Dynamic Defense; Table 14: Ucm6510 Firewall Dynamic Defense - Grandstream Networks UCM6510 User Manual

Dynamic Defense

On the Dynamic Defense page, users can configure the UCM to monitor incoming TCP connections and
prevent excessive traffic from hosts. The UCM must have "Route" configured in the System
SettingsNetwork SettingsBasic Settings page. The blacklist on this page is automatically updated.
The following options are available:
Dynamic Defense
Toggle dynamic defense on and off. This is disabled by default.
Enable
Configure the blacklist update time interval (in seconds). The default setting is
120. This defines how long the IP will be blocked once added into the UCM6510
Blacklist Update
blacklist.
Interval
For example, if set to "300", blocked IP addresses will not be able to establish
TCP connections with the UCM until after 300 seconds have passed.
Configure the connection threshold. Once a host exceeds this threshold, it will
Connection
be added to the blacklist. Default setting is 100.
Threshold
Reviewer Note: the "Periodic Time Interval" option is no longer available.
Allowed IPs and ports range, multiple IP addresses and port range.
Dynamic Defense For example:
Whitelist 192.168.5.100
192.168.5.200 1500:2000
The following figure shows a configuration example like this:

If a host at IP address 192.168.5.7 initiates more than 20 TCP connections to the UCM6510, it will be
added into UCM6510 blacklist.

This host 192.168.5.7 will be blocked by the UCM6510 for 5000 seconds.

Since IP range 192.168.5.100-192.168.5.200 is in whitelist, if host initiates more than 20 TCP
connections to the UCM6510, it will not be added into UCM6510 blacklist. It can still establish TCP
connection with the UCM6510.

Table 14: UCM6510 Firewall Dynamic Defense

UCM6510 IP PBX User Manual
Version 1.0.20.31
P a g e | 80