Configure Firewall Storm Control Policy

The firewall maintains a facility to control packet storms. Storms are packet bombardments that exceed the high threshold value configured for an interface. During a storm, packets are throttled until the rate falls below the configured rate, severely impacting performance for the site manager interface. Thresholds are configured in terms of packets per second.

To configure or modify Storm Control parameters for a Firewall policy:

Choose from the following actions:
- If you are in the process of configuring a new Firewall policy, proceed to the next step.
- If you want to modify Storm Control settings, go to Policy > Wireless Firewall > Firewall Policy, then select adjacent to the policy you want to modify. Proceed to the next step, and modify the Storm Control settings in accordance with the steps in this procedure.
Select the Storm Control tab.

Under the Settings pane, choose from the following actions:

Select Add to configure a new Storm Control policy, as described in Storm Control Policy Parameters.
Select associated with an existing policy to delete it.
Note
Storm Control policy settings cannot be modified.

Table 1. Storm Control Policy Parameters
Parameter	Description
Traffic Type	Use the drop-down list box to define the traffic type for which the Storm Control configuration applies. Options include ARP, Broadcast, Multicast, and Unicast
Interface Type	Use the drop-down list box to define the interface for which the Storm Control configuration is applied. Only the specified interface uses the defined filtering criteria. Options include Ethernet, WLAN, and Port Channel
Interface Name	Use the drop-down list box to refine the interface selection to a specific WLAN or physical port. This helps with threshold configuration for potentially impacted interfaces
Packets per Second	Type or use the spinner tool to select the packet per second between 1 to 1,000,0000

Select Add to apply Storm Control policy settings.

Under the Logging pane, choose from the following actions:

Select Add to configure a new Storm Control Logging policy, as described in Storm Control Logging Policy Parameters.
Select associated with an existing policy to delete it.
Note
Storm Control Logging policy settings cannot be modified.

Table 2. Storm Control Logging Policy Parameters
Parameter	Description
Traffic Type	Use the drop-down list box to define the traffic type for which the Storm Control logging configuration applies. Options include ARP, Broadcast, Multicast, and Unicast
Logging	Select a logging setting used for specifying the standard log level used if a Storm Control attack is detected

Select Add to apply Storm Control Logging policy settings.
Optionally, repeat the steps in this procedure to create more Storm Control policies and Storm Control Logging policies.
After you have completed configuring the settings, choose from the following actions:
1. Select Revert to restore default settings.
  
  Note
  You cannot restore default settings after applying or saving changes.
2. Select Apply to commit the configured settings.
  
  Note
  This does not permanently save the settings you configured. If you perform a Reload (warm reboot), applied settings will be lost.
3. Select Save to commit and save the configured settings.
  
  Note
  
  If you do not select Apply or Save, the settings that you configured are not saved when you move away from the configuration window.