Define SYN Rate Protection

The SYN Rate Protection page enables limiting the number of SYN packets received on the ingress port. This can mitigate the effect of a SYN flood against servers, by rate limiting the number of new connections.

To define SYN rate protection:

  1. Click Security > Denial of Service Prevention > SYN Rate Protection. The SYN Rate Protection page displays.
  2. This page displays the SYN rate protection currently defined per interface.

  3. Click Add. The Add SYN Rate Protection page displays.
  4. Enter the parameters.
    • Interface--Select the interface on which the rate protection is being defined.
    • IP Address--Enter the IP address for which the SYN rate protection is defined or select All Addresses. If you enter the IP address, enter either the mask or prefix length.
    • Network Mask--Select the format for the subnet mask for the source IP address, and enter a value in one of the field:
      • Mask--Select the subnet to which the source IP address belongs and enter the subnet mask in dotted decimal format.
      • Prefix Length--Select the Prefix Length and enter the number of bits that comprise the source IP address prefix.
    • SYN Rate Limit--Enter the number of SYN packets that be received.
  5. Click Apply. The SYN rate protection is defined, and the Running Configuration is updated.