SANGFOR NGAF V8.0.

35 Associate

NGAF Introduction
1 Introduction
4

2 Deployment

3 VPN

4 User Authentication

5 Bandwidth Management

6 Network Security

7 Device Management
1. Introduction
New Threats, New Security
Security Trend
• A large number of new applications built on the HTTP/HTTPS standard
protocol
• A number of threats to rely on the spread of the spread of the application
• Gartner report: 75% of the attack from the application layer
• Difficulties of O&M for Network Security

Traditional Security Model is Outdated !

• No Visibility of Users, Traffic and IT Assets !
• No Real-Time Detection, No Post-Event Detection, Slow
Response !
• Difficulties of O&M for Network Security, Time Wasted !
• Low Performance for L7 Application Layer Security !
Security evolution

TECHNOLOGY
• Http/Web-
• Packet filter • Signature • DPI
based attack
• Stateful • Anomaly • Malware
• Automatic
• ACL • Heuristic • Sandboxing
policy learning

SECURITY
Firewall IPS…UTM NGFW/APT WAF
1990s’ 2000s’ 2000s’-2010s’ 2000s’-2010s’

• Insufficient detection capability

• Lack of detection tool
• High cost has limited deployment of advanced security solutions
Security evolution
• Http/Web-
• Packet filter • Signature • DPI
based attack
• Stateful • Anomaly • Malware
• Automatic
• ACL • Heuristic • Sandboxing
policy learning
Affordable Total Threat Prevention to All Business Networks

Total Cost of Ownership

Total threat prevention

Firewall IPS APT/NGFW WAF

1990s’ 2000s’ 2000s’-2010s’ 2000s’-2010s’

Risk mitigation NGFW+ WAF in one box

Security effectiveness Decryption security operation

NGAF Function
Network Business Visibility APP security
security Traffic APP security protection
BM
identification
IPS WAF
Authentication Core Bandwidth
OA business guarantee
APT Anti-virus
NAT
Legitimate Bandwidth potential
business limitation threat
Dos/DDoS
unknown Threat
Illegal
Block
VPN business Backtracking Sandbox

App control log Network security log

Traffic log Report Center Risk Assessment

Real-time vulnerability analysis WEB Scanner

Once Multi- Cross- Efficient

analysis core module algorithm

High performance
2. Deployment
Deployment
NGAF has flexible network adaptability, could deploy as route mode, bridge mode, virtual
wire mode, mixed mode, mirror mode, HA(High availability), support RIP, GRE,OSPF as
well.

Route Mode Bridge Mode Mixed Mode Mirror Mode

3. VPN
IPSEC VPN, SANGFOR VPN & SSL VPN
NGAF provide three type VPNs, IPSEC VPN, SSL VPN, SANGFOR VPN.
User can work at anywhere with VPN.
4. User Authentication
User Authentication
Authentication effectively identify legal users.

NGAF can also do authentication with third-party

server, like AD server, radius.
5. Bandwidth Management
Bandwidth Management
BM can limit the non-work related traffic ,
protect the core business and the core user's
bandwidth, enhance bandwidth value.
Traffic visibility
Granularity:
• BW Guarantee: Min& Max, priority
• BW Limit: Max, priority
• Downlink & uplink control
• Per user max bandwidth
Flexibility
• Application, URL, user, schedule, dst. IP, Sub-
interface, VLAN
6. Network Security
Content Security
Access control based on application. NGAF recognizes more than 10000 applications and
rules.

Deep
identification

Advanced
identification
Content Security
Content policy

Contain 3 functions:
• Mail protection: mail attachments
virus detection, mail attachments
filtering, XSS attack detection,
Collision Attack
• URL filtering: HTTP(GET),
HTTP(POST), HTTPS filtering
• File protection: HTTP/ FTP
download/upload virus detection and
file type filtering
DOS/DDOS
DOS attack ：DOS (Denial of Service) , is an attempt to make a machine or network resource unavailable to
its intended users.
DDOS attack：DDOS (Distributed Denial of service) is a lot of DOS attack on a machine or network
resource.
NGAF anti-DOS/DDOS have two type “outside attack” and “inside attack”.
Inbound attack：Mainly for protect internal server not being attack from external zone.
Outbound attack：Mainly for protect device itself or LAN traffic.
APT
The infected viruses/Trojans PC attempt to communicate with the C&C server, NGAF identify the
traffic, block and record the log according to the user policy, help customers to locate the infected PC
and block its network traffic, to avoid some illegal malicious data into the client, provide a better
protective effect.

