How to Protect TCP Middlebox Reflection

Hi RockBD ,  
       I think F5 or WAF is vulnerable for this kind of attack , if we imagine that A " Published services " on F5 WAF is a Victim , how F5 Accept a " Syn-Ack" Packet without sending " SYN ". 
- Also I want to add that F5 is a TCP session terminator in full Proxy architectures deployments , so if hacker tried to trick F5 by spoofing ips his sessions should be dropped each time from beginning. 

At all , You will find very powerfull info for implementing Dos protection :  
https://techdocs.f5.com/en-us/bigip-14-1-0/big-ip-asm-implementations-14-1-0/preventing-dos-attacks-on-applications.html

> Or send your thoughs based on your environment to mimic it with "Middlebox Reflection" .

Thanks