We use MIPS to map external iNotes (Lotus Notes Web Mail) users to email. Each MIP is working well and has an XAuth RSA configured on each policy.
External Web Browser + URL + RSA Auth + Domino Auth = Web Email
This method has been working nice for over a year, but I have noticed that our iNotes sessions are starting to trigger the SYN Flood protection on the Untrust Int.
Has anyone troubleshooted SYN Floods? Any help would be appreciated.
vactrall last edited by
JakeLaycock last edited by
OK, thanks. I will give these settings a try and post some feedback.
florent means the "SYN Flood Protection(200) on " setting must be increased.
Thanks Florent. But I don’t have a “Global Threshold” setting? Am I missing something simple? Let me know. Thanks again.
Decrease the destination threshold and increase the global threshold value
So you’re recommending that I increase our “Alarm Threshold” and decrease our “Destination Threshold” values?
Please advise. Thank you.
You have to tune a bit your settings. I can’t give you exact value since it really depends of your device and traffic. You have to put a bigger general threshold while configure lower destination threshold.
That command didn’t work, and I tried that first. Oh well. I found that in our ScreenOS version, I needed to just use “all” or end it at “screen”. I copied and pasted the SYN related info below for your review. Thanks for your help! - John
get zone untrust screen
SYN Flood Protection(200) on
Alarm Threshold: 1024
Queue Size : 10240
Timeout Value : 20
Source Threshold: 1024
Destination Threshold: 2148
Drop unknown mac (xparent mode only): off
SYN Fragment Detection on
SYN and FIN Bits Set on
FIN Bit with no ACK Bit on
SYN-ACK-ACK Proxy DoS(5) on
should be something like get zone untrust screen syn-flood
I looked around the CLI, and I was unable to bring up the current SYN Flood settings. Do you know how?
Using ScreenOS: 4.0.3r2.0
What are your SYN flood settings ?