SonicOS 7.1 Firewall
- SonicOS 7.1
- About SonicOS
- About Firewall
- Advanced
- Flood Protection
- SSL Control
- Cipher Control
- Real-Time Black List (RBL) Filter
- Use cases
UDP Flood Protection
This section is available only in Classic mode. to configure navigate to Network > Firewall > Flood Protection > UDP page.
UDP Flood Attacks are a type of denial-of-service (DoS) attack. They are initiated by sending a large number of UDP packets to random ports on a remote host. As a result, the victimized system’s resources are consumed with handling the attacking packets, which eventually causes the system to be unreachable by other clients.
SonicWall UDP Flood Protection defends against these attacks by using a “watch and block” method. The appliance monitors UDP traffic to a specified destination. If the rate of UDP packets per second exceeds the allowed threshold for a specified duration of time, the appliance drops subsequent UDP packets to protect against a flood attack.
UDP packets that are DNS query or responses to or from a DNS server configured by the appliance are allowed to pass, regardless of the state of UDP Flood Protection.
To configure UDP Flood Protection
-
Enable UDP Flood Protection – Enables UDP Flood Protection. This option is not selected by default.
Enable UDP Flood Protection must be enabled to activate the other UDP Flood Protection options.
-
UDP Flood Attack Threshold – The maximum number of UDP packets allowed per second to be sent to a host, range, or subnet that triggers UDP Flood Protection. Exceeding this threshold triggers ICMP Flood Protection.The minimum value is 50, the maximum value is 1000000, and the default value is 1000.
-
UDP Flood Attack Blocking Time – After the appliance detects the rate of UDP packets exceeding the attack threshold for this duration of time, UDP Flood Protection is activated and the appliance begins dropping subsequent UDP packets. The minimum time is 1 second, the maximum time is 120 seconds, and the default time is 2 seconds.
-
UDP Flood Attack Protected Destination List – The destination address object or address group that will be protected from UDP Flood Attack.
Select Any to apply the Attack Threshold to the sum of UDP packets passing through the firewall.
- Click Accept.
Was This Article Helpful?
Help us to improve our support portal