Sangfor Community»Categories Products Network Secure (NGAF) Change Topology NGAF

Change Topology NGAF

views: 9509 | comments: 25 | added to Favorites 0
Lights on | 提示:支持键盘翻页<-左 右->
    组图打开中,请稍候......
Created: 25 Oct 2022 14:55

Summary:

i want to change the existing network topology. here I attach the topology

Reply

Robin Posted 07 Nov 2022 09:05
Your suggested diagram is not security efficient. You should not change it.
Snipe Posted 07 Nov 2022 08:54
Dont change your topology because the current is the recommended one.
kmrnliaqat Posted 05 Nov 2022 17:12

It is not a good  design proposal because other network doesn't have security.
Deorwine Posted 03 Nov 2022 11:01
Your current diagram is much better and it is recommended design.
Faisal P Posted 01 Nov 2022 13:23
You can refer to the document for very detailed steps to configure NGAF
Brooker Posted 01 Nov 2022 10:47
Recommended topology is your current design not the new
arjay Posted 01 Nov 2022 10:01
Much better that all traffics will pass through NGAF for filtering including the endpoint users
jetjetd Posted 01 Nov 2022 01:36
Stick with the old topology, all the traffic that goes in your network will go to the NGAF first. In your new topology some network is open and exposed in the internet which is dangerous.
nobitachou Posted 31 Oct 2022 20:22
The most of the configuration is on the router but it is all about IP Addressing.
babeshuka Posted 31 Oct 2022 19:06
Do not change your current setup. NGAF alone can do Server Protection and Lateral protection.
rivsy Posted 25 Oct 2022 15:48
Last edited by rivsy 25 Oct 2022 15:54.

For the Public IP Area
1. IP address to the endpoint is based on the first router .
2. For this setup, Public Area will not be protected from threat, cannot be managed by NGAF and have security consent since connection is direct to the first router.
3. Static IP for the 3 router in the Public Area
4. Default gateway IP address same with first router

For the DMZ Zone
1. IP address of the server is based on the NGAF
2. Default gateway IP addresssame with first router