The network-layer access control function mainly controls the network layer and transport layer. It is a firewall function. NSFOCUS WAF incorporates this function to enable users to configure network-layer access controls on WAF. This function is available only when NSFOCUS WAF is deployed in in-path or out-of-path mode, but unavailable when the device is in reverse proxy or mirroring mode. Network-layer access control is the first step to protection by NSFOCUS WAF. This means that NSFOCUS WAF matches packets against the network-layer access control policy prior to any other policies.
To configure network-layer access control settings on NSFOCUS WAF, follow these steps:
1. Enable Network-Layer Access Control.
The Policy Enable-Disable module controls whether to enable or disable Network-Layer Access Control, TCP Flood Protection, ARP Spoofing Protection, ADS Collaboration, Transparent Transmission Protection and Reuse of TCP Sequence Number of Client. To make a specific policy take effect, you must first enable this policy.
Choose Security Management > Network-Layer Protection > Policy Enable-Disable and click 
in the Operation column.
2. Configure Network-Layer Access Control.
Choose Security Management > Network-Layer Protection > Network-Layer Access Control and click Create.
3. Set the parameters and click OK.
Parameters for creating a network-layer access control policy:
Note: If Action is set to Block or Forward, this policy must be configured on a WAN interface. If Action is set to Accept, this policy must be configured on both a WAN interface and a LAN interface.
Network-layer access control logs can be viewed under Logs & Reports > Security Protection Logs > Network-Layer Access Control Logs.