NGAF Malware Signature

Database contains 12 type: trojan,
adware, malware, spy, backdoor,
worm, exploit, hack tool, virus,
malware site, locky virus, mobile
botnet.
It is more than 400,000
signatures.
Sandbox
4.2 Cloud Sync Update 2. Sandbox Detection
is Performed

3. Generate Security Rules

Detection in SandBox Environment:
• Process creation
4.1 Safety • File system modifications
Rules • Registry modification
1. Suspicious Delivered
Traffic Reporting
IPS
IPS (Intrusion Prevention System) is base on packet detection
to discover potential threats in internal system. Regardless
operating system or applications running on top of it are likely
to have some security vulnerability, an attacker could exploit
these vulnerabilities with aggressive attack packets.

NGAF had built-in rules to protect against security vulnerabilities. NGAF will compare the packet that
enter to the network with the built-in vulnerability rules and determine the purpose of this packet then
decide whether to allow or deny these packet enters the target area network base on user configuration.
WAF
Server protection mainly used to prevent attack from un-trusted zone (such as the Internet) on
the target server. Currently NGFW focused on providing protection on Web and FTP
applications.

• Web App Protection , SQL injection, XSS attack, Trojan horse, Website scan, WEBSHELL,
CSRF, OS command injection, File inclusion, Path traversal, Information disclosure, Web site
vulnerabilities
• Application hiding, Hide application server version to prevent the attacker found the
appropriate holes from the version information
• Password Protection, prevent attacker brute force user passwords
• Privilege control， prevent malicious files uploaded to the protected URL path.
• DLP， provides scanning on sensitive data (plain text) in HTTP server, block when data leak
is found and filter downloading file type
WAF

OS Command Injection CSRF

Website scan WEBSHELL

SQL Injection Web protection Website Trojan

XSS Attack
File Inclusion

Path Traversal Information disclosure

Security Solution
This is the Sangfor next-generation security solution with coordination among cloud, endpoint and
boundary appliances, building a wholesome and comprehensive security system that can give advisory
prior to, protect during, detect and respond after an intrusion event, give risk analytics and advisory from
security engines in Cloud, detection and response from endpoint protection agent, detection and
protection on boundary appliance.
Monitor
Monitor can be used to query and statistics of each function module generated log. For example,
you can check out the WEB application protection blocking attacks, and can query to attack the
source IP, target IP and other detailed information. Can count the server in the specified time by
the number of DOS attacks, etc..
7. Device Management
How to login NGAF
Default IP address of manage port (EHT0): 10.251.251.251
Default username/password is admin/admin
How to upgrade NGAF
You can upgrade NGAF with Firmware Updater.

Click ‘update’ to
upgrade the device.
You can press ‘F10’ to
get more details.
How to restore NGAF to defaults
Restore NGAF with updater:
1. Connect to NGAF with firmware updater.
2. Press F10, and choose the Restore Factory Defaults.
3. Choose the corresponding update package and restore it.
How to restore NGAF to defaults
Go to System > Maintenance > Backup/Restore, restore NGAF to defaults with WebUI:
How to reset the NGAF password
Restore password with USB Drive:
1. Create an empty txt file named reset-password.txt or Copy the reset-password.txt file to the
root directory of U Disk;
2. Insert the U disk, restart the device;
3. When the device can normally log on the WebUI, pull out the U disk;
4. See the results of the U disk file reset-password.log,If the recovery is successful, record the
restored console password in this file, otherwise the log is recorded the recovery failure
information.
Notes:
1.This TXT file can be directly on the windows system to establish a empty TXT file, the file name
to reset-password.txt;
2.The txt file must be in the root directory of the U disk;
3.U disk can be single or multiple partitions. A single partition of the U disk format must be FAT32;
multi partition U disk must put the txt file in the first partition, and the first partition format must
be FAT32.
Thank you !
[email protected]
community.sangfor.com

Sangfor Technologies (Headquarters)

Block A1, Nanshan iPark, No.1001
Xueyuan Road, Nanshan District,
Shenzhen, Guangdong Province,
P. R. China (518055)