Professional Documents
Culture Documents
Sangfor - NGAF - v8.0.39 - User Manual - EN (DNS - Conf)
Sangfor - NGAF - v8.0.39 - User Manual - EN (DNS - Conf)
Sangfor - NGAF - v8.0.39 - User Manual - EN (DNS - Conf)
Preferred DNS: Set the DNS server address used by the NGAF device to access
the Internet. The NGAF device uses this DNS address as the first choice for
resolution.
Alternate DNS: Set the DNS server address used by the NGAF device to access
the Internet. If the NGAF device fails to resolve the preferred DNS server
address, the alternate DNS server address is selected for resolution.
DNS Proxy: After this function is enabled, the LAN user's DNS address is set as
the interface IP address of the NGAF device, which forwards the LAN user's
DNS requests to the preferred and alternate DNS servers set for the device.
DNS proxy uses port TCP/53. After it is enabled, this port on the firewall can be
accessed from all zones. Suppose the firewall is deployed at the network
egress. In that case, it is recommended to deny access to this port from the
Internet zone by configuring it under Policy > Access Control > Local Access
Control.
The DNS transparent proxy page is for intranet users whose DNS address does
not point to the NGAF device but request to transmit through the NGAF. The
NGAF's transparent DNS proxy resolution settings are shown in the following
figure.
External DNS Server: Set the external DNS server address for the DNS
transparent proxy, such as 114.114.114.114. For the DNS address set here,
when the DNS Transparent Proxy is enabled, the domain names not uploaded
from the Upload Domain File will be subject to proxy resolution using the
external DNS address set here.
Local DNS Server: Set the local DNS server address for the DNS transparent
proxy. When the DNS Transparent Proxy is enabled, only the domain names
Version 02 (Aug. 08, 2021) 169
Sangfor NGAF User Manual Network
uploaded from the Upload Domain File will be subject to proxy resolution
using the local DNS address set here.
DNS Transparent Proxy: Set the switch options for enabling/disabling the
DNS transparent proxy function.
Upload Domain File: Set the domain names that need to be resolved through
the local DNS address configured in the Local DNS Server. Under normal
circumstances, for access with the domain name of the company's website, it
directly resolves the LAN IP address of the website.
5.6 DHCP
The Dynamic Host Configuration Protocol (DHCP) is a network protocol used
on local area networks, allowing a server to manage a range of IP addresses so
that a client can automatically obtain the IP addresses and subnet masks
assigned by the server when logging in to the server. The NGAF device is
deployed in the user environment, serving as a DHCP server to assign
corresponding IP addresses to clients.