Juniper NS5GT Alerts - UDP flood from IP phone 50 times

Let me preface by saying I'm a newbie with configuring firewalls.

We are using a Juniper NS5GT firewall and a Cisco 2801 Router with VLANs for voice (IP phones) and data. Many of our IP phones give us Alerts in the Alarms section on the Juniper firewall. It's almost always 50 times.

We have our Screening > Screen UDP Flood Protection checked and the threshold is set to 1000 (which is the default). A logfile is attached.

Any ideas or questions are welcome. Thanks in advance
Who is Participating?
bmcomputerConnect With a Mentor Author Commented:
It turned out that the upstream changed their router IP address which caused our problem. Once he fixed the route in our Cisco router the errors stopped and everything is working fine now. Our situation is complicated, as we have a T1 and a DSL. Thanks for the advice on our firewall settings. We are using 5.2, so we'll upgrade to 5.4.
What version of Screenos you using bud?  If you are using anything less than 5.4, I would consider upgrading here, as I have seen older versions of screenos give false positives of screen attacks.

ALso, I see that you have turned the screen functionality on for the trust zone, ie inside your network.  Normally, we would only turn on the screen protection for the external zone/interface as our internal networks "normally" do not try to DOS us.

If you do need to have the screen function turned on for internal networks, we need to find out why the phones are causing these alerts, ie are the phones just spamming your net and all it needs is turned off, or are these real false positives being detected by the Juniper.

So I would:

1.  Upgrade screenos to 5.4 (if not already)
2.  Find out why the phones are so noisy - is it real traffic or just random chatter?

If the phones are working correctly you need to consider if you actually need the screen protection on inside zones.  If phones are just noisy, speak to vendor to try and get them quietened down a bit.

Either way, I would say that the vendor of the phones should have experience of other customers that have had your issue, so have a look at your phone vendors support site/KB to see if this is a common prob.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.