edited: Corrected the post.
Below Destination IP can be multicast address or it is just unicast address?
Use the UDP flood IDS option to protect against UDP flood attacks. A UDP flood attack occurs when an attacker sends IP packets containing a UDP datagram with the purpose of slowing down the resources, such that valid connections can no longer be handled.
The threshold value defines the number of UDP packets per second allowed to ping the same destination IP address. When the number of packets exceeds this value within any 1-second period, the device generates an alarm and drops subsequent packets for the remainder of that second.
The article specifies that it is for ScreenOS. SRX does not run ScreenOS.
Fixed the post.
The SRX will check for a value on the Destination Address field in the IP header, it doesnt matter if it is a unicast IP address or a multicast IP addresss. With that info it determines the destination of the packets and if the number of packets destined to a specific value (destination address) exceeds the configured threshold in 1 second then the packets are dropped:
Are you expecting multicast traffic? If so, where is the firewall placed? Just for my understanding
Multicast SRC-----SRX-------Switched network------RP-------Listener
SRX is PIM enabled, all ports onSRX are layer 3 ports.
Default value for UDP Screen DDOS protection is 1000 packets per second per destination. That also means is SRX sends 1000 packets per second per group , SRX will drop packet.