Forum Discussion
AltostratusSyn-Flood protection
HI Guys
I've ben searching for information about syn-flood protection of f5. I know there is the this feature but i could not find many information. I searched in the :
page but it seems all these pages of f5.com are no longer there. Can anyone explain how to activate this feature or send some exhaustive link ?
device is BIG-IP 17.1.1.3 Build 0.0.5 Point Release 3
Thank You
B.R
Mario
3 Replies
The follow AFM Operations Guide may help:
Denial of Service | BIG-IP AFM operations guideYou can configure TCP SYN flood protection on a virtual server level by applying a DoS profile, or at a device level (globally). Each environment is different so you will need to adjust the threshold settings to suit yours. However, I have provided some examples below (I would strongly recommend testing this in a NON-PRODUCTION environment):
Example TCP SYN Flood Configuration for Virtual Server
create security dos profile DOS dos-network add { DOS { network-attack-vector add { tcp-syn-flood { state mitigate threshold-mode manual rate-threshold 1000 rate-limit 1000 bad-actor enabled per-source-ip-detection-pps 100 per-source-ip-limit-pps 100 } } } } modify ltm virtual <VS NAME> profiles add { DOS }Example TCP SYN Flood Configuration at Device Level
modify security dos device-config dos-device-config dos-device-vector { tcp-syn-flood { state mitigate threshold-mode manual detection-threshold-pps 10000 detection-threshold-percent infinite default-internal-rate-limit 30000 } }
MarioMonetaThank You Michael. Is it possible somehow also on F5 LTM ? i ask because i saw a line in LTM Syn-flood protection not active (or disable). So i guess something on that side could be done right ?
Hmm... maybe you're after SYN cookie protection? (which can be configured either on a VLAN level or virtual server level)
https://my.f5.com/manage/s/article/K74451051
