Example: Configuring UDP Flooding Protection (NSM Procedure)

In this example, enable UDP Flooding Protection and set a threshold of 80,000 per second for the number of UDP packets that can be received on IP address in the Untrust zone. When this limit is reached, the device generates an alarm and drops subsequent packets for the remainder of that second.

  1. Add a NetScreen-208 security device. Choose Model when adding the device and configure the device as running ScreenOS 5.1 or later.
  2. In the device navigation tree, select Network > Zone. Double-click the Untrust zone. The General Properties screen appears.
  3. In the zone navigation tree, select Screen > Flood Defense, and then click the UDP Flood Defense tab.
  4. Select UDP Flood Protection and ensure that the threshold is set to 1000.
  5. Click OK.
  6. Click the Add icon to display the New Destination IP based UDP Flood Protection dialog box. Configure the following options, and then click OK:

Related Documentation