#Configuration# SangforNGAF Bridge mode in Trunk port Deployment Configuration Guide
  

Rhebie Lv3Posted 18 Oct 2022 16:30

#Configuration# SangforNGAF Bridge mode in Trunk port Deployment Configuration Guide
Product:NGAF
Version:8.0.35
1. Introduction
1.1 Scenario
The enterprise network is across-tier layer 3 environment, there are routers deployed on the publicnetwork gateway, the original environment cannot be changed, and need totransparently deploy the NGAF device into the network.
1.2 Requirements
1. NGAF with firmware version of 8.0.35.
2. ConfigurationGuide
Topology:
89562634e63841477a.png
Step 1. Loginto the device via the default IP of the management port (ETH0). The default IPof the management port is 10.251.251.251/24. Configure an IP address in thesame network segment on the computer via https://10.251.251.251.
Step 2. InNetwork > Interfaces > Physical Interface, click the interface that needsto be set as the external network interface, select eth2 as the externalinterface, select Layer 2 for Type, select the custom uplink area for the area,select the WAN attribute checkbox, and the connection type as Trunk.
77601634e6395cef30.png
Step 3. InNetwork > Interfaces > Physical Interface, click the interface that needsto be set as the intranet interface, select eth3 as the intranet interface,select the Layer 2 for Type, choose the custom down-linked zone for the area,and Trunk for the connection type.
51025634e63a526c04.png
Step 4. Configurethe management interface in Network>Interfaces>VLAN Interface, configurethe logical interface of the VLAN interface as the management interface withVLAN ID 2, and assign the management address 192.168.2.2/24.
74278634e63b3f1a47.png
Step 5. Configurethe route. You need to configure a default route to 0.0.0.0/0.0.0.0 pointing tothe same network segment as the management IP of the predecessor gateway192.168.2.1, enter Network > Route > Static Route to configure, click NewStatic Route, configure the default route Dst IP/Netmask to 0.0.0.0/0, the Next[1]Hop IP is 192.168.2.1.
4275634e63c5cd196.png
Step 6. .Configure the application control policy to release the Internet accessprivileges for intranet users. In Policies>Access Control>ApplicationControl Policy, add a new application control policy to release theinside-to-outside data access privileges, select a custom lower-link area forthe source area, select a custom intranet for the source address, select acustom upper-link area for the destination area, all for the destinationaddress, any for the service, and all for the application.

64763634e63d2268ed.png
Step 7. Oncethe basic configuration is complete, connect the device to the network, witheth2 port connected to the front routing and eth3 port connected to theintranet layer 2 switch.

3. Precaution
1. Confirm the interface properties of the upstream anddownstream devices. If the other party is a Trunk interface, the AF interfaceneeds to select Trunk.
2. Need to confirm the deployment environmentof the firewall, pay attention to not loop.
3. Through the VLAN IP or separate configuration managementinterface to manage the device.

Like this topic? Like it or reward the author.

Creating a topic earns you 5 coins. A featured or excellent topic earns you more coins. What is Coin?

Enter your mobile phone number and company name for better service. Go

rivsy Lv5Posted 18 Oct 2022 16:37
  
thank you for this wonderful information
Newbie517762 Lv5Posted 19 Oct 2022 12:30
  
Thanks for your great job !