#Configuration Guide# Sangfor NGAF Anti-Dos/DDos Configuration Guidelines
  

jetjetd Lv5Posted 30 Jun 2022 22:34

Last edited by jetjetd 30 Jun 2022 23:59.

Sangfor NGAF Anti-Dos/DDos Configuration Guidelines



Product: NGAF

Configuration Steps——


Configuring Inbound Attack Protection


Step 1.  Go to Policies > Network Security >Anti-Dos/DDos

Step 2.  By default, the inbound attack protection isdisabled. To use it, we are required to enable it. Go to System > General> System. Click on “Network” tab.

Step 3.  Tick the option “Enable protection against outside DoS attacks. Click “OK” to save it.

Step 4.  Go to Policies again > Network Security> Anti-Dos/DDos. Now you are able to create the inbound attack protection.

Step 5. Enter the policy name.

Step 6.  Enter the LAN zone as the source zone. Enable the defense against ARP flooding attack option.

Step 7.  For “Scan Prevention”. Enable the IP scan and Port scan prevention. Click OK when finish.

Step 8.  Select “All” user or specific the internal user.

Step 9.  For the attack type. Make sure the protection of SYN flood, UDP flood, DNS flood, ICMP flood and ICMPv6 is enabled.


Step 10.  Next ensure the log event and deny action is enabled.

Step 11.  Click on “Advanced” option. Tick all the packet-based attack protection except “Sending IP fragment” because the IP fragment isexisting in a normal network environment.

Step 12.  Next, tick all the protection in “Bad IP Options” and “Bad TCP Options”. Click “OK” to save configuration.


Inbound Attack policy has been created successfully.



Configuring Outbound Attack Protection

Step 1.  Go to Policies > Network Security >Anti-Dos/DDos. Click and select the outbound attack protection

Step 2.  Enter the policy name. Select the WAN zone asthe source zone.

Step 3.  For scan prevention, Enable the IP scan and Port scan prevention.

Step 4.  For the attack type, make sure the protection of SYN flood, UDP flood, DNS flood, ICMP flood, and ICMPv6 flood is enabled. Click “OK” when done.

Step 5. Next, ensure the log event and deny action is enabled.

Step 6. Click on “Advanced”option. Tick all the packet-based attack protection except “Sending IP fragment” because the IP fragment is existing in a normal network environment.Click “Ok” to save the configuration.

Outbound Attack policy has been created successfully.
-END-

Like this topic? Like it or reward the author.

Creating a topic earns you 5 coins. A featured or excellent topic earns you more coins. What is Coin?

Enter your mobile phone number and company name for better service. Go

jetjetd Lv5Posted 03 Jul 2022 01:01
  
I hope everyone will find my guide useful.
RegiBoy Lv5Posted 20 Jul 2022 16:27
  
Thank you for sharing this english version. It is informative and useful
Imran Tahir Lv4Posted 20 Jul 2022 19:30
  

Thank you for sharing this english version
Faisal P Posted 09 Oct 2022 16:45
  
Thank you very much for the information ...
CLELUQMAN Lv4Posted 19 May 2023 11:27
  
Rating: ⭐️⭐️⭐️⭐️ (4/5)

Review:

I like to explore and learn more about NGAF, the guide to configure Sangfor NGAF Anti-Dos/DDoS from jetjetd are clear and well-organized. But, it will be very much better if the guide is in the latest version of NGAF.
Naomi Posted 25 May 2023 10:54
  
The guide is incredibly useful, offering step-by-step instructions.
Natsu Dragneel Lv3Posted 25 May 2023 10:56
  
The article is filled with helpful screenshots that enhance comprehension.
NeTSec Lv3Posted 25 May 2023 10:58
  
It's an informative article that educates and empowers readers.
jesspastor Lv2Posted 25 May 2023 11:02
  
It's a user-friendly article that caters to various skill levels.