing authority websites before applying.

Decree 26/2023 Circular 29/2025 Decree 211/2025 Circular 26/2025

CUSTOMS DOSSIER

Commercial documents

Commercial Invoice.
Packing List.
Bill of Lading/Air Waybill.
Sales Contract/Purchase Order if any.
C/O if preferential duty is claimed.
Catalogue, datasheet, product photos, original label, model–serial list if required.

Specialised documents if any

Cyber security/civil cryptography permit if applicable.
Quality inspection, declaration/certification of conformity, test report if triggered.
Labelling dossier, technical documents, feature/licence list.
Used goods, warranty/RMA or project dossier if applicable.

Dossier group	Required document	Used for	Usually prepared by	Common error	Pre-ETA check
Commercial	Invoice, Packing List, Contract/PO	Valuation, quantity, delivery terms	Procurement/Docs/Supplier	Generic name; missing model; unclear licence/subscription.	Compare with PO/catalogue/datasheet.
Transport	B/L or AWB, Arrival Notice, Pre-alert	D/O, declaration, ETA tracking	Forwarder/Docs	Wrong consignee or packages; missing pre-alert.	Lock transport documents before ETA.
Technical	Catalogue, datasheet, admin manual, feature/licence list	HS and policy review	Supplier/IT/Compliance	No VPN/encryption/IPS information.	Request exact model datasheet and licence bundle.
Origin	C/O if preferential duty is claimed	Preferential duty and origin records	Supplier/Procurement	Wrong form/HS/description/invoice.	Check draft C/O before issuance.
Specialised	ATTT/MMDS permits, conformity/test report if applicable	Clearance/distribution	Legal/Compliance/Service provider	Late filing, wrong model, missing technical documents.	Review policy upon receiving datasheet.
Labelling	Original label photo, proposed Vietnamese sub-label, model–serial list	Clearance and domestic circulation	Importer/Compliance	Missing origin, model or responsible entity.	Match labels with invoice/catalogue.

Consistency rule: goods name, quantity, model, serial, origin, technical specifications, licence and labels must match across commercial documents, catalogue, specialised dossier and customs declaration.

CUSTOMS DECISION POINTS THAT MAY HOLD THE SHIPMENT

Decision point	Question to answer	Evidence	Consequence if unclear	Recommended handling
HS code	Is it a UTM/security gateway or an ADP server running security software?	Datasheet, product brief, admin guide	HS consultation, duty adjustment, clearance delay.	Prepare classification reasoning and function matrix.
Cyber security	Is the model in an import-controlled cyber security product list?	Feature list, licence bundle, catalogue	Permit request or dossier supplementation.	Compare by model and actual functions.
Civil cryptography	Does it include IPsec/SSL VPN, encrypted tunnels or cryptography modules?	Encryption statement, manual, licence	Civil cryptography permit risk.	Review before shipment and keep technical confirmation.
Wireless	Does it include Wi‑Fi/4G/5G/Bluetooth?	RF datasheet, test report	ICT/telecom conformity may apply.	Separate wireless/non-wireless versions.
C/O	Is HS, description, form and origin criterion correct?	C/O draft, invoice, PL	Preferential duty refusal or post-clearance recovery.	Check C/O draft before issuance.
Condition	Brand new, used, refurbished or RMA?	Contract, condition statement, serial photos	Used IT restriction risk.	Confirm condition before purchase.
Licence/value	Are licence, subscription and support included?	Invoice, licence certificate, quote	Customs valuation questions.	Separate hardware and licence lines if possible.

PRACTICAL E2E PROCESS

Step 1: Pre-ETA review

Confirm HS, duty, C/O, label, ATTT/MMDS functions, wireless module, condition and specialised policy triggers.

Step 2: Lock documents and technical records

Check Invoice, Packing List, B/L/AWB, catalogue, datasheet, model list and serial/licence list for 100% consistency.

Step 3: Apply for permit/specialised dossier if needed

Prepare ATTT, MMDS, conformity or test report dossier before arrival if triggered.

