Check Point VPN-1/FireWall-1

SYNDefender - which methods are supported?

AERAsec Network Services and Security GmbH

 

Platform:  all
Product: Check Point NGX, Next Generation and 4.x
Problem: Since Check Point FireWall-1 3.0 a defense mechanism against SYN Flooding can be configured. Three different methods are possible, depending on the version of Check Point.
Workaround/Fix:

This table gives an overview to the methods supported by the different versions:

Check Point VPN-1/FW-1  SYN Relay SYN Gateway passive SYN Gateway
Version 3.0 yes yes yes
Version 4.x no yes yes
Next Generation yes yes yes
Next Generation FP1/FP2 yes no yes
since Next Generation FP3 yes
(Attacks only)		 no yes
(Individual SYNs)

Next Generation FPx supports SYN Gateway in Backward Compatibility Mode for Enforcement Points 4.x only.

 

No warranty at all, your Feedback is welcome!
© 2002-2011 AERAsec Network Services and Security GmbH, last change 2007-01-02
back to http://www.vpn-1.de/aerasec/