Table of Contents
Expand all | Collapse all
-
- Tap Interfaces
-
- Layer 2 and Layer 3 Packets over a Virtual Wire
- Port Speeds of Virtual Wire Interfaces
- LLDP over a Virtual Wire
- Aggregated Interfaces for a Virtual Wire
- Virtual Wire Support of High Availability
- Zone Protection for a Virtual Wire Interface
- VLAN-Tagged Traffic
- Virtual Wire Subinterfaces
- Configure Virtual Wires
- Configure an Aggregate Interface Group
- Configure Bonjour Reflector for Network Segmentation
- Use Interface Management Profiles to Restrict Access
-
- DNS Overview
- DNS Proxy Object
- DNS Server Profile
- Multi-Tenant DNS Deployments
- Configure a DNS Proxy Object
- Configure a DNS Server Profile
- Use Case 1: Firewall Requires DNS Resolution
- Use Case 2: ISP Tenant Uses DNS Proxy to Handle DNS Resolution for Security Policies, Reporting, and Services within its Virtual System
- Use Case 3: Firewall Acts as DNS Proxy Between Client and Server
- DNS Proxy Rule and FQDN Matching
-
- NAT Rule Capacities
- Dynamic IP and Port NAT Oversubscription
- Dataplane NAT Memory Statistics
-
- Translate Internal Client IP Addresses to Your Public IP Address (Source DIPP NAT)
- Enable Clients on the Internal Network to Access your Public Servers (Destination U-Turn NAT)
- Enable Bi-Directional Address Translation for Your Public-Facing Servers (Static Source NAT)
- Configure Destination NAT with DNS Rewrite
- Configure Destination NAT Using Dynamic IP Addresses
- Modify the Oversubscription Rate for DIPP NAT
- Reserve Dynamic IP NAT Addresses
- Disable NAT for a Specific Host or Interface
-
- Network Packet Broker Overview
- How Network Packet Broker Works
- Prepare to Deploy Network Packet Broker
- Configure Transparent Bridge Security Chains
- Configure Routed Layer 3 Security Chains
- Network Packet Broker HA Support
- User Interface Changes for Network Packet Broker
- Limitations of Network Packet Broker
- Troubleshoot Network Packet Broker
-
- Enable Advanced Routing
- Logical Router Overview
- Configure a Logical Router
- Create a Static Route
- Configure BGP on an Advanced Routing Engine
- Create BGP Routing Profiles
- Create Filters for the Advanced Routing Engine
- Configure OSPFv2 on an Advanced Routing Engine
- Create OSPF Routing Profiles
- Configure OSPFv3 on an Advanced Routing Engine
- Create OSPFv3 Routing Profiles
- Configure RIPv2 on an Advanced Routing Engine
- Create RIPv2 Routing Profiles
- Create BFD Profiles
- Configure IPv4 Multicast
- Create Multicast Routing Profiles
- Create an IPv4 MRoute
UDP
User Datagram Protocol (UDP) (RFC 768) is another main
protocol of the IP suite, and is an alternative to TCP. UDP is stateless
and connectionless in that there is no handshake to set up a session,
and no connection between the sender and receiver; the packets may
take different routes to get to a single destination. UDP is considered
an unreliable protocol because it does not provide acknowledgments,
error-checking, retransmission, or reordering of datagrams. Without the
overhead required to provide those features, UDP has reduced latency
and is faster than TCP. UDP is referred to as a best-effort protocol
because there is no mechanism or guarantee to ensure that the data
will arrive at its destination.
A UDP datagram is encapsulated in an IP packet. Although UDP
uses a checksum for data integrity, it performs no error checking
at the network interface level. Error checking is assumed to be
unnecessary or is performed by the application rather than UDP itself.
UDP has no mechanism to handle flow control of packets.
UDP is often used for applications that require faster speeds
and time-sensitive, real-time delivery, such as Voice over IP (VoIP),
streaming audio and video, and online games. UDP is transaction-oriented,
so it is also used for applications that respond to small queries
from many clients, such as Domain Name System (DNS) and Trivial
File Transfer Protocol (TFTP).
You can use Zone Protection Profiles on the firewall to configure flood protection and thereby
specify the rate of UDP connections per second (not matching an
existing session) that trigger an alarm, trigger the firewall to
randomly drop UDP packets, and cause the firewall to drop UDP packets
that exceed the maximum rate. (Although UDP is connectionless, the
firewall tracks UDP datagrams in IP packets on a session basis;
therefore if the UDP packet doesn’t match an existing session, it
is considered a new session and it counts as a connection toward
the thresholds.)