- You increase the Maximum concurrent UDP sessions per IP address flood mitigation setting significantly on a server that is running Microsoft Forefront Threat Management Gateway 2010.
- Many clients in the exception list send lots of UDP packets to the Threat Management Gateway server.
In this scenario, you may experience an increase in the number of backlogged packets that are waiting to be processed. This could cause the queue of UDP traffic to lead to other alerts, such as a "SYN Attack" being triggered.
Note You can monitor the number of backlogged packets by looking at the following Performance Monitor counter:
- Forefront TMG Firewall Packet Engine
- Backlogged Packets
Article ID: 2654585 - Last Review: Jan 11, 2012 - Revision: 1