fwaccel synatk -t <Threshold>

Description

The "fwaccel synatk -t <Threshold>" and "fwaccel6 synatk -t <Threshold>" commands configure the threshold numbers of half-opened TCP connections that trigger the Accelerated SYN Defender.

Notes:

  • This command:

    1. Modifies the default configuration file $FWDIR/conf/synatk.conf, or the configuration file specified with the "-c" parameter.

    2. Loads the modified file.

  • Threshold values are independent for IPv4 and IPv6.

Syntax for IPv4

fwaccel synatk -t <Threshold>

Syntax for IPv6

fwaccel6 synatk -t <Threshold>

Thresholds

  • The Global high attack threshold number is configured to the specified value <Threshold>.

    This is the number of half-open TCP connections on all interfaces required for the Accelerated SYN Defender to engage.

    • Valid values: 100 and greater

    • Default: 10000

  • The High attack threshold number is configured to 1/2 of the specified value <Threshold>.

    This is the high number of half-open TCP connections on an interface required for the Accelerated SYN Defender to engage.

    • Valid values: (Low attack threshold) < (High attack threshold) <= (Global high attack threshold)

    • Default: 5000

  • The Low attack threshold number is configured to 1/10 of the specified value <Threshold>.

    This is the low number of half-open TCP connections on an interface required for the Accelerated SYN Defender to engage.

    • Valid values: 10 and greater

    • Default: 1000