Distributed Firewall kernel flood limit is reaching warning level of 80% or critical level of 98% for the specified protocol
search cancel

Distributed Firewall kernel flood limit is reaching warning level of 80% or critical level of 98% for the specified protocol

book

Article ID: 374036

calendar_today

Updated On:

Products

VMware vDefend Firewall

Issue/Introduction

 

Title: "Distributed Firewall kernel flood limit is reaching warning level of 80% or critical level of 98% for the specified protocol"

Event ID: distributed_firewall.dfw_flood_limit_warning,
                distributed_firewall.dfw_flood_limit_critical

Added in release: 4.1.0

Alarm Description:

    • purpose: This alarm indicates that the flood limit for the specified protocol has reached 80% (warning) or 98% (critical) level. Flood limit profile is used to protect the host from possible DDOS attacks.
    • impact: If the flood limit profile is configured appropriately for the environment, this alarm can indicate a possible DDOS attack and may impact application traffic due to resource exhaustion.

 

Environment

VMware NSX

Resolution

 

Resolution

    • Maintenance window required for remediation: no
    • Steps to resolve:

      • Review the current flood limit profile for the protocol (TCP, UDP, ICMP, Other) on NSX Manager and ensure they are configured appropriately for the environment.

      • Find the sources of the flood generation and remove the possible sources of attacks.

 

Powered by Wolken Software