Step 4: Lodge customs declaration

Declare with well-supported HS. Green channel may clear conditionally; Yellow checks documents; Red checks documents and physical goods.

Step 5: Clearance, delivery and post-clearance file retention

Collect goods, deliver to warehouse, apply sub-label/conformity mark if required and archive the shipment dossier.

PRE-ETA RISK CHECKLIST

Risk	Consequence	Pre-ETA control	Document to check
Generic goods description	Wrong HS/policy and explanation request.	Use UTM security appliance + model + principal function.	Invoice, catalogue, datasheet.
No VPN/encryption review	Potential civil cryptography dossier missing.	Request IPsec/SSL VPN/encryption confirmation.	Feature list, admin guide, encryption statement.
No cyber security review	Potential import permit missing.	Compare model and functions against current list.	Catalogue, product matrix.
Incorrect C/O HS/description	Preference refusal or recovery.	Check C/O draft before issuance.	C/O draft, invoice, PL.
Model mismatch	Channel escalation or document amendment.	Lock model/serial list before ETA.	Invoice, PL, label photos.
Unclear used/refurbished condition	Used IT restriction risk.	Confirm condition before contract/shipment.	Contract, serial photos, condition statement.
No licence/subscription split	Customs valuation query.	Clarify licence, support and subscription.	Quote, invoice, licence certificate.

FAQ

Does importing UTM require a permit?

It may, if the model falls under cyber security or civil cryptography control. Review catalogue, datasheet, feature list, licence and import purpose.

Does VPN make UTM a civil cryptography product?

It may trigger civil cryptography review where IPsec/SSL VPN, encrypted channel or cryptography modules are present.

Which HS code is normally reviewed first?

8517.62.49 is the priority reference where the product is a network security appliance/security gateway, but actual HS must follow technical records.

Is C/O still useful if MFN duty is 0%?

Yes, for origin records, contractual requirements and post-clearance evidence, although it may not further reduce import duty.

Is Vietnamese sub-labelling required?

Yes, if the goods are circulated in Viet Nam, imported goods labelling requirements should be reviewed.

Are sample or warranty goods processed like commercial goods?

Not automatically. Condition, purpose, value, specialised policy and possible re-export obligations must be reviewed.

What if invoice says “gateway” but catalogue says UTM?

Standardise the goods description and attach catalogue/datasheet to explain the principal function.

EXECUTION SUPPORT FROM TGIMEX

This guide provides the HS, duty, dossier and specialised policy map for UTM; however, actual shipments still require review against catalogue, datasheet, model, firmware, licence, documents, origin and import purpose.

Pre-ETA review

HS, duty, C/O and labelling.
ATTT, civil cryptography and ICT conformity if triggered.
Model, features, licence and datasheet control.

E2E execution

Coordinate agents, carrier/airline and pre-alert.
Customs declaration and Green/Yellow/Red channel handling.
Domestic delivery and post-clearance file retention.

For shipments that may involve specialised inspection, permits, C/O or labelling requirements, enterprises should not wait until cargo arrival to start dossier review. Small inconsistencies among Invoice, Packing List, catalogue, datasheet, C/O or labels may result in additional document requests, clearance delays or unplanned storage costs.

TGIMEX supports enterprises in setting up an E2E import plan: pre-ETA policy review, document check, international forwarding coordination, customs declaration, clearance handling, domestic delivery and post-clearance records.

Có liên quan

QUICK CONSULTATION

NEED TO REVIEW IMPORT PROCEDURES OR A SHIPPING PLAN?

Send us the product name, shipping route, current dossier, or implementation request in advance so we can suggest a suitable approach that is practical, focused, and aligned with your shipment.

CALL NOW

HOTLINE 0963 856 664 / 0982 135 393

EMAIL info@tgimex.com

SUITABLE FOR International shipping · Customs procedures · Import licenses · B2B logistics

ELECTRICAL – ELECTRONICS – IT EQUIPMENT

F&B

MACHINERY

HOUSEHOLD GOODS

COSMETICS – PERSONAL CARE