Start a conversation Sign in
Start a conversation
  1. NewNet
  2. NewNet Articles
  3. Articles

Resolving SMS Blocking Issues with Firewall Advanced Filters (FAF)

Overview

The Bulk feature in the Firewall Advanced Filters (FAF) is not blocking SMS messages as expected. The configuration with a low threshold and small window size leads to aggressive blocking behavior. Adjusting the Bulk filter settings and using a volume filter with a threshold of 5 messages per minute and a blacklist duration of 1 day resolves the issue.

Information

Issue: Bulk feature in FAF not blocking SMS messages as expected

Resolution Steps:

  1. Review Current Configuration:
    • Check the current Bulk filter settings:
      • Filter Name: block sim box
      • Type: Bulk
      • Field: orig
      • Threshold: 1
      • Window Size: 5
      • ExpirationPeriod: 30
  2. Adjust Bulk Filter Settings:
    • Increase the Threshold to a more reasonable number based on normal traffic patterns, e.g., 20 or higher.
    • Increase the Window Size to allow for temporary bursts of messages, e.g., between 10 and 30.
  3. Implement Volume Filter:
    • Set Volume Threshold to 5 messages.
    • Set Time Window (Period) to 60 seconds.
    • Enable Auto Blacklist.
    • Set Blacklist Duration to 86400 seconds (1 day).
  4. Verify Configuration:
    • Test the new configuration by sending SMS messages and observing the blocking behavior.
    • Confirm that the system blocks messages as expected when the threshold is exceeded.

Note: The Auto Blacklist feature requires separate provisioning and licensing. Ensure it is enabled and licensed in your setup.

Frequently Asked Questions

How do I know if the Bulk feature is not working as expected?
If SMS messages are not being blocked according to your configuration, or if the blocking behavior is inconsistent, it may indicate an issue with the Bulk feature settings.
What are the recommended settings for the Bulk filter?
Increase the Threshold to a reasonable number based on traffic patterns, and adjust the Window Size to allow for temporary message bursts. Consider using a volume filter for stricter control.
How can I block an originator that sends more than 5 messages in a minute?
Use a volume filter with a Volume Threshold of 5 messages, a Time Window of 60 seconds, and enable Auto Blacklist with a duration of 1 day.
Is the Auto Blacklist feature included with the Bulk FAF?
The Auto Blacklist is a separate component that requires provisioning and licensing. Ensure it is enabled and licensed in your setup.
Choose files or drag and drop files
ai_initiated
atlas_studio
kb_automation
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted

Comments