Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

tcp syn attack


I have fwsm firewall with ver 3.2. I have a few questions regarding tcp intercept feature.

1) Do I have to configure TCP intercept or it is enabled by default?

2) is feature "tcp intercept" done in hardware of software?

3) It is mentioned in documentation that fwsm uses syn cookies algorithm with tcp intercept. how this algorithm actualy works?

4) If there is an attack to one server on IP does firewall trigger TCP intercept feature only when embrionic limit is reached for this IP or this limit is cumulative value for all IP address on all subnets on all high security interfaces?

5) when TCP intercepts is activated does firewall proxy TCP syn requests only for attacked IPs (i.e. or it proxies TCP syn request for all IP address on the firewall?

I can't find any documentation regarding this feature, and I don't want to implement it without knowing its behavior so I would be geatfull if anyone can help me with this.

Thanks in advance.

CreatePlease to create content