This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
carl_t
Contributor
‎2022-03-17 03:25 AM

Why is syn attack protection disabled on the inspection profiles by default ?

Hi All

I looking at what we can do for basic ddos protection on our gateways, I can see the syn attack protection, but it is set to disabled by default.

Is there a reason for this? should we enable it? what are most people doing with this setting?

Cheers

0 Kudos
2 Replies
G_W_Albrecht
Legend Legend
Legend
‎2022-03-17 03:59 AM

In R80.20 SYN Attack moved from IPS to SXL. This is the only change. The same DDoS Best Practices remain [ described in sk112241], just with the new SYN Attack configuration [sk120476]. See the Performance Tuning Administration Guide for your version - Chapter SecureXL - Section Accelerated SYN Defender

Use this sk120476: Important changes in IPS "SYN Attack" (SYN Defender) protection for new versions hight R80.20 or sk112241: Best Practices - DDoS attacks on Check Point Security Gateway for older versions.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2022-03-17 09:20 AM

To expand on Gunter's answer, signatures/protections with a Performance Impact rating of Critical are never enabled by default or via automatic profile-based action, they must be manually enabled by the administrator.  In R80.10 and earlier enabling this protection would cause almost all traffic traversing the gateway into the F2F path which frankly made it unusable in most scenarios.  Even though SYN Attack enforcement is now performed by sim/SecureXL in R80.20 and no longer has this nasty effect, the protection is still sporting the "Critical" performance impact in the SmartConsole.  It *probably* should be changed to "Low" now that R80.10 and earlier is no longer supported.

Bottom line is as long as all your gateways are running at least R80.20 enabling this SYN Attack protection should not cause a major performance impact regardless of the Critical rating currently shown in the SmartConsole.

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices
Self-Guided Video Series Coming Soon

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    In-Person

    Tue 07 Oct 2025 @ 09:30 AM (CEST)

    CheckMates Live Denmark!
    CheckMates Events