#Configuration Guide# Sangfor NGAF Anti-Dos/DDos Configuration Guidelines
Last edited by jetjetd 30 Jun 2022 23:59.Sangfor NGAF Anti-Dos/DDos Configuration Guidelines
Product: NGAF
Configuration Steps——
Configuring Inbound Attack Protection
Step 1.Go to Policies > Network Security >Anti-Dos/DDos
Step 2.By default, the inbound attack protection isdisabled. To use it, we are required to enable it. Go to System > General> System. Click on “Network” tab.
Step 3.Tick the option “Enable protection against outside DoS attacks. Click “OK” to save it.
Step 4.Go to Policies again > Network Security> Anti-Dos/DDos. Now you are able to create the inbound attack protection.
Step 5. Enter the policy name.
Step 6.Enter the LAN zone as the source zone. Enable the defense against ARP flooding attack option.
Step 7.For “Scan Prevention”. Enable the IP scan and Port scan prevention. Click OK when finish.
Step 8.Select “All” user or specific the internal user.
Step 9.For the attack type. Make sure the protection of SYN flood, UDP flood, DNS flood, ICMP flood and ICMPv6 is enabled.
Step 10.Next ensure the log event and deny action is enabled.
Step 11.Click on “Advanced” option. Tick all the packet-based attack protection except “Sending IP fragment” because the IP fragment isexisting in a normal network environment.
Step 12.Next, tick all the protection in “Bad IP Options” and “Bad TCP Options”. Click “OK” to save configuration.
Inbound Attack policy has been created successfully.
Configuring Outbound Attack Protection
Step 1.Go to Policies > Network Security >Anti-Dos/DDos. Click and select the outbound attack protection
Step 2.Enter the policy name. Select the WAN zone asthe source zone.
Step 3.For scan prevention, Enable the IP scan and Port scan prevention.
Step 4.For the attack type, make sure the protection of SYN flood, UDP flood, DNS flood, ICMP flood, and ICMPv6 flood is enabled. Click “OK” when done.
Step 5. Next, ensure the log event and deny action is enabled.
Step 6. Click on “Advanced”option. Tick all the packet-based attack protection except “Sending IP fragment” because the IP fragment is existing in a normal network environment.Click “Ok” to save the configuration.
Outbound Attack policy has been created successfully.-END- I hope everyone will find my guide useful. Thank you for sharing this english version. It is informative and useful
Thank you for sharing this english version Thank you very much for the information ... :handshake Rating: ⭐️⭐️⭐️⭐️ (4/5)
Review:
I like to explore and learn more about NGAF, the guide to configure Sangfor NGAF Anti-Dos/DDoS from jetjetd are clear and well-organized. But, it will be very much better if the guide is in the latest version of NGAF. The guide is incredibly useful, offering step-by-step instructions. The article is filled with helpful screenshots that enhance comprehension. It's an informative article that educates and empowers readers. It's a user-friendly article that caters to various skill levels.