You can configure a TCP Split Handshake Drop in a Zone Protection profile to prevent TCP sessions from being established unless they use the standard three-way handshake. This task assumes that you assigned a security zone for the interface where you want to prevent TCP split handshakes from establishing a session.
Configure a Zone Protection Profile to Prevent TCP Split Handshake Sessions
Configure a Zone Protection profile to prevent TCP sessions that use anything other than a three-way handshake to establish a session. Select Network > Network Profiles > Zone Protection and click Add to create a new profile (or select an existing profile). If creating a new profile, enter a Name for the profile and an optional Description. Select Packet Based Attack Protection > TCP Drop and select Split Handshake. Click OK.
Apply the profile to one or more security zones. Select Network > Zones and select the zone where you want to assign the zone protection profile. In the Zone window, from the Zone Protection Profile drop-down, select the profile you configured in the previous step. Alternatively, you could start creating a new profile here by clicking Zone Protection Profile, in which case you would continue accordingly. Click OK. ( Optional ) Repeat steps 1-3 to apply the profile to additional zones.
Save the configuration. Click OK and Commit.

Related Documentation