{{ secondMenu.name }}
On the Network Parameters page, you can set the parameters related to the global network.
TCP Conn Timeout (secs), UDP Conn Timeout (secs), and ICMP Conn Timeout (secs): Specify the timeout for TCP, UDP, and ICMP connections. When no new packets are generated in this connection in the specified time, the connection is considered time out and therefore disabled.
FTP Port, RTSP Port, SIP Port, SQLNET Port, TFTP Port, and PPTP Port: Specify protocol ports. If the device should serve as an application-layer proxy of these protocols in the network and the ports are not the default ones, the port information should be modified.
IP Address: Specify the default IP address of the MANAGE interface.
Peer IP Address: Specify the peer IP address for accessing the NGAF device through the management interface.
Access Control: After you select Enable for this parameter, the source IP addresses that access 10.251.251.251, the device's super management IP address, are only allowed to access the IP address set for the Peer IP Address parameter.
vlan0 IP: Specify the IP address for the NGAF device to redirect some pages.
Web Auth IP: Specify the IP address for NGAF that enables user authentication to redirect to the authentication page.
RAS: Specify the port of RAS. By default, this parameter is set to UDP port 1719.
Q931: Specify the port of Q931. By default, this parameter is set to TCP port 1720.
SIP Port: Specify the port of the SIP. By default, this parameter is set to UDP port 5060 and TCP port 5060.
ARP Broadcast Interval (secs): Specify whether to enable the free ARP broadcast and the interval for regularly sending the free ARP broadcast. We recommend that you enable this parameter. To avoid excessive gratuitous ARPs, the default interval is 30 seconds.
Specify the display mode of the business asset security page or user security page. A cache mode and real-time mode are available.
Send TCP Reset message to deny request: Specify whether to send the TCP reset message and disconnect data connections denied by the device policy.
Detect abnormal packets: When this feature is selected, drop abnormal TCP messages. To prevent losing normal TCP messages, do not enable this feature for deployment (e.g., asymmetric routing) requiring no special attention to the TCP status.
Send TCP Reset message in mirror mode to deny request: Specify whether to allow the device to send the TCP reset message in mirror mode.
Enable Base64 decoding: Specify whether Web App Protection performs a security check on base64 data.
Check Base64 error: Specify whether Web App Protection decrypts packets undergoing hexadecimal encryption over two times.
Enable IPv4/IPv6 support: Enable NGAF to support IPv4/IPv6 dual protocol stack. To enable this function, you must restart the device.
Enable high performance for Internet access: Only available for users in the Internet access scenario. Enabling this function in the case of performance bottlenecks can promote system throughput.
Respond to MAC address changes of Network Neighborhood: Speeds up the response to the changes in the MAC address of the network neighborhood. We recommend that you enable this function in the case of such changes.
Visible to Linux with traceroute command: Already supported in the Windows system by default. This function is only available in the Linux system. When it is enabled, the gateway is visible to the tracing route in the Linux system. For gateway security reasons, this function is disabled by default.
Enable network load balancing on network adapter: Can perform software load distribution to improve performance of the whole device, when the traffic contains a large amount of identical quintuple data including source IP address, source port, destination IP address, destination port, and transmission-layer protocol.
Enable Inbound DoS protection: Choose Policies/Security Policy/DoS/DoS/DDoS Protection and select WAN to LAN attack protection policy.
Enable source-IP based layer 7 packet scheduling: Enable NGAF to allocate traffic to different CPU resources.
Enable layer 7 overload protection: Enable the function when the application layer overload priority to ensure that the network is normal and bypass some traffic.
Enable application control based on domain name: When you select this option, the system supports domain name-based control of the application control policy.
Enable body identification: Judges the data type according to the body content.
Enable associating policy-based route with applications: Specify whether to associate the policy-based routing with applications.
Allow modifying interface count in HA mode: If the number of interfaces on HA nodes is inconsistent, you can enable this feature and go to System > High Availability > Physical Interfaces to change the number of interfaces. Please disable this feature after you complete the change.
Disable TCP connection reuse: A new connection will be opened for subsequent sessions that have the same 5-tuple (source/destination IP address, source/destination port, and protocol). TCP connection reuse is enabled by default.
{{ $t('index.defaultHeader.chromeBrowserTip') }}