Tuning SYN Protection Parameters

The changes to the tuning configuration take effect after a device reset.

To configure the SYN Protection tuning parameters

1.	Select Services > Tuning > SYN Protection. The SYN Protection Tuning pane is displayed.

2.	In the relevant After Reset fields, configure the parameters; and then, click Set.

 

Table 29: SYN Protection Tuning Parameters

Parameter	Description
SYN Protection Table	The number of entries in the SYN Protection Table, which stores data regarding the delayed binding process. An entry in the table exists from the time the client completes the handshake until the handshake is complete. Values: 10 – 1,000,000 Default: 16,384
SYN Protection Requests Table	The number of entries in SYN Protection Requests Table, which stores the ACK or data packet that the client sends, until the handshake with the server is complete and the packet is sent to the server. Values: 1 – 32,000 Default: 100 Note: The Request Table and the SYN Protection Table must be about the same size. The value for the SYN Protection Triggers Table should be much smaller.
SYN Protection Triggers Table	The number of entries in SYN Protection Triggers Table, which stores the active triggers — that is, the destination IPs/ports on which the devices identifies an ongoing attack. Values: 10 – 100,000 Default: 16,384
SYN Protection Policies Table	The number of entries in the SYN Protection Policies Table, which stores policies that control the SYN protection behavior for different types of traffic. Values: 16 – 4096 Default: 64
ACK reflection IPs Table	The number of entries in the ACK Reflection IPs Table. The table stores the number of SYN packets per second for the sampled and monitored source IP addresses. Values: 10 – 100,000 Default: 16,384
SYN Protection Attack Detection Entries	The maximum number of SYN Protection Attack Detection Entries. Values: 10 – 1,000,000 Default: 16,384
SYN Statistics Entries	The maximum number of SYN Statistics Entries. Values: 1 – 1000 Default: 10