config security dos tcp-synflood-protection

TCP SYN flood protection is a global feature designed to safeguard all virtual server traffic from SYN flood attacks. When the SYN Cookie option is enabled, each virtual server monitors the SYN packet rate. If the average SYN rate over a 10-second period exceeds the configured Maximum Half-Open Sockets, SYN cookies are applied to all subsequent new connections (SYN packets) for that virtual server. SYN cookies remain enabled until the SYN rate drops below the threshold defined by Maximum Half-Open Sockets.

Syntax

config security dos tcp-synflood-protection

set syncookie {enable|disable}

set max-half-open <integer>

set exception <datasource>

end

syncookie	Enables or disables SYN flood protection using SYN cookies. When enabled, this feature helps mitigate SYN flood attacks by sending SYN cookies instead of maintaining half-open connections in the connection table.
max-half-open	Specifies the threshold for the average number of half-open TCP connections per virtual server (VS) within a 10-second window. If the average exceeds this threshold, SYN cookies are enabled for all new TCP connections to the VS. Once the average connection rate drops below this threshold, SYN cookies are disabled for the VS.
exception	Specify the DoS Exception configuration object. See config security dos exception. During periods of high SYN packet rates, FortiADC enables SYN Cookie protection to mitigate SYN flood attacks. If the source IP of a new connection matches the configured exception rule, SYN Cookie is not enforced and the connection proceeds normally.

Example

config security dos tcp-synflood

set syncookie enable

set max-half-open 1024

set exception exception_1

end