Skyline Administration Guide

System > SecureXL > SYN Defender

Notes:

In SecureXL, the name of the feature is "Accelerated SYN Defender".
In SmartConsole, the name of the applicable IPS protection is "SYN Attack".
For more information, see the Performance Tuning Administration Guide for your version > chapter "SecureXL" > section "Accelerated SYN Defender".

These metrics are available in:

R82 and higher
R81.20 Jumbo Hotfix Accumulator Take 41 and higher (PRJ-50104)
R81.10 Jumbo Hotfix Accumulator Take 131 and higher (PRJ-50103)
R81 Jumbo Hotfix Accumulator Take 99 and higher (PRJ-50102)
R80.40 Jumbo Hotfix Accumulator Take 211 and higher (PRJ-50101)

CPView Gauges

Run: cpview
From the top, click Advanced > SecureXL > Advanced > SYN-Defender.

CLI

Run this command in Gaia Clish or in the Expert mode (see the CLI Reference Guide for your version):

fwaccel synatk

Metric Information

Metric ID	Metric Description	Metric Type	Metric Units	Metric Labels	Metric Label Description
`sxl.synatk.configuration`	SYN Defender Configuration: 0 - Uninitialized 1 - Disabled 2 - Monitoring 3 - Enforcing -1 - Failed to get the state	`Gauge`	`{configuration}`
`sxl.synatk.status`	SYN Defender Status: 0 - Uninitialized 1 - Disabled 2 - Invalid 3 - Under Attack 4 - Attack has just ended 5 - Normal	`Gauge`	`{status}`
`sxl.synatk.global_high_threshold`	SYN Defender Global High Threshold.	`AsyncUpDownCounter`	`{connections}`
`sxl.synatk.interface_high_threshold`	SYN Defender Interface High Threshold.	`AsyncUpDownCounter`	`{connections}`
`sxl.synatk.low_threshold`	SYN Defender Low Threshold.	`AsyncUpDownCounter`	`{connections}`
`sxl.synatk.ifn_tab.topology`	SYN Defender Interface Topology: 0 - Excluded 1 - Internal 2 - External -1 - Failed to get the topology	`Gauge`	`{topology}`	`{'name'}`	`name` The name of the network interface.
`sxl.synatk.ifn_tab.state`	SYN Defender state on an interface: 0 - Disabled 1 - Monitor 2 - Ready 3 - Active 4 - Grace -1 - Failed to get the state	`Gauge`	`{state}`	`{'name'}`	`name` The name of the network interface.
`sxl.synatk.ifn_tab.duration`	SYN Defender Active/Grace Duration.	`Gauge`	`{time}`	`{'name'}`	`name` The name of the network interface.
`sxl.synatk.ifn_tab.non_established`	Number of SYN Defender Half-Open Connections.	`AsyncUpDownCounter`	`{connections}`	`{'name'}`	`name` The name of the network interface.
`sxl.synatk.ifn_tab.sent_cookies`	Number of SYN Defender Sent Cookies.	`AsyncCounter`	`{cookies}`	`{'name'}`	`name` The name of the network interface.
`sxl.synatk.ifn_tab.succ_validations`	Number of SYN Defender Successful Validations.	`AsyncCounter`	`{validations}`	`{'name'}`	`name` The name of the network interface.

18 March 2025

© 2022 - 2025 Check Point Software Technologies Ltd.