today already at 95- tcp or udp port scans, few lan-side floods and a few . 1 ip fragmented packet... is this normal, some days it alot higher,
I'd need to look at the lots, a lot of these could be false hits. However, depending on company size/profile, configuration of the UTM, and other factors - it's not abnormal. My home network routinely repulses between 10,000-20,000 attacks, injections, and scans a week. It depends on what device I use, if I swap to a ZyXEL USG210, the number rises significantly because it hits on almost everything. Untangle isn't chatty, but still protective, but Untangle doesn't bother you with 'stuff' that doesn't find a point of attack or vector, so it appears quiet, when in reality it's saving you headaches/worry. Ciscos can be very chatty, Fortigate's tend to not be chatty, and if they hit you know it's a precise attack with IPS Sig.