Set a higher UDP Flood Attack Threshold (UDP Packets / Sec). The default value is 1000. Based on your environment you can increase this to 5000 or 10,000 and test what works for your setup.
hey thanks. maybe i ll try to enable flood protection once again. this will also help if sonicwall support activates it with random values and says we have in internal issue in the network if not everything works now with flood protection enabled.
@Ajishlal Thank you for clarification that it is. I simply looked at the article you originally linked, which DID NOT contain any information that it was deprecated.
Answers
Hi @Darshil,
At this moment, the other way around is possible. You can include the list of IP addresses that you want to protect from the UDP flood.
Hope this helps.
Note: This community post is more of a Question & Answer. So, hence categorizing the same under Q&A section.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
Hi @Darshil ,
Was your question resolved?
@Saravanan i had view problems with zoom meetings with activated udp flood protection. It was enabled with the default values.
Could you advice a best practise for enabling flood protection (udp,tcp,ping)
--Thomas
Default values are terribly low. My general rules of thumb:
UDP - Half of the total # connections supported by the device
TCP - One-third of the total # of connections supported by the device
ICMP - 2000 p/s
Note the total number of connections depends on your DPI or SPI settings and model. See here for how to check: https://www.sonicwall.com/support/knowledge-base/monitor-connections-on-the-sonicwall-firewall/170505575310244/
@ThK
Set a higher UDP Flood Attack Threshold (UDP Packets / Sec). The default value is 1000. Based on your environment you can increase this to 5000 or 10,000 and test what works for your setup.
Follow below KB
that seems like a good guide to me . I will adapt this for my firewalls - thank you !
--Thomas
@ThK You're welcome.
hey thanks. maybe i ll try to enable flood protection once again. this will also help if sonicwall support activates it with random values and says we have in internal issue in the network if not everything works now with flood protection enabled.
I was just plaxing around so for icmp it would be this seeting:
for udp it would be this:
and for tcp? i am unsure:
is it this one?
@Chojin Each Protection category would get 1/3 of the total e.g.
Layer 3 SYN Flood Protection : Attack Threshold: 166000
Layer 2 SYN/RST/FIN/TCP Flood Protection: Threshold: 166000
WAN DDOS Protection: Threshold: 166000
Don't forget to toggle to IPv6 for these settings if you are using it.
@Chojin @TKWITS @Darshil
The WAN DDOS Protection (Non-TCP Floods) panel is a deprecated feature that has been replaced by UDP Flood Protection and ICMP Flood Protection.
@Ajishlal Nowhere in that article does it say WAN DDOS Protection (Non-TCP Floods) is deprecated...
@TKWITS
Please find the below KB's from sonicwall.
Please find the Sonic OS 6.5 Administration Guide for the WAN DDOS protection (Non-TCP Floods); Page no:22
@Ajishlal Thank you for clarification that it is. I simply looked at the article you originally linked, which DID NOT contain any information that it was deprecated.
@TKWITS
oh thats a good point....espeiclally when support activates this for troubleshooting.