Dynamic Defense; Table 18: Ucm6100 Firewall Dynamic Defense - Grandstream Networks UCM6100 Series User Manual


Click on to edit the rule

Click on to delete the rule

DYNAMIC DEFENSE

Dynamic defense is supported on the UCM6100 series. It can blacklist hosts dynamically when the LAN
mode is set to "Route" under web GUI->Settings->Network Settings->Basic Settings page. If enabled,
the traffic coming into the UCM6100 can be monitored, which helps prevent massive connection attempts
or brute force attacks to the device. The blacklist can be created and updated by the UCM6100 firewall,
which will then be displayed in the web page. Please refer to the following table for dynamic defense
options on the UCM6100.
Dynamic Defense
Enable
Periodical Time
Interval
Blacklist Update
Interval
Connection
Threshold
Dynamic Defense
Whitelist
The following figure shows a configuration example like this:

If a host at IP address 192.168.40.7 initiates more than 20 TCP connections to the UCM6100 within 1
minute, it will be added into UCM6100 blacklist.

This host 192.168.40.7 will be blocked by the UCM6100 for 300 seconds.
Firmware Version 1.0.10.39

Table 18: UCM6100 Firewall Dynamic Defense

Enable dynamic defense. The default setting is disabled.
Configure the dynamic defense periodic time interval (in minutes). If the
number of TCP connections from a host exceeds the connection threshold
within this period, this host will be added into Blacklist. The valid value is
between 1 and 59 when dynamic defense is turned on. The default setting is
59.
Configure the blacklist update time interval (in seconds). The default setting is
120.
Configure the connection threshold. Once the number of connections from the
same host reaches the threshold, it will be added into the blacklist. The default
setting is 100.
Configure the dynamic defense whitelist.
For example,
192.168.1.3
192.168.1.4
UCM6100 Series IP PBX User Manual Page 73 of 331