TCP SYN flood protection is a global setting to protect all virtual server traffic from SYN flood attack. After the SYN Cookie option is enabled, each virtual server will monitor SYN rate. If the average SYN rate in 10 seconds exceeds Maximum Half-Open Sockets, it will perform SYN Cookie on all subsequent new connections (SYN packets) of this virtual server until the rate drops to below Maximum Half-Open Sockets.
config security dos tcp-synflood-protection
Set syncookie enable | disable
set max-half-open <integer>
set max-stale-timeout <integer>
Enable/disable syn flood protection
If average halfopen connection rate in 10 seconds for each VS exceeds this setting, it will enable syncookie for all new following TCP connections for this VS. If the average rate drops to bellow it, it will disable syncookie then for this VS.
config security dos tcp-synflood
set syncookie enable
Set max-half-open 1024