fwaccel synatk config

Description

The "fwaccel synatk config" and "fwaccel6 synatk config" commands show the current Accelerated SYN Defender configuration.

Syntax for IPv4

fwaccel synatk config

Syntax for IPv6

fwaccel6 synatk config

Example

[Expert@MyGW:0]# fwaccel synatk config 
enabled 0 
enforce 1 
global_high_threshold 10000 
periodic_updates 1 
cookie_resolution_shift 6 
min_frag_sz 80 
high_threshold 5000 
low_threshold 1000 
score_alpha 100 
monitor_log_interval (msec) 60000 
grace_timeout (msec) 30000 
min_time_in_active (msec) 60000 
[Expert@MyGW:0]#

Description of Configuration Parameters

Parameter	Description
`enabled`	Shows if the Accelerated SYN Defender is enabled or disabled. Valid values: 0 (disabled), 1 (enabled) Default: 0
`enforce`	When the Accelerated SYN Defender is enabled, shows it enforces the protection. Valid values: 0 - The Accelerated SYN Defender is in Monitor (Detect only) mode on all interfaces. 1 - The Accelerated SYN Defender is engaged only on external interfaces when the number of half-open TCP connections exceeds the threshold. 2 - The Accelerated SYN Defender is engaged on both external and internal interfaces when the number of half-open TCP connections exceeds the threshold.
`global_high_threshold`	Global high attack threshold number. See the fwaccel synatk -t <Threshold> command.
`periodic_updates`	For internal Check Point use only. Valid values: 0 (disabled), 1 (enabled) Default: 1
`cookie_resolution_shift`	For internal Check Point use only. Valid values: 1-7 Default: 6
`min_frag_sz`	During the TCP SYN Flood attack, the Accelerated SYN Defender prevents TCP fragments smaller than this minimal size value. Valid values: 80 and greater Default: 80
`high_threshold`	High attack threshold number. See the fwaccel synatk -t <Threshold> command.
`low_threshold`	Low attack threshold number. See the fwaccel synatk -t <Threshold> command.
`score_alpha`	For internal Check Point use only. Valid values: 1-127 Default: 100
`monitor_log_interval (msec)`	Interval, in milliseconds, between successive warning logs in the Monitor (Detect only) mode. Valid values: 1000 and greater Default: 60000
`grace_timeout (msec)`	Maximal time, in milliseconds, to stay in the Grace state (which is a transitional state between Ready and Active ). In the Grace state, the Accelerated SYN Defender stops challenging Clients for TCP SYN Cookie, but continues to validate TCP SYN Cookies it receives from Clients. Valid values: 10000 and greater Default: 30000
`min_time_in_active (msec)`	Minimal time, in milliseconds, to stay in the Active mode. In the Active mode, the Accelerated SYN Defender is actively challenging TPC SYN packets with SYN Cookies. Valid values: 10000 and greater Default: 60000