-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
How to configure syn-flood-protection-mode via ssh using Putty
03/26/2020 
15 People found this article helpful
484,969 Views
Description
How to configure syn-flood-protection-mode via ssh using Putty
Resolution
Scenario: How to configure syn-flood-protection-mode via ssh using Putty
Procedure
admin@C0EAE46CD900> config
config(C0EAE46CD900)# tcp
(config-tcp)# ?
TCP Commands:
- enforce-strict-compliance Strict compliance with RFC 793 and RFC 1122
- syn-attack-threshold Set Attack threshold (incomplete connection attempts / second).
- syn-flood-protection-mode Set TCP Syn Flood Protection Mode.
1. (config-tcp)#enforce-strict-compliance
Description:
Enforce strict TCP compliance with RFC 793 and RFC 1122 Select to ensure strict compliance with several TCP timeout rules. This setting maximizes TCP security, but it may cause problems with the Window Scaling feature for Windows Vista users.
2. (config-tcp)# syn-attack-threshold <5..200000>
Where:
<5..200000> = Integer in the form: D OR 0xHHHHHHHH
Example: 123
Example:
syn-attack-threshold 300
Description:
The SYN Attack Threshold configuration options provide limits for SYN Flood activity before the device drops packets. The device gathers statistics on WAN TCP connections, keeping track of the maximum and average maximum and incomplete WAN connections per second. Out of these statistics, the device suggests a value for the SYN flood threshold. Note the two options in the section:
3. (config-tcp)# syn-flood-protection-mode
Description:
SYN/RST/FIN Flood protection helps to protect hosts behind the SonicWall from Denial of Service (DoS) or Distributed DoS attacks that attempt to consume the host's available resources by creating one of the following attack mechanisms: A SYN Flood Protection mode is the level of protection that you can select to defend against half-opened TCP sessions and high-frequency SYN packet transmissions. This feature enables you to set three different levels of SYN Flood Protection:
Watch and Report Possible SYN Floods This option enables the device to monitor SYN traffic on all interfaces on the device and to log suspected SYN flood activity that exceeds a packet count threshold. The feature does not turn on the SYN Proxy on the device so the device forwards the TCP three-way handshake without modification. This is the least invasive level of SYN Flood protection. Select this option if your network is not in a high risk environment.
Proxy WAN Client Connections When Attack is suspected This option enables the device to enable the SYN Proxy feature on WAN interfaces when the number of incomplete connection attempts per second surpasses a specified threshold. This method ensures the device continues to process valid traffic during the attack and that performance does not degrade. Proxy mode remains enabled until all WAN SYN flood attacks stop occurring or until the device blacklists all of them using the SYN Blacklisting feature. This is the intermediate level of SYN Flood protection. Select this option if your network experiences SYN Flood attacks from internal or external sources.
Always Proxy WAN Client Connections � This option sets the device to always use SYN Proxy. This method blocks all spoofed SYN packets from passing through the device. Note that this is an extreme security measure and directs the device to respond to port scans on all TCP ports because the SYN Proxy feature forces the device to respond to all TCP SYN connection attempts. This can degrade performance and can generate a false positive. Select this option only if your network is in a high risk environment.
Function Choices:
always-proxy Always Proxy WAN client connections.
proxy-suspect-attack Proxy WAN client connections when attack is suspected.
watch-and-report Watch and report possible SYN floods
Example:
(config-tcp)# syn-flood-protection-mode always-proxy
(config-tcp)# commit
(config-tcp)# commit
% Applying changes...
% Changes made.
(config-tcp)# end
Related Articles
- How to Block Google QUIC Protocol on SonicOSX 7.0?
- How to block certain Keywords on SonicOSX 7.0?
- How internal Interfaces can obtain Global IPv6 Addresses using DHCPv6 Prefix Delegation
Categories
- Firewalls > TZ Series
- Firewalls > SonicWall SuperMassive E10000 Series
- Firewalls > SonicWall SuperMassive 9000 Series
- Firewalls > SonicWall NSA Series
YES
NO