Showing results for 
Search instead for 
Did you mean: 
Create a Post

R80.20 - SYN Defender on SecureXL Level

I think the new feature "Accelerated SYN Defender" is a good choice to effectively prevent "SYN Flood Attack" on Check Point Gateways with enabled SecureXL.


A TCP SYN Flood attack occurs when a host, typically with a forged IP address, sends a flood of TCP [SYN] packets. Each of these TCP [SYN] packets is handled as a connection request, which causes the server to create a half-open (unestablished) TCP connection. This occurs because the server sends a TCP [SYN+ACK] packet, and waits for a response TCP packet that does not arrive. These half-open TCP connections eventually exceed the maximum available TCP connections that causes a denial of service condition. The Check Point Accelerated SYN Defender protects the Security Gateway by preventing excessive TCP connections from being created. The Accelerated SYN Defender uses TCP [SYN] Cookies (particular choices of initial TCP sequence numbers) when under a suspected TCP SYN Flood attack. Using TCP [SYN] Cookies can reduce the load on Security Gateway and on computers behind the Security Gateway. The Accelerated SYN Defender acts as proxy for TCP connections and adjusts TCP {SEQ} and TCP {ACK} values in TCP packets.


You can find more in the manual under:

  • fwaccel synatk
  • fwaccel6 synatk




2 Replies

Re: R80.20 - SYN Defender on SecureXL Level



This feature is supported by R80.20 SP in a 64000 Appliance?


Thank you



0 Kudos

Re: R80.20 - SYN Defender on SecureXL Level

Yes, Supported using “g_fwaccel synatk” command.

Note that it is supported via Gateway CLI only and not via Smart Console

0 Kudos