Darshil Newbie ✭
We have enable UDP flood protection in our firewall. So i just want to know can we exclude some IP addresses in flood protection..??
Is it possible to add some range of IP addresses in exception of UDP flood protection.
Category: High End Firewalls
Hey! You will be signed out in 60 seconds due to inactivity. Click here to continue using the site.
At this moment, the other way around is possible. You can include the list of IP addresses that you want to protect from the UDP flood.
Hope this helps.
Note: This community post is more of a Question & Answer. So, hence categorizing the same under Q&A section.
Technical Support Advisor - Premier Services
Hi @Darshil ,
Was your question resolved?
@Saravanan i had view problems with zoom meetings with activated udp flood protection. It was enabled with the default values.
Could you advice a best practise for enabling flood protection (udp,tcp,ping)
Default values are terribly low. My general rules of thumb:
UDP - Half of the total # connections supported by the device
TCP - One-third of the total # of connections supported by the device
ICMP - 2000 p/s
Note the total number of connections depends on your DPI or SPI settings and model. See here for how to check: https://www.sonicwall.com/support/knowledge-base/monitor-connections-on-the-sonicwall-firewall/170505575310244/
Set a higher UDP Flood Attack Threshold (UDP Packets / Sec). The default value is 1000. Based on your environment you can increase this to 5000 or 10,000 and test what works for your setup.
Follow below KB
that seems like a good guide to me . I will adapt this for my firewalls - thank you !
@ThK You're welcome.
hey thanks. maybe i ll try to enable flood protection once again. this will also help if sonicwall support activates it with random values and says we have in internal issue in the network if not everything works now with flood protection enabled.
I was just plaxing around so for icmp it would be this seeting:
for udp it would be this:
and for tcp? i am unsure:
is it this one?
@Chojin Each Protection category would get 1/3 of the total e.g.
Layer 3 SYN Flood Protection : Attack Threshold: 166000
Layer 2 SYN/RST/FIN/TCP Flood Protection: Threshold: 166000
WAN DDOS Protection: Threshold: 166000
Don't forget to toggle to IPv6 for these settings if you are using it.
@Chojin @TKWITS @Darshil
The WAN DDOS Protection (Non-TCP Floods) panel is a deprecated feature that has been replaced by UDP Flood Protection and ICMP Flood Protection.
@Ajishlal Nowhere in that article does it say WAN DDOS Protection (Non-TCP Floods) is deprecated...
Please find the below KB's from sonicwall.
Please find the Sonic OS 6.5 Administration Guide for the WAN DDOS protection (Non-TCP Floods); Page no:22
@Ajishlal Thank you for clarification that it is. I simply looked at the article you originally linked, which DID NOT contain any information that it was deprecated.
oh thats a good point....espeiclally when support activates this for troubleshooting.