'fwaccel synatk config' and 'fwaccel6 synatk config'

Description

Shows the current Accelerated SYN Defender configuration.

Syntax for IPv4

fwaccel synatk config

Syntax for IPv6

fwaccel6 synatk config

Example

[Expert@MyGW:0]# fwaccel synatk config

enabled 0

enforce 1

global_high_threshold 10000

periodic_updates 1

cookie_resolution_shift 6

min_frag_sz 80

high_threshold 5000

low_threshold 1000

score_alpha 100

monitor_log_interval (msec) 60000

grace_timeout (msec) 30000

min_time_in_active (msec) 60000

[Expert@MyGW:0]#

Description of Configuration Parameters

Parameter	Description
`enabled`	Shows if the Accelerated SYN Defender is enabled or disabled. Valid values: 0 (disabled), 1 (enabled) Default: 0
`enforce`	When the Accelerated SYN Defender is enabled, shows it enforces the protection. Valid values: 0 - The Accelerated SYN Defender is in Monitor (Detect only) mode on all interfaces. 1 - The Accelerated SYN Defender is engaged only on external interfaces when the number of half-open TCP connections exceeds the threshold. 2 - The Accelerated SYN Defender is engaged on both external and internal interfaces when the number of half-open TCP connections exceeds the threshold.
`global_high_threshold`	Global high attack threshold number. See the '`fwaccel synatk -t <Threshold>`' and '`fwaccel6 synatk -t <Threshold>`' commands.
`periodic_updates`	For internal Check Point use only. Valid values: 0 (disabled), 1 (enabled) Default: 1
`cookie_resolution_shift`	For internal Check Point use only. Valid values: 1-7 Default: 6
`min_frag_sz`	During the TCP SYN Flood attack, the Accelerated SYN Defender prevents TCP fragments smaller than this minimal size value. Valid values: 80 and greater Default: 80
`high_threshold`	High attack threshold number. See the '`fwaccel synatk -t <Threshold>`' and '`fwaccel6 synatk -t <Threshold>`' commands.
`low_threshold`	Low attack threshold number. See the '`fwaccel synatk -t <Threshold>`' and '`fwaccel6 synatk -t <Threshold>`' commands.
`score_alpha`	For internal Check Point use only. Valid values: 1-127 Default: 100
`monitor_log_interval (msec)`	Interval, in milliseconds, between successive warning logs in the Monitor (Detect only) mode. Valid values: 1000 and greater Default: 60000
`grace_timeout (msec)`	Maximal time, in milliseconds, to stay in the Grace state (which is a transitional state between Ready and Active ). In the Grace state, the Accelerated SYN Defender stops challenging Clients for TCP SYN Cookie, but continues to validate TCP SYN Cookies it receives from Clients. Valid values: 10000 and greater Default: 30000
`min_time_in_active (msec)`	Minimal time, in milliseconds, to stay in the Active mode. In the Active mode, the Accelerated SYN Defender is actively challenging TPC SYN packets with SYN Cookies. Valid values: 10000 and greater Default: 60000