Configuring a TCP SYN flood protection policy
TCP SYN flood protection is a global setting to protect all virtual server traffic from SYN flood attack. After the SYN Cookie option is enabled, each virtual server will monitor SYN rate. If the average SYN rate in 10 seconds exceeds Maximum Half-Open Sockets, it will perform SYN Cookie on all subsequent new connections (SYN packets) of this virtual server until the rate drops to below Maximum Half-Open Sockets.
Before you begin:
- You must have Read-Write permission for Security settings.
To configure a TCP SYN Flood Protection policy:
- Go to DoS Protection > Networking> TCP SYN Flood Protection.
- Click Edit to display the configuration editor.
Complete the configuration.
Enable/disable syn flood protection.
Maximum Half-Open Sockets
If the average half-open connection rate in 10 seconds for each VS exceeds this setting, it will enable SYN Cookie for all new following TCP connections for this virtual server. If the average rate drops to below this, it will disable SYN Cookie for this virtual server.
- Save the configuration.