In the 24-Hour Traffic graph under Logs -> Logs Analysis > Attack Traffic Statistics of ADS, you will find the graph displaying three lines: ALL_RX_MAX (represented by the red line), ALL_RX (represented by the green line), and ALL_TX (represented by the blue line). The explanation of each line is: It’s important to note that the […]

When NTA detects abnormal traffic, it can notify ADS to divert the traffic. ADS sends route diversion notifications to the router, redirecting the traffic to ADS for cleaning. Based on this scenario, this article will summarize troubleshooting directions when traffic is not successfully diverted to ADS. 1. Check whether automatic diversion is triggered. You can […]

NTA supports configuring automatic diversion for Region/IP Group traffic alerts and Region/IP Group DDoS attack alerts. There are different diversion methods for various scenarios, including ADS Diversion, Flowspec Diversion, BGP Diversion, and Null-Route Diversion For the Region/IP Group traffic alert, the following conditions must be met to perform automatic diversion after the alert is triggered: […]

Simple Network Management Protocol (SNMP) is an application-layer protocol that transmits management data between network devices. SNMP belongs to the Transmission Control Protocol/Internet Protocol (TCP/IP) family and is one of the most widely used network protocols for managing and monitoring network components across a variety of industries. The majority of network components come with an […]

You may have seen that there are two diversion modes in NTA alerts. They are Auto IP diversion and Auto group diversion. The Auto group diversion is triggered by the Region/IP Group Traffic Alert (at step 3 when configuring Regions or IP Groups). The Auto IP diversion is triggered by the Region/IP Group DDoS Attack […]

When you configure a protection policy for your protected website and set the protection action to block, NSFOCUS WAF supports three methods to execute blocking actions: Source IP Block, Session Block, and UA Block. Session Block and UA Block are newly added on system version 6073. Each block supports three forms: Never, Permanently block, and […]

Traffic Abnormal does not differentiate between alert types. Any instance where the total traffic volume for a single destination IP exceeds the threshold is considered a traffic anomaly.

Customers can enable SMTP functionality to ensure timely receipt of alert notifications and device logs. Below are the steps to configure SMTP functionality. Configuring an SMTP Server 1. Choose Administration > Third-Party Interface > Email Service and click SMTP Server 2. Configure parameters Parameters for configuring an SMTP server： Parameter Description SMTP Server Address Specifies […]

NSFOCUS WAF supports multiple running modes. You can modify the running mode based on the network topology. Deployment Topology Deployment Topology can be set to In-Path, Out-of-Path, Reverse Proxy, Mirroring or Plugin-enabled. Mode Configuration Mode Configuration can be set to one of the following values (modes vary with deployment topologies): Emergency Mode After entering the […]

Exception policies are supplements or restrictions to configured basic or advanced protection policies. On the Exception Policy page, you can create, edit, delete, and duplicate exception policies. You can also create and edit exception policies on the Website Protection page. Configuration procedure: Choose Security Management > Policy Management > Exception Policy, click Create in the […]