Professional Documents
Culture Documents
04.NGFW Firewall Feature
04.NGFW Firewall Feature
Firewall feature
NAT
Understand source address translation, destination
address translation or both way address translation.
Master on configuration.
DOS/DDOS Protection
Master DOS and DDOS protection function and
applicable environment.
Others Feature
Connection Control : Master on configuration.
2
NAT Introduction
NAT Introduction
NAT :
Requirement :
2.After configure NAT , make sure you have allow the corresponding traffic in “ Access
Control”.
3.When configure DNAT , please make sure server reply to internet traffic also go
through NGFW. If not go through then need to add one SNAT to translate public IP
address to NGFW IP.
Anti DOS/DDOS
Anti DOS/DDOS
DOS attack : DOS (Denial of Service) , is an attempt to make a
machine or network resource unavailable to its intended users.
Outside attack : Mainly for protect internal server not being attack
from external zone.
1.After configure DNS Mapping, internal user access to server will not pass
through NGFW anymore and it is directly access to server internal IP address.
In Bi-NAT, all traffic still will pass through NGFW therefore DNS Mapping can
reduce processing usage of NGFW.
4 、 pc access to192.168.1.2
Configuration :
1
4
ARP Spoofing Prevention
ARP spoofing is a common internal virus. Infected PC will sends
fake Address Resolution Protocol (ARP) messages onto a Local Area
Network and interrupt internal network communication . The entire
network can cause serious disconnection
2.Customer network have layer 3 switch. After enable Anti-DOS for internal attack,
network down and in the logs showing have DOS attack from layer 3 switch MAC
address. So how to resolve this issue.