Fortinet white logo
Fortinet white logo

Hyperscale Firewall Guide

ple-non-syn-tcp-action {drop | forward}

ple-non-syn-tcp-action {drop | forward}

You can use this command to protect a FortiGate with NP7 processors from non-SYN TCP attacks:

config system npu

set ple-non-syn-tcp-action {drop | forward}

end

By default this option is set to forward, and the NP7 policy lookup engine (PLE) sends TCP local-in non-SYN packets that are from TCP sessions that haven't been established to the CPU. If your FortiGate performance is affected by large numbers of local-in non-SYN packets, you can set this option to drop, causing the NP7 PLE to drop TCP local-in non-SYN packets.

ple-non-syn-tcp-action {drop | forward}

ple-non-syn-tcp-action {drop | forward}

You can use this command to protect a FortiGate with NP7 processors from non-SYN TCP attacks:

config system npu

set ple-non-syn-tcp-action {drop | forward}

end

By default this option is set to forward, and the NP7 policy lookup engine (PLE) sends TCP local-in non-SYN packets that are from TCP sessions that haven't been established to the CPU. If your FortiGate performance is affected by large numbers of local-in non-SYN packets, you can set this option to drop, causing the NP7 PLE to drop TCP local-in non-SYN packets.