Last edited by Sangfor Elsa 26 Aug 2019 16:06.
Dear all experts here.
I just want to share my experience about the NGAF configuration that I have done. 2 weeks ago we have some task for reconfiguration / optimize our NGAF configuration. We got the NGAF appliance from the vendor as a backup with AR 8.0.7R2 firmware and I configured the NGAF backup with the correct optimization configuration. At this task our service is running well using the NGAF backup for 2 weeks.
Then the next task, i upgrade our NGAF production firmware to AF 8.0.7R2 (before is 7.4) and i put configuration from NGAF backup to our NGAF production. The configuration i completely check is same, cleary same. I have checked from interface, static routing, policy base routing, NAT, application control, etc and i can make sure the configuration is same. So i change the device from NGAF back up to our NGAF production, and the result is :
1. Routing to trusted zones (lan) must first be lured. The NGAF device IP (192.168.30.14/29) can't be reach from trusted zone because route issue. I have to connect my notebook to the NGAF management port, open System - Troubleshoot - Web Console then write the ping command 192.168.30.9 (our distribution switch IP address for ptp to NGAF) the result is reply and the IP of the NGAF device can now be accessed from the trusted zone.
2. NAT issues, we have NAT configuration (SNAT, DNAT, BNAT) all this configuration is not running well. For SNAT i have to disable and enable NAT rule. For DNAT & BNAT i have to check the check box "Matching traffic is allowed by local ACL and application control policies" then OK the rule then uncheck the check box. After that the NAT rule is work properly.
3. Then the route issue can anyone explain (see attachment)
IP 10.20.0.1 is in trusted zone (LAN zone IP interface VLAN). Why in first ping command is reply, then the last ping command the web console reply "Ping command return no value....". FYI i have static route for 10.20.0.1 to 192.168.30.9 (ptp to our distribution switch).
4. VPN issue, last time we use NGAF backup the VPN service is running well. And now some user (not all user) can't access VPN services properly. I have checked the users, resource, role and routing configuration. And i have conclusion that the logic for the configuration is OK.
That's all the weird experience that i have with NGAF
By solving this question, you may help 698 user(s).
Posting a reply earns you
. An accepted reply earns you 20 coins
and another 10 coins
for replying within 10 minutes.
What is Coin?
Enter your mobile phone number and company name for better service. Go