Define SYN Rate Protection
The SYN Rate Protection page enables limiting the number of SYN packets received on the ingress port. This can mitigate the effect of a SYN flood against servers, by rate limiting the number of new connections.
To define SYN rate protection:
- Click Security > Denial of Service Prevention > SYN Rate Protection. The SYN Rate Protection page displays.
This page displays the SYN rate protection currently defined per interface.
- Click Add. The Add SYN Rate Protection page displays.
- Enter the parameters.
- Interface--Select the interface on which the rate protection is being defined.
- IP Address--Enter the IP address for which the SYN rate protection is defined or select All Addresses. If you enter the IP address, enter either the mask or prefix length.
- Network Mask--Select the format for the subnet mask for the source IP address, and enter a value in one of the field:
- SYN Rate Limit--Enter the number of SYN packets that be received.
- Click Apply. The SYN rate protection is defined, and the Running Configuration is updated.