I wanted to pass along a strange issue I've been seeing since the introduction of probably v9.310.
When we would use Apple's FaceTime to talk to various people, we would notice that the video would skip probably every 10 seconds for 1 second. Audio would not skip out. We would often get poor connection reported on one or both sides.
I am now on v9.312-8 and still seeing the issue, but I finally found it today:
2015:06:11-17:25:43 box ulogd[5694]: id="2105" severity="info" sys="SecureNet" sub="ips" name="UDP flood detected" action="UDP flood" fwrule="60013" initf="wlan0" srcmac="xx:xx:xx:xx:xx:xx" dstmac="xx:xx:xx:xx:xx:xx" srcip="x.x.x.x" dstip="***.***.***.***" proto="17" length="1406" tos="0x00" prec="0x00" ttl="64" srcport="16402" dstport="47109"
So it was the UDP flood protection component of the IPS that was the culprit. I initially turned it off in the middle of a FaceTime call and the issue immediately went away.
I tried another test and turned IPS : UDP flood protection back on, this time increasing the flood threshold to source packets/sec=500, destination packets/sec=1000 (default is src=100/dest=200), and that seemed to do the trick. I might ratchet it down to a lower amount later, but I feel like those numbers would still catch a major malicious event.
Hope this helps someone else seeing FaceTime skipping with their UTM v9.3
This thread was automatically locked due to age.
