Firewall Settings : Firewall Settings > Flood Protection
WAN DDOS Protection (Non-TCP Floods)
The WAN DDOS Protection (Non-TCP Floods) panel is a deprecated feature that has been replaced by UDP Flood Protection and ICMP Flood Protection as described in the sections that follow.
Dell SonicWALL recommends that you do not use the WAN DDOS Protection feature, but that you use UDP Flood Protection and ICMP Flood Protection instead.
UDP Settings
Default UDP Connection Timeout (seconds) - Enter the number of seconds of idle time you want to allow before UDP connections time out. This value is overridden by the UDP Connection timeout you set for individual rules.
UDP Flood Protection
UDP Flood Attacks are a type of denial-of-service (DoS) attack. They are initiated by sending a large number of UDP packets to random ports on a remote host. As a result, the victimized system’s resources will be consumed with handling the attacking packets, which eventually causes the system to be unreachable by other clients.
SonicWALL UDP Flood Protection defends against these attacks by using a “watch and block” method. The appliance monitors UDP traffic to a specified destination. If the rate of UDP packets per second exceeds the allowed threshold for a specified duration of time, the appliance drops subsequent UDP packets to protect against a flood attack.
UDP packets that are DNS query or responses to or from a DNS server configured by the appliance are allowed to pass, regardless of the state of UDP Flood Protection.
The following settings configure UDP Flood Protection:
Enable UDP Flood Protection – Enables UDP Flood Protection.
UDP Flood Attack Threshold (UDP Packets / Sec) – The rate of UDP packets per second sent to a host, range or subnet that triggers UDP Flood Protection.
UDP Flood Attack Blocking Time (Sec) – After the appliance detects the rate of UDP packets exceeding the attack threshold for this duration of time, UDP Flood Protection is activated, and the appliance will begin dropping subsequent UDP packets.
UDP Flood Attack Protected Destination List – The destination address object or address group that will be protected from UDP Flood Attack.
ICMP Flood Protection
ICMP Flood Protection functions identically to UDP Flood Protection, except it monitors for ICMP Flood Attacks. The only difference is that there are no DNS queries that are allowed to bypass ICMP Flood Protection.
The following settings configure ICMP Flood Protection:
Enable ICMP Flood Protection – Enables ICMP Flood Protection.
ICMP Flood Attack Threshold (ICMP Packets / Sec) – The rate of ICMP packets per second sent to a host, range or subnet that triggers ICMP Flood Protection.
ICMP Flood Attack Blocking Time (Sec) – After the appliance detects the rate of ICMP packets exceeding the attack threshold for this duration of time, ICMP Flood Protection is activated, and the appliance will begin dropping subsequent ICMP packets.
ICMP Flood Attack Protected Destination List – The destination address object or address group that will be protected from ICMP Flood Attack.