UDP traffic analyzed in L4 traffic monitor?

info0000368 · ‎01-31-2014

Dear all,

I just wonder if anyone knows whether UDP traffic is analyzed by the WSA's L4 traffic monitor?

It just tells "all ports" in the settings and reports also only reflect port numbers but no details like

which protocol (tcp/udp).

Anyone?

Best,

Hascha

Vance Kwan · ‎02-08-2014

UDP ports will not be blocked.

The L4TM will use the T1 interface to detect traffic to destinations that are on its blacklist. Once detected, the the data interface on the WSA will send a packet with the TCP reset flag to the client to prevent a TCP connection.

I have not tested this so someone correct me if I am wrong. I am answering this based on my understanding of the L4TM feature, and how it works. Since UDP is connectionless, there is no connection for it to kill.

Now this makes me wonder about the Monitor feature though. But I am almost certain it will not block if the action is set to block.

I'll check this out when I'm in the office and will get back to you.

-Vance

Vance Kwan · ‎02-17-2014

I have confirmed that UDP traffic will not be blocked or monitored by the L4TM feature. Only TCP. Hope this helps.

-Vance

Vance Kwan · ‎03-24-2014

I stand corrected now. The L4TM does indeed block/monitor TCP and UDP (even ICMP). My previous test/setup were not valid.

-Vance