I'm trying to configure my SRX and finding issues with UDP flood warnings from Gooogle and my voip providor. I have already raised the threshhold to 5000 and am still seeing issues. Doing some research is appears Google is using a protocol called QUIC (https://en.wikipedia.org/wiki/QUIC) which uses UDP 443 to deliver youtube. Is there a way I can whitelist traffic from the screen? I want to be able to whitelist QUIC traffic and traffic from my VoIP providor.
set zone untrust screen udp-flood ?
See if you get an option such as source-address and you may be able complete a config like this: <voip-providers-ip> threshold <15000> A value you can tweek.
I doubt that such whitelist is possible in the UDP flood though it's available for TCP SYN flood only.
You can refer below links for the details:
We cant do that. We need to increase the threshold.