- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
Check Point's Cyber Park is Now Open
Let the Games Begin!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Hi All
I looking at what we can do for basic ddos protection on our gateways, I can see the syn attack protection, but it is set to disabled by default.
Is there a reason for this? should we enable it? what are most people doing with this setting?
Cheers
In R80.20 SYN Attack moved from IPS to SXL. This is the only change. The same DDoS Best Practices remain [ described in sk112241], just with the new SYN Attack configuration [sk120476]. See the Performance Tuning Administration Guide for your version - Chapter SecureXL - Section Accelerated SYN Defender
Use this sk120476: Important changes in IPS "SYN Attack" (SYN Defender) protection for new versions hight R80.20 or sk112241: Best Practices - DDoS attacks on Check Point Security Gateway for older versions.
To expand on Gunter's answer, signatures/protections with a Performance Impact rating of Critical are never enabled by default or via automatic profile-based action, they must be manually enabled by the administrator. In R80.10 and earlier enabling this protection would cause almost all traffic traversing the gateway into the F2F path which frankly made it unusable in most scenarios. Even though SYN Attack enforcement is now performed by sim/SecureXL in R80.20 and no longer has this nasty effect, the protection is still sporting the "Critical" performance impact in the SmartConsole. It *probably* should be changed to "Low" now that R80.10 and earlier is no longer supported.
Bottom line is as long as all your gateways are running at least R80.20 enabling this SYN Attack protection should not cause a major performance impact regardless of the Critical rating currently shown in the SmartConsole.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY