Solved

Juniper NS5GT Alerts - UDP flood from IP phone 50 times

Posted on 2009-04-07
2
1,463 Views
Last Modified: 2012-08-14
Let me preface by saying I'm a newbie with configuring firewalls.

We are using a Juniper NS5GT firewall and a Cisco 2801 Router with VLANs for voice (IP phones) and data. Many of our IP phones give us Alerts in the Alarms section on the Juniper firewall. It's almost always 50 times.

We have our Screening > Screen UDP Flood Protection checked and the threshold is set to 1000 (which is the default). A logfile is attached.

Any ideas or questions are welcome. Thanks in advance
-evt-log.txt
0
Comment
Question by:bmcomputer
2 Comments
 
LVL 18

Expert Comment

by:deimark
ID: 24094660
What version of Screenos you using bud?  If you are using anything less than 5.4, I would consider upgrading here, as I have seen older versions of screenos give false positives of screen attacks.

ALso, I see that you have turned the screen functionality on for the trust zone, ie inside your network.  Normally, we would only turn on the screen protection for the external zone/interface as our internal networks "normally" do not try to DOS us.

If you do need to have the screen function turned on for internal networks, we need to find out why the phones are causing these alerts, ie are the phones just spamming your net and all it needs is turned off, or are these real false positives being detected by the Juniper.

So I would:

1.  Upgrade screenos to 5.4 (if not already)
2.  Find out why the phones are so noisy - is it real traffic or just random chatter?

If the phones are working correctly you need to consider if you actually need the screen protection on inside zones.  If phones are just noisy, speak to vendor to try and get them quietened down a bit.

Either way, I would say that the vendor of the phones should have experience of other customers that have had your issue, so have a look at your phone vendors support site/KB to see if this is a common prob.
0
 

Accepted Solution

by:
bmcomputer earned 0 total points
ID: 24172940
It turned out that the upstream changed their router IP address which caused our problem. Once he fixed the route in our Cisco router the errors stopped and everything is working fine now. Our situation is complicated, as we have a T1 and a DSL. Thanks for the advice on our firewall settings. We are using 5.2, so we'll upgrade to 5.4.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-poi…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

823 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question