To expand on Gunter's answer, signatures/protections with a Performance Impact rating of Critical are never enabled by default or via automatic profile-based action, they must be manually enabled by the administrator. In R80.10 and earlier enabling this protection would cause almost all traffic traversing the gateway into the F2F path which frankly made it unusable in most scenarios. Even though SYN Attack enforcement is now performed by sim/SecureXL in R80.20 and no longer has this nasty effect, the protection is still sporting the "Critical" performance impact in the SmartConsole. It *probably* should be changed to "Low" now that R80.10 and earlier is no longer supported.
Bottom line is as long as all your gateways are running at least R80.20 enabling this SYN Attack protection should not cause a major performance impact regardless of the Critical rating currently shown in the SmartConsole.
Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com