What is the most recommended node in Sangfor NGAF

Janong Lv2Posted 30 Dec 2022 06:15

What is the most recommended node in Sangfor NGAF

Siva has solved this question and earned 10 coins.

Posting a reply earns you 2 coins. An accepted reply earns you 20 coins and another 10 coins for replying within 10 minutes. (Expired) What is Coin?

Enter your mobile phone number and company name for better service. Go

It depends on your environment and requirements

Application scenarios for several types deployment modes:

Route Mode: If there is no router as a gateway in the existing environment, AF needs to be used for routing.

Transparent mode and virtual wire mode: Supports all security protection functions (such as IPS, WEB application protection, botnet, etc.), and is suitable for scenarios that does not required to change the original environment and only need to use the security protection functions of AF (no required VPN, routing, NAT, etc.)

Mixed Mode: It mainly refers to the situation that each network port of AF has both a layer 2 port and a layer 3 port. Especially when the server cluster in the DMZ area needs to be configured with a public IP address, the corresponding security functions are supported in mixed mode deployment, such as IPS, WEB application protection, botnet, application control, content security, real-time vulnerability analysis, etc.

Bypass Mode: The device can be mounted on the internal network switch or router to implement the protection functions which does not need to change the user's existing environment at all. Avoiding all possible risk of interruption caused by the device to the user's network.

Single-arm mode: The single-arm port is a routing port that supports routing functions and required to directly connected on network devices to implement policy routing and divert data through AF.


The difference between the deployment modes:

Route Mode: All service ports are Layer 3 routing ports, and IP addresses must be configured to forward data according to the routing table and arp table.

Transparent Mode: All service ports are Layer 2 transparent ports, which are divided into access and trunk attributes.

Virtual Wire Mode: All service ports are virtual network ports. Directly forward or intercept data without checking the routing and forwarding rules, which can be described as the two ends of a network cable.

Mixed mode: All service ports have Layer 2 transparent ports and Layer 3 routing ports

Bypass mode: The interfaces deployed in bypass mode are mirrored ports, which do not support routing and forwarding functions and need to be used in conjunction with the mirroring configuration on the physical switch.

Single-arm mode: The single-arm interface is a routing port that supports routing functions. The policy configuration is similar to the route mode configuration.


Note:

1. All security protection functions of the NGAF can be used in transparent mode, virtual wire mode, route mode and mixed mode.
2. The bypass mode only supports WAF (web application protection), IPS (intrusion prevention system), APT (botnet), Real-Time Vulnerability Analysis, DLP (data leak protection), website anti-tampering function.
3. The functions of NGAF is depends on the deployment mode and not directly related to the AF deployment location.
Is this answer helpful?
CyberDaeng Lv1Posted 07 Jan 2023 11:43
  
Its all depend on your needs first of all.. And second, its how you gonna do it. In my case, I have 2 border router which all BGP with IP Transit to our upstream and second router is to Local IXP in the country.

The bandwidth usage for IP Transit is only about 3Gbps Up / 3Gbps Down, so total 6Gbps. Im using M5600 for this... And for the Local IXP Border, its like 10Gbps UP and 10Gbps Down, so its approx 20Gbps Throughput, and Im already planning to purchase another NGAF M5800 minimum or even M5900 for this case.

You also need to consider how many pps, concurrent connection, logging (is it going to be big logging)... Cause I recently had problem with my M5600 where we cannot showing logs and according to Sangfor Staff says that because the log in my NGAF is a lots of process.
Newbie318663 Lv2Posted 06 Jan 2023 14:27
  
it will depend on the situation and environment
jetjetd Lv5Posted 04 Jan 2023 14:18
  
This is depending on your network scenario and the output that you want to happen.
RobertonY Lv2Posted 03 Jan 2023 20:28
  
The mode depends on the network
Naomi Posted 03 Jan 2023 20:21
  
Mixed mode by Routed and Bridge.
MarioC Lv2Posted 03 Jan 2023 20:14
  
Bridge mode
Lilia Lv2Posted 03 Jan 2023 20:08
  
it depends on the network
CptArmando Lv2Posted 03 Jan 2023 19:57
  
Routed mode and bridge mode

I Can Help:

Change

Moderator on This Board

11
7
5

Started Topics

Followers

Follow

1
3
5

Started Topics

Followers

Follow

0
4
5

Started Topics

Followers

Follow

67
20
3

Started Topics

Followers

Follow

3
14
3

Started Topics

Followers

Follow

1
137
3

Started Topics

Followers

Follow

Board Leaders