Cookie Activation Threshold | Specify a maximum number of IKEv2 half-open
IKE SAs allowed per firewall, above which cookie validation is triggered.
When the number of half-open IKE SAs exceeds the Cookie Activation Threshold,
the Responder will request a cookie, and the Initiator must respond
with an IKE_SA_INIT containing a cookie. If the cookie validation
is successful, another SA session can be initiated. A value
of 0 means that cookie validation is always on. The Cookie
Activation Threshold is a global firewall setting and should be
lower than the Maximum Half Opened SA setting, which is also global
(range is 0 to 65535; default is 500). |