How to Determine the Number of Rejected Non-SYN TCP Packets
Resolution
To check the current setting (default value=true)
> show session info | match non-SYN
TCP - reject non-SYN first packet: True
To enable the rejection of Non-SYN TCP packets, run the following CLI command:
> set session tcp-reject-non-syn yes
Note: The above command will not be permanent unless issued from the configuration mode. To configure permanently, see the configuration command below:
To make the change permanent, issue the following command in configuration mode:
# set deviceconfig setting session tcp-reject-non-syn yes
To monitor the packet drops, run the following commands:
> show counter global filter delta yes packet-filter yes | match syn
> show counter global filter delta yes packet-filter yes | match drop
owner: panagent