How NGAF pass-through mode works?

KHANH NGUYEN Lv1Posted 17 Sep 2023 11:00

I'm working with an NGAF device, and would like to learn more about how pass through mode works. Thank you for providing detailed documentation about this content. thanks a lot

Newbie517762 has solved this question and earned 20 coins.

Posting a reply earns you 2 coins. An accepted reply earns you 20 coins and another 10 coins for replying within 10 minutes. (Expired) What is Coin?

Enter your mobile phone number and company name for better service. Go

HiHi,

Pls find the link for Sangfor NGAF_V8.0.5_Bypass Mode Deployment Guide.

Regards,
Is this answer helpful?
Noah19 Lv3Posted 20 Sep 2023 11:01
  
You can contact support for the guide on this matter
BitCloud Lv3Posted 20 Sep 2023 10:59
  
The Sangfor NGAF device has a deployment option called transparent mode that may be chosen. Between the second and third layers of the network, it functions as a transparent device. Please refer to the NGAF Manual's settings.
Natsu Dragneel Lv3Posted 20 Sep 2023 10:57
  
knowledgebase.sangfor.com/detailPage?articleData=%7B%22articleType%22%3A1,%22articleId%22%3A%2257bb9128cf0f4aefbf84a97c5162f038%22,%22keyword%22%3A%22%22%7D - Please visit this site for the Bypass mode reference.
VanFlyheights Lv3Posted 20 Sep 2023 10:56
  
Bypass Mode: It can provide protection without changing the user's network environment and reduce the risk of downtime brought on by NGAF devices. To guarantee that traffic passes through the switch when a user reaches the server, it will connect to the switch's mirror port.
Steps in Configuration
Option to configure interfaces and logging
To add or edit the zone and the kind of Physical Interface, go to Network > Interface. Set the network objects to the users in the chosen group.
Naomi Posted 20 Sep 2023 10:48
  
Access the Policies
If your server requires real-time vulnerability analytics, you can check the option.
You may turn on Web App Protection and Intrusion Prevention under Protection.
To stop WAF/IPS packets from accessing the network, go to System > General > System > Network and select the Send TCP Reset message in mirror mode to reject checkbox.
NeTSec Lv3Posted 20 Sep 2023 10:36
  
Look at the firewall settings page for policies or rules.
Make a rule or policy that specifically addresses pass-through traffic
Verify that the option for Pass-through mode was set to permitted or enabled in the rule or policy settings.
Make certain to always save and apply configuration changes.
Please be aware that, although pass-through mode has its uses, the level of protection offered by NGAF is decreased. Consequently, always use it responsibly and only when required.
MISMIS Lv3Posted 20 Sep 2023 10:35
  
"Pass-through mode" often refers to a setting in NGAF (Next-Generation Application Firewall) devices that permits network traffic to flow through the device without going through deep inspection or firewall rules.
mdamores Posted 20 Sep 2023 10:23
  
To configure pass-through mode, you would set rules or policies to specify which traffic are allowed or not. Below are some steps to configure pass-through mode in Sangfor NGAF depending on the version and configuration in each deployment.
1.        Login to Sangfor NGAF management console
2.        Check the firewall policy or rule configuration page
3.        Create rule or policy with specific policy for traffic in pass-through mode
4.        In the rule or policy configuration, make sure that the option for Pass-through mode was set to allowed or enabled.
5.        Always make sure to save and apply the configuration changes.
Please take note that while pass-through mode is useful for some cases, it reduces the security level provided by NGAF. So always make sure to use it with precaution and only when necessary
Zonger Lv5Posted 19 Sep 2023 16:58
  
In NGAF (Next-Generation Application Firewall) device, "pass-through mode" typically refers to a mode in which network traffic is allowed to pass through the device without undergoing deep inspection or firewall rules. This mode is often used for scenarios where you want the NGAF device to function as a transparent bridge, simply forwarding traffic without applying security policies or inspecting the data packets in detail. It's commonly employed when the NGAF device is used for monitoring or network troubleshooting purposes, allowing traffic to flow without any interference from the firewall's security features.
engineer_baz Lv1Posted 19 Sep 2023 11:01
  
which the NGAF device does not perform any inspection or filtering on the traffic that passes through it. This can be useful for troubleshooting purposes, or for connecting to devices that are not compatible with the NGAF device.

To enable NGAF pass-through mode, you must configure the NGAF device to bypass all security policies. Once this is done, all traffic will flow through the NGAF device without being inspected or filtered.

It is important to note that when NGAF pass-through mode is enabled, your network will be vulnerable to attack. Therefore, it is important to only enable NGAF pass-through mode when necessary.

I Can Help:

Change

Moderator on This Board

11
7
5

Started Topics

Followers

Follow

1
3
5

Started Topics

Followers

Follow

0
4
5

Started Topics

Followers

Follow

67
20
3

Started Topics

Followers

Follow

3
14
3

Started Topics

Followers

Follow

1
137
3

Started Topics

Followers

Follow

Board Leaders