fwaccel synatk

Description

The fwaccel synatk and fwaccel6 synatk commands control the Accelerated SYN Defender on the Security Group

Important:

  • The same SecureXL command must run on all Security Group Members.

    Therefore, you must run the SecureXL commands in either Gaia gClish, or Expert mode.

    • In Gaia gClish, run the "fwaccel ..." and "fwaccel6 ..." commands.

    • In the Expert mode, run the "g_fwaccel ..." and "g_fwaccel6 ..." commands.

  • When you add a new Security Group Member to a Security Group, the new Security Group Member pulls the "fwaccel synatk" configuration that you saved it in a configuration file - in the default file $FWDIR/conf/synatk.conf, or in the file specified with the "fwaccel synatk -c" command.

Syntax for IPv4

fwaccel synatk

      -a

      -c <options>

      -d

      -e

      -g

      -m

      -t <options>

      config

      monitor <options>

      state <options>

      whitelist <options>

Syntax for IPv6

fwaccel6 synatk

      -a

      -c <options>

      -d

      -e

      -g

      -m

      -t <options>

      config

      monitor <options>

      state <options>

      whitelist <options>

Parameters

Parameter

Description

No Parameters

Shows the applicable built-in usage.

-a

Applies the configuration from the default file.

See fwaccel synatk -a.

-c <options>

Applies the configuration from the specified file.

See fwaccel synatk -c <Configuration File>.

-d

Disables the Accelerated SYN Defender on all interfaces.

See fwaccel synatk -d.

-e

Enables the Accelerated SYN Defender on interfaces with topology "External".

Enables the Accelerated SYN Defender in Monitor (Detect only) mode on interfaces with topology "Internal".

See fwaccel synatk -e.

-g

Enables the Accelerated SYN Defender on all interfaces.

See fwaccel synatk -g.

-m

Enables the Accelerated SYN Defender in Monitor (Detect only) mode on all interfaces.

In this state, the Accelerated SYN Defender only sends a log when it recognizes a TCP SYN Flood attack.

See fwaccel synatk -m.

-t <options>

Configures the threshold numbers of half-opened TCP connections that trigger the Accelerated SYN Defender.

See fwaccel synatk -t <Threshold>.

config

Shows the current Accelerated SYN Defender configuration.

See fwaccel synatk config.

monitor <options>

Shows the Accelerated SYN Defender status.

See fwaccel synatk monitor.

state <options>

Controls the Accelerated SYN Defender states.

See fwaccel synatk state.

whitelist <options>

Controls the Accelerated SYN Defender whitelist.

See fwaccel synatk whitelist.