This document describes how to configure collaboration between ADS and NTA. NTA offers network monitoring and DDoS attack detection. If a DDoS attack is detected, NTA starts collaboration with ADS according to pre-defined rules to notify ADS. Then ADS starts the traffic diversion mechanism to divert suspicious traffic from the router or switch to ADS. […]

Viewing the BGP neighbor status of ADS Choose Diversion & Injection > Diversion Route > BGP Route. In the Route Daemon list, click the Neighbor Status button in the Operation column to view the status of a specified BGP route, as shown in the screenshot below. The displayed page shows the information of BGP neighbors. […]

ADS M can manage NTAs, including checking NTA running status, time synchronization, dispatching IP group configuration of a region, displaying traffic information of NTAs, and receiving logs uploaded from NTAs. The steps to configure the collaboration between ADS M and NTA are as follows: Configuring NTA Step 1: Choose Administration > Third-Party Interface > Management […]

When there is MPLS traffic in the network, there may be jumbo frames whose layer 2 packet including the CRC code has a length greater than 1518 bytes. The NIPS network interface card directly discards these jumbo frames by default, causing network failure. Perform the following check on the client side: 1. Test the client-side […]

O&M personnel can quickly and easily perform operations such as information query and diversion configuration through web APIs. If web APIs of ADS are to be used by the management platform, mutual authentication between the management platform and ADS must be performed first to ensure security. The procedure is as follows: Step 1:Choose System > […]

HTTP access control policies can prevent websites from unauthorized and malicious access by controlling over HTTP requests that protected resources respond to. NSFOCUS WAF inspects requests and takes actions when a request matches any of policies you specified. Multiple policies can be applied to a single website and evaluated in top-down order. Once a packet […]

The blocklist is matched based on the source IP address, destination IP address, or a combination of source and destination IP addresses of a packet. The blocklist works for TCP and UDP transport layer packets. That is to say, after an IP address is added to the blocklist, the ping is successful, but transport layer […]

ADS M supports standalone management and cluster management. In standalone management mode, ADS M manages a single ADS in an in-path or out-of-path deployment. In cluster management mode, ADS M manages multiple ADSs as a cluster for automatic synchronization of device configuration and protocol synchronization among these ADSs. The following describes how to configure stand-alone […]

With the increasing scale of SSL traffic, its disadvantages are becoming more and more obvious. In HTTPS communication, the client needs to start an SSL handshake with the server after the TCP handshake, which may cause SSL delay. In addition, the web server needs to encrypt and decrypt the data in transit, so the SSL […]

NSFOCUS WAF supports five actions for a specific protection policy. Take HTTP access control as an example. You can specify one of the following actions as required: Pass: Indicates that if an access request matches corresponding parameter settings, NSFOCUS WAF directly forwards it to the destination server without any more security inspections. Accept: Indicates that […]