Sangfor NGAF whitelist

Asad Rafique Lv1Posted 05 Jan 2024 14:53

I am using Sangfor NGAF, and I have a question. If I apply any content/web filtering policy to my LAN network, and my network is 192.168.22.1/24, and I add the IP address 192.168.22.10 to the Sangfor global whitelist, will the policy I applied to my LAN network be effective on this IP or not?

Farina Ahmed has solved this question and earned 10 coins.

Posting a reply earns you 2 coins. An accepted reply earns you 20 coins and another 10 coins for replying within 10 minutes. (Expired) What is Coin?

Enter your mobile phone number and company name for better service. Go

Adding the IP address 192.168.22.10 to the Sangfor global whitelist typically exempts it from the content/web filtering policies applied to the LAN network (192.168.22.1/24). By whitelisting this specific IP, Sangfor NGAF usually bypasses the applied policies for this particular address, allowing unrestricted access regardless of the restrictions imposed on the rest of the LAN network. Therefore, content filtering policies would not affect the whitelisted IP, granting it unimpeded access to the internet or specified resources.
Is this answer helpful?
jerome_itable Lv3Posted 11 Jan 2024 08:35
  
No, the content/web filtering policy you applied to your LAN network will not be effective on the IP address 192.168.22.10 if it's added to the Sangfor global whitelist.

Here's how Sangfor NGAF prioritizes rules:

    Global Whitelist: Entries in the global whitelist take precedence over most other rules, including content/web filtering policies applied to specific networks.
    Network-Specific Policies: Rules applied to specific networks (like your LAN policy) are evaluated next.
    Default Policies: If no network-specific policies match, default policies are applied.

In your scenario:

    When traffic from 192.168.22.10 reaches the NGAF, it first checks the global whitelist.
    Since 192.168.22.10 is whitelisted, it's allowed to pass through without being subject to the LAN-specific content/web filtering policy.
Imran Tahir Lv4Posted 10 Jan 2024 22:54
  
Whitelist mean allow your local address to communicate withe others some time these IP block then users faced some issue unable to open attachments, picture not displaying
damulagski Lv3Posted 10 Jan 2024 16:35
  
the IP address that you have on your global whitelist will not be affected by your policy. It is advised that you use a global whitelist to define a customized policy to accept or refuse communications for security purposes.
LucyHeart Lv3Posted 10 Jan 2024 16:34
  
Yes, policies such as bandwidth, security, and application policies won't be applied to IP addresses that you place to the whitelist (in SOC).
However, bear in mind that this IP address is weak and could open a backdoor in your network security.
Thus, it is not advised.  
Rica Cortez Lv2Posted 10 Jan 2024 16:34
  
The LAN network's content/web filtering restrictions are normally not applied to IP addresses that are added to the Sangfor global whitelist, such as 192.168.22.10 (192.168.22.1/24). Sangfor NGAF typically gets around applied regulations for this IP address by whitelisting it, granting unrestricted access despite any limitations on the rest of the LAN network. Thus, the whitelisted IP would be unaffected by content filtering regulations, allowing it to access the internet and designated resources without any difficulty.
babeshuka Lv3Posted 10 Jan 2024 16:33
  
There is absolutely no impact at all from going to Sangfor's global permission list where you create and add your LAN IP address, 192.168.22.10.
noime Lv3Posted 10 Jan 2024 16:31
  
My understanding is that since the content and filters are deemed to satisfy all policies, there won't be any action taken.
RegiBoy Lv5Posted 10 Jan 2024 16:27
  
In general, when you apply content or web filtering policies to a LAN network, those policies are typically enforced based on the IP addresses or IP ranges specified in the policy settings. If you add an IP address to a global whitelist (in this case, 192.168.22.10 to the Sangfor global whitelist), it usually means that the content filtering policies will not be applied to that specific IP address.
Tayyab0101 Lv2Posted 09 Jan 2024 21:41
  
there will be no effect on that as you are sitting in the very same vlan.
cyber5566 Lv1Posted 09 Jan 2024 17:18
  
only 192.168.22.10 will be whitelist but it's not recommendation because fiture whitelist will be bypass any security you create.

I Can Help:

Change

Moderator on This Board

11
7
5

Started Topics

Followers

Follow

1
3
5

Started Topics

Followers

Follow

0
4
5

Started Topics

Followers

Follow

67
20
3

Started Topics

Followers

Follow

3
14
3

Started Topics

Followers

Follow

1
137
3

Started Topics

Followers

Follow

Board Leaders