What is the most recommended node in Sangfor NGAF

Janong Lv2Posted 30 Dec 2022 06:15

What is the most recommended node in Sangfor NGAF

Siva has solved this question and earned 10 coins.

Posting a reply earns you 2 coins. An accepted reply earns you 20 coins and another 10 coins for replying within 10 minutes. (Expired) What is Coin?

Enter your mobile phone number and company name for better service. Go

It depends on your environment and requirements

Application scenarios for several types deployment modes:

Route Mode: If there is no router as a gateway in the existing environment, AF needs to be used for routing.

Transparent mode and virtual wire mode: Supports all security protection functions (such as IPS, WEB application protection, botnet, etc.), and is suitable for scenarios that does not required to change the original environment and only need to use the security protection functions of AF (no required VPN, routing, NAT, etc.)

Mixed Mode: It mainly refers to the situation that each network port of AF has both a layer 2 port and a layer 3 port. Especially when the server cluster in the DMZ area needs to be configured with a public IP address, the corresponding security functions are supported in mixed mode deployment, such as IPS, WEB application protection, botnet, application control, content security, real-time vulnerability analysis, etc.

Bypass Mode: The device can be mounted on the internal network switch or router to implement the protection functions which does not need to change the user's existing environment at all. Avoiding all possible risk of interruption caused by the device to the user's network.

Single-arm mode: The single-arm port is a routing port that supports routing functions and required to directly connected on network devices to implement policy routing and divert data through AF.


The difference between the deployment modes:

Route Mode: All service ports are Layer 3 routing ports, and IP addresses must be configured to forward data according to the routing table and arp table.

Transparent Mode: All service ports are Layer 2 transparent ports, which are divided into access and trunk attributes.

Virtual Wire Mode: All service ports are virtual network ports. Directly forward or intercept data without checking the routing and forwarding rules, which can be described as the two ends of a network cable.

Mixed mode: All service ports have Layer 2 transparent ports and Layer 3 routing ports

Bypass mode: The interfaces deployed in bypass mode are mirrored ports, which do not support routing and forwarding functions and need to be used in conjunction with the mirroring configuration on the physical switch.

Single-arm mode: The single-arm interface is a routing port that supports routing functions. The policy configuration is similar to the route mode configuration.


Note:

1. All security protection functions of the NGAF can be used in transparent mode, virtual wire mode, route mode and mixed mode.
2. The bypass mode only supports WAF (web application protection), IPS (intrusion prevention system), APT (botnet), Real-Time Vulnerability Analysis, DLP (data leak protection), website anti-tampering function.
3. The functions of NGAF is depends on the deployment mode and not directly related to the AF deployment location.
Is this answer helpful?
Siva Posted 30 Dec 2022 10:08
  
It depends on your environment and requirements

Application scenarios for several types deployment modes:

Route Mode: If there is no router as a gateway in the existing environment, AF needs to be used for routing.

Transparent mode and virtual wire mode: Supports all security protection functions (such as IPS, WEB application protection, botnet, etc.), and is suitable for scenarios that does not required to change the original environment and only need to use the security protection functions of AF (no required VPN, routing, NAT, etc.)

Mixed Mode: It mainly refers to the situation that each network port of AF has both a layer 2 port and a layer 3 port. Especially when the server cluster in the DMZ area needs to be configured with a public IP address, the corresponding security functions are supported in mixed mode deployment, such as IPS, WEB application protection, botnet, application control, content security, real-time vulnerability analysis, etc.

Bypass Mode: The device can be mounted on the internal network switch or router to implement the protection functions which does not need to change the user's existing environment at all. Avoiding all possible risk of interruption caused by the device to the user's network.

Single-arm mode: The single-arm port is a routing port that supports routing functions and required to directly connected on network devices to implement policy routing and divert data through AF.


The difference between the deployment modes:

Route Mode: All service ports are Layer 3 routing ports, and IP addresses must be configured to forward data according to the routing table and arp table.

Transparent Mode: All service ports are Layer 2 transparent ports, which are divided into access and trunk attributes.

Virtual Wire Mode: All service ports are virtual network ports. Directly forward or intercept data without checking the routing and forwarding rules, which can be described as the two ends of a network cable.

Mixed mode: All service ports have Layer 2 transparent ports and Layer 3 routing ports

Bypass mode: The interfaces deployed in bypass mode are mirrored ports, which do not support routing and forwarding functions and need to be used in conjunction with the mirroring configuration on the physical switch.

Single-arm mode: The single-arm interface is a routing port that supports routing functions. The policy configuration is similar to the route mode configuration.


Note:

1. All security protection functions of the NGAF can be used in transparent mode, virtual wire mode, route mode and mixed mode.
2. The bypass mode only supports WAF (web application protection), IPS (intrusion prevention system), APT (botnet), Real-Time Vulnerability Analysis, DLP (data leak protection), website anti-tampering function.
3. The functions of NGAF is depends on the deployment mode and not directly related to the AF deployment location.
Newbie517762 Lv4Posted 30 Dec 2022 12:26
  
It is depend on your daily data throughput to select the NGAF, pls find below for your Ref.
NGAF Throughput.jpg
Faisal P Posted 02 Jan 2023 09:07
  
Sangfor Hyper-Converged Infrastructure (HCI) provides innovative 3rd-gen cloud computing architecture that reduces at least 70% of the TCO, simplifies operations, and multiplies network security. It converges compute, storage, networking and security on a single software stack.
1-stop software-defined data centre solution
Easy operation and quick installation for business-critical applications
Integrates with any commodity servers commercially available in the market
Build your own private cloud, extend to a public cloud or create your own Hybrid Cloud
rivsy Lv5Posted 02 Jan 2023 11:40
  
Sangfor NGAF is based on your current throughtput not on how many nodes or user
Jhazz Lv3Posted 02 Jan 2023 15:04
  
Current licensing option for SANGFOR NGAF is thru throughput of your current connection
RegiBoy Lv5Posted 03 Jan 2023 15:44
  
Recommended mode is Mixed Mode depending on the network requirements.
Luih Miranda Lv3Posted 03 Jan 2023 17:00
  
The most recommended node in Sangfor NGAF will depend on the present throughput.
Imran Tahir Lv4Posted 03 Jan 2023 17:29
  
its depand on you network envirnoment
Newbie308427 Posted 03 Jan 2023 18:20
  
I believe there is no such mode as 'most recommended' in NGAF by Sangfor or other vendor)
It depends on current topology

I Can Help:

Change

Moderator on This Board

1
126
3

Started Topics

Followers

Follow

17
5
0

Started Topics

Followers

Follow

Board Leaders