Understanding Whitelists for UDP Flood Screens


Junos OS provides the administrative option to configure a whitelist of trusted IP addresses on UDP flood. When UDP flood is enabled, all the UDP packets that are above the threshold value will be dropped. Some of these packets are valid and should not be dropped from the traffic. When the whitelist is configured on UDP flood screen, the source addresses or to the destination addresses in the list are allowed to bypass the UDP flood detection. This feature is needed when all traffic from addresses in the whitelist groups should bypass UDP flood check.

Both IPv4 and IPv6 whitelists are supported. Addresses in a whitelist should be all IPv4 or all IPv6. In each whitelist, there can be up to 32 IP address prefixes. You can specify multiple addresses or address prefixes as a sequence of addresses separated by spaces and enclosed in square brackets. You can configure single address or subnet address.


UDP flood screen whitelist is not supported on SRX5400, SRX5600, and SRX5800 devices.