You can configure a TCP
Split Handshake Drop in a Zone Protection profile to prevent
TCP sessions from being established unless they use the standard
three-way handshake. This task assumes that you assigned a security
zone for the interface where you want to prevent TCP split handshakes
from establishing a session.
Configure a Zone Protection profile to prevent
TCP sessions that use anything other than a three-way handshake
to establish a session.
Select
Network
Network Profiles
Zone Protection
and
Add
a
new profile (or select an existing profile).
If creating a new profile, enter a
Name
for
the profile and an optional
Description
.
Select
Packet Based Attack
Protection
TCP Drop
and
select
Split Handshake
.
Click
OK
.
Apply the profile to one or more security zones.
Select
Network
Zones
and select the zone where
you want to assign the zone protection profile.
In the Zone window, from the
Zone Protection
Profile
list, select the profile you configured in the
previous step.
Alternatively, you could start creating a new profile here
by clicking
Zone Protection Profile
, in which
case you would continue accordingly.
Click
OK
.
(
Optional
) Repeat steps 1-3 to apply the
profile to additional zones.
