Alarm for Gateway Firewall UDP Flow Count Exceeded
Article ID: 372659
Updated On:
Products
VMware vDefend Firewall
VMware vDefend Firewall with Advanced Threat Prevention
VMware NSX Firewall
Issue/Introduction
Products: VMware NSX Firewall / VMware vDefend Firewall
Title: Alarm for gateway_firewall.udp_flow_count_exceeded
Event ID: gateway_firewall.udp_flow_count_exceeded
Added in release: 3.1.3
Alarm Description:
Purpose: The gateway firewall flow table for UDP traffic has exceeded the set threshold
Impact: New flows will be dropped by Gateway firewall when usage reaches the maximum limit. The maximum limit is set through the flood protection profile applied on the gateway.
Environment
VMware NSX-T Datacenter
VMware NSX
Resolution
- Log in as the admin user on Edge node and invoke the NSX CLI command `get firewall <INTERFACE_UUID> interface stats | json` by using right interface uuid and check flow table usage for UDP flows.
- Use the NSX CLI command `get firewall <INTERFACE_UUID> connection state' and check the number of connections for a given interface.
- Check traffic flows going through the gateway is not a DOS attack or anomalous burst. If the traffic appears to be within the normal load but the alarm threshold is hit, consider increasing the alarm threshold or route new traffic to another Edge node.
Feedback
Yes
No
Powered by